|
Log-Analyse und Auswertung: Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
27.02.2013, 17:30 | #1 |
| Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... Wie bei dem Tag beschrieben habe ich seit einigen tagen das isearch.babylon.com/?affID=113131& probleim beim öffnen eines neuen tabs in Mozilla Firefox Version 19.0 Das Problem besteht NUR beim öffnen eines neuen tabs... nicht beim Start des Browsers oder wenn ich die "Home" taste drücke. Da springt er immer ganz normal auf die eingestellte Startseite. Wäre Euch sehr verbunden wenn Ihr oder zumindest einer mir bei diesem Problem helfen könnte. Mfg Fingertab |
27.02.2013, 17:32 | #2 |
/// Malware-holic | Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
27.02.2013, 17:48 | #3 |
| Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 27.02.2013 17:36:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BlackLight\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 67,31% Memory free 7,80 Gb Paging File | 6,39 Gb Available in Paging File | 81,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445,67 Gb Total Space | 357,11 Gb Free Space | 80,13% Space Free | Partition Type: NTFS Drive D: | 19,80 Gb Total Space | 2,12 Gb Free Space | 10,71% Space Free | Partition Type: NTFS Computer Name: BLACKLIGHT-HP | User Name: BlackLight | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.27 17:33:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BlackLight\Desktop\OTL.exe PRC - [2013.02.04 17:10:10 | 000,013,824 | ---- | M] (Smartbar) -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\QuickShare.exe PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2012.06.28 16:40:52 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2012.03.05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe PRC - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe PRC - [2012.02.19 22:14:14 | 001,134,584 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe PRC - [2012.02.08 03:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.02.08 03:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.02.08 03:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe PRC - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.11.07 09:52:55 | 000,060,688 | ---- | M] (ZTE) -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe PRC - [2011.11.07 09:52:29 | 000,220,944 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe PRC - [2011.11.07 09:52:00 | 000,036,624 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe PRC - [2011.08.19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe PRC - [2010.11.21 04:24:03 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe ========== Modules (No Company Name) ========== MOD - [2013.02.13 16:02:24 | 001,842,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\7e95b379b65f904b14e472440b1092e4\System.Web.Services.ni.dll MOD - [2013.02.13 16:02:10 | 012,542,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\45babd35f29911df78d6b41801de0075\System.Windows.Forms.ni.dll MOD - [2013.02.13 16:01:51 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2013.02.04 17:10:10 | 000,023,040 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll MOD - [2013.02.04 17:10:08 | 000,036,864 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll MOD - [2013.02.04 17:10:06 | 001,575,424 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll MOD - [2013.02.04 17:10:06 | 000,007,680 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll MOD - [2013.02.04 17:07:02 | 000,650,240 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll MOD - [2013.02.04 17:06:58 | 000,040,960 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\MACTrackBarLib.dll MOD - [2013.02.04 17:06:56 | 000,051,200 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll MOD - [2013.02.04 17:06:56 | 000,044,032 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll MOD - [2013.02.04 17:06:54 | 000,073,728 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll MOD - [2013.02.04 17:06:52 | 000,062,976 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll MOD - [2013.02.04 17:06:52 | 000,018,944 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll MOD - [2013.02.04 17:06:52 | 000,013,312 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll MOD - [2013.02.04 17:06:52 | 000,006,144 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll MOD - [2013.02.04 17:06:50 | 000,012,800 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll MOD - [2013.02.04 17:06:50 | 000,007,168 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll MOD - [2013.02.04 17:06:48 | 000,012,288 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll MOD - [2013.02.04 17:06:48 | 000,009,728 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll MOD - [2013.02.04 17:06:48 | 000,007,168 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll MOD - [2013.02.04 17:06:46 | 000,074,752 | ---- | M] () -- C:\Users\BlackLight\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll MOD - [2013.01.13 11:27:04 | 000,911,432 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2013.01.13 11:27:02 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2013.01.13 11:27:01 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll MOD - [2013.01.11 22:23:08 | 001,661,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1a05479a95f137497a8484c8f5079d02\System.Drawing.ni.dll MOD - [2013.01.11 22:23:01 | 005,767,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e93ffb76caad1b906a00fd8eacbd169e\System.Xml.ni.dll MOD - [2013.01.11 22:22:58 | 001,016,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f4f86fc366beeb9f2eca14f47c30d952\System.Configuration.ni.dll MOD - [2013.01.11 22:22:56 | 008,411,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\020b37a8be18dc91962b358781fb5a42\System.ni.dll MOD - [2013.01.11 22:22:25 | 000,647,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\6417abc9f092386199cffb3dbb70cded\System.EnterpriseServices.ni.dll MOD - [2013.01.11 22:22:24 | 000,677,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\3ee04d46ea27259e500ca0d428ea3ed1\System.Transactions.ni.dll MOD - [2013.01.11 22:22:23 | 006,816,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\afc43ef40c007311c5adeb95526b383d\System.Data.ni.dll MOD - [2013.01.10 18:39:44 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\0ed1e8a88eae135e0e88471eaa2910d5\CustomMarshalers.ni.dll MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2012.03.15 23:00:34 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2011.11.07 09:52:29 | 000,220,944 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe MOD - [2011.11.07 09:52:00 | 000,036,624 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe MOD - [2011.11.07 09:43:33 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libctlsvr.dll MOD - [2011.11.07 09:39:08 | 000,099,328 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\itapi.dll MOD - [2011.11.07 09:39:01 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\audio.dll MOD - [2011.11.07 09:38:53 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libConfig.dll MOD - [2011.11.07 09:38:51 | 000,055,296 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\coder.dll MOD - [2011.11.07 09:38:49 | 000,027,136 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\log.dll MOD - [2011.05.06 04:03:32 | 000,594,944 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-1.dll MOD - [2011.05.06 04:02:40 | 000,341,504 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\sqlite3.dll MOD - [2010.11.21 04:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010.11.21 04:24:01 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.10.14 10:37:52 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libxml2.dll MOD - [2010.10.14 10:37:52 | 000,080,688 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\zlib1.dll MOD - [2009.06.10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2007.09.09 16:07:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\congstar\Internet-Manager\Bin\libexpat.dll ========== Services (SafeList) ========== SRV - [2013.02.27 14:19:51 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.20 18:47:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.08 14:41:40 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.09.27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service) SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.03.05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC) SRV - [2012.02.19 22:14:14 | 001,134,584 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher) SRV - [2012.02.08 03:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.02.08 03:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.02.08 03:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.02.16 22:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.18 03:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.11.15 02:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6) DRV:64bit: - [2012.09.12 15:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.03.15 23:22:38 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.03.15 23:22:38 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.24 04:33:18 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2012.02.24 04:33:16 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv) DRV:64bit: - [2012.02.03 21:57:58 | 001,838,656 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x) DRV:64bit: - [2012.01.17 01:21:46 | 000,675,432 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.12.06 12:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.18 02:46:36 | 003,432,000 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt2860.sys -- (RT80x86) DRV:64bit: - [2011.10.27 19:27:52 | 000,259,688 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR) DRV:64bit: - [2011.08.19 11:25:25 | 000,122,752 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser) DRV:64bit: - [2011.08.19 11:25:25 | 000,122,752 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea) DRV:64bit: - [2011.08.19 11:25:25 | 000,122,752 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm) DRV:64bit: - [2011.08.19 11:25:25 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2011.01.15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.12.15 03:46:38 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM) DRV:64bit: - [2009.12.15 03:46:30 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-4/4?satitle={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-4/4?satitle={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Ask.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CMNTDF IE - HKCU\..\SearchScopes\{A6EC9AEE-4391-4CE5-8419-167F36684096}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^HQ&apn_dtid=^YYYYYY^YY^DE&apn_uid=e4d2f666-4fc8-4b8a-a059-5efcf78f9be6&apn_sauid=F048D723-CEEF-4F8B-A389-3DFA97503EC8 IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-4/4?satitle={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=d4951ad8-5c15-460c-9973-0e740681d1a2&searchtype=ds&installDate=01/01/1970&q=" FF - prefs.js..network.proxy.backup.ftp: "192.168.14.1" FF - prefs.js..network.proxy.backup.ftp_port: 8001 FF - prefs.js..network.proxy.backup.socks: "192.168.14.1" FF - prefs.js..network.proxy.backup.socks_port: 8001 FF - prefs.js..network.proxy.backup.ssl: "192.168.14.1" FF - prefs.js..network.proxy.backup.ssl_port: 8001 FF - prefs.js..network.proxy.ftp: "192.168.14.1" FF - prefs.js..network.proxy.ftp_port: 8001 FF - prefs.js..network.proxy.http: "192.168.14.1" FF - prefs.js..network.proxy.http_port: 8001 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "192.168.14.1" FF - prefs.js..network.proxy.socks_port: 8001 FF - prefs.js..network.proxy.ssl: "192.168.14.1" FF - prefs.js..network.proxy.ssl_port: 8001 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon [2010.04.01 13:29:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 18:47:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.20 18:47:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 18:47:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.20 18:47:15 | 000,000,000 | ---D | M] [2012.12.06 11:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BlackLight\AppData\Roaming\mozilla\Extensions [2013.02.24 09:11:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BlackLight\AppData\Roaming\mozilla\Firefox\Profiles\y57gwj4e.default\extensions [2013.02.19 21:13:07 | 000,530,982 | ---- | M] () (No name found) -- C:\Users\BlackLight\AppData\Roaming\mozilla\firefox\profiles\y57gwj4e.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.14 20:02:44 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\BlackLight\AppData\Roaming\mozilla\firefox\profiles\y57gwj4e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.04 16:22:10 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\BlackLight\AppData\Roaming\mozilla\firefox\profiles\y57gwj4e.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.01.03 14:11:07 | 000,002,335 | ---- | M] () -- C:\Users\BlackLight\AppData\Roaming\mozilla\firefox\profiles\y57gwj4e.default\searchplugins\askcom.xml [2013.02.23 23:56:43 | 000,022,903 | ---- | M] () -- C:\Users\BlackLight\AppData\Roaming\mozilla\firefox\profiles\y57gwj4e.default\searchplugins\Web Search.xml [2013.02.20 18:47:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.02.20 18:47:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found. O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SetDefault] C:\Programme\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\BlackLight\AppData\Local\Smartbar\Application\QuickShare.exe (Smartbar) O4 - Startup: C:\Users\BlackLight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83F9184D-AB15-40D0-9479-91F98673FB39}: DhcpNameServer = 192.168.14.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8B8A64B-8D85-4436-8726-66137241408F}: DhcpNameServer = 192.168.3.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{981e5aad-43af-11e2-b71c-a0b3ccca627e}\Shell - "" = AutoRun O33 - MountPoints2\{981e5aad-43af-11e2-b71c-a0b3ccca627e}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\{981e5aad-43af-11e2-b71c-a0b3ccca627e}\Shell\dinstall\command - "" = F:\Directx\dxsetup.exe O33 - MountPoints2\{c3147e5d-41fc-11e2-bee7-a0b3ccca627e}\Shell - "" = AutoRun O33 - MountPoints2\{c3147e5d-41fc-11e2-bee7-a0b3ccca627e}\Shell\AutoRun\command - "" = F:\SH4Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.27 17:33:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\BlackLight\Desktop\OTL.exe [2013.02.26 10:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.02.24 16:04:52 | 000,000,000 | ---D | C] -- C:\Users\BlackLight\Documents\Meine empfangenen Dateien [2013.02.20 18:47:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.14 18:22:30 | 000,000,000 | ---D | C] -- C:\Users\BlackLight\Desktop\neuer wifi [2013.02.13 20:08:14 | 000,000,000 | ---D | C] -- C:\Users\BlackLight\AppData\Roaming\Windows Live Writer [2013.02.13 20:08:14 | 000,000,000 | ---D | C] -- C:\Users\BlackLight\AppData\Local\Windows Live Writer [2013.02.10 21:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.10 21:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.02.02 16:16:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013.02.02 15:37:13 | 000,000,000 | ---D | C] -- C:\Users\BlackLight\AppData\Roaming\TS3Client [2013.02.02 15:36:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.02.02 15:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.27 17:33:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\BlackLight\Desktop\OTL.exe [2013.02.27 17:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.27 16:53:31 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.27 16:53:31 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.27 16:53:31 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.27 16:53:31 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.27 16:53:31 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.27 16:52:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.27 06:46:01 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.27 06:46:01 | 000,031,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.27 06:38:29 | 3142,864,896 | -HS- | M] () -- C:\hiberfil.sys [2013.02.23 11:28:46 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBlackLight.job [2013.02.14 17:49:32 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2013.02.13 15:58:15 | 000,295,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.10 21:56:34 | 000,059,318 | ---- | M] () -- C:\Users\BlackLight\Documents\Picture 4.jpg [2013.02.10 21:56:18 | 000,052,991 | ---- | M] () -- C:\Users\BlackLight\Documents\Picture 3.jpg [2013.02.10 21:36:34 | 000,049,927 | ---- | M] () -- C:\Users\BlackLight\Documents\Picture 2.jpg [2013.02.10 21:36:29 | 000,051,276 | ---- | M] () -- C:\Users\BlackLight\Documents\Picture 1.jpg [2013.02.10 21:07:36 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.02 15:36:34 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.15 09:15:18 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2013.02.15 09:15:18 | 000,014,119 | ---- | C] () -- C:\Windows\SysNative\RaCoInst.dat [2013.02.10 21:56:31 | 000,059,318 | ---- | C] () -- C:\Users\BlackLight\Documents\Picture 4.jpg [2013.02.10 21:56:15 | 000,052,991 | ---- | C] () -- C:\Users\BlackLight\Documents\Picture 3.jpg [2013.02.10 21:36:32 | 000,049,927 | ---- | C] () -- C:\Users\BlackLight\Documents\Picture 2.jpg [2013.02.10 21:36:26 | 000,051,276 | ---- | C] () -- C:\Users\BlackLight\Documents\Picture 1.jpg [2013.02.09 09:08:24 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.08 15:27:33 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForBlackLight.job [2013.02.02 15:36:33 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.01.27 13:46:22 | 000,000,560 | ---- | C] () -- C:\Windows\_delis32.ini [2013.01.08 12:11:20 | 000,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI [2012.12.30 16:25:12 | 000,193,664 | ---- | C] () -- C:\Windows\SysWow64\bmsdk.exe [2012.12.30 16:25:12 | 000,002,960 | ---- | C] () -- C:\Windows\SysWow64\boc.ini [2012.12.30 16:25:12 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\bocinstall.ini [2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.11 13:20:34 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI [2012.12.11 13:05:56 | 000,081,920 | ---- | C] () -- C:\Windows\bwUnin-6.1.4.36-8876480L.exe [2012.12.09 23:10:51 | 000,000,241 | ---- | C] () -- C:\Windows\QSync.INI [2012.12.06 12:27:15 | 000,007,625 | ---- | C] () -- C:\Users\BlackLight\AppData\Local\Resmon.ResmonCfg [2012.10.10 02:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.10.10 02:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.02.14 19:47:04 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012.02.14 19:47:04 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012.02.14 19:47:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.12.09 23:52:59 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\driveridentifier [2013.01.03 14:18:30 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\ImgBurn [2012.12.30 19:25:43 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\Internet-Manager [2013.01.13 11:26:23 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\OpenCandy [2012.12.08 16:14:04 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\OpenOffice.org [2012.12.06 10:30:42 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\Synaptics [2013.02.26 22:42:42 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\TS3Client [2012.12.09 17:53:15 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\ts3overlay [2013.02.02 16:11:29 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\ts3overlay_hook_win64 [2013.02.13 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\BlackLight\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.12.15 19:10:03 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.03.16 00:16:37 | 000,000,000 | -HSD | M] -- C:\boot [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.12.06 10:26:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.12.11 08:05:25 | 000,000,000 | ---D | M] -- C:\Games [2012.12.10 23:00:37 | 000,000,000 | -H-D | M] -- C:\HP [2012.12.06 13:16:39 | 000,000,000 | ---D | M] -- C:\HP_TOOLS_mountHPSF [2012.06.04 10:53:39 | 000,000,000 | ---D | M] -- C:\Intel [2012.12.15 19:09:57 | 000,000,000 | ---D | M] -- C:\Neuer Ordner [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.02.02 15:36:24 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.20 18:47:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2013.02.26 10:20:21 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.12.06 10:26:23 | 000,000,000 | -HSD | M] -- C:\Programme [2012.12.06 10:27:06 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.02.26 10:01:02 | 000,000,000 | ---D | M] -- C:\SWSetup [2013.02.27 17:38:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.06 10:27:12 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2013.02.02 16:16:56 | 000,000,000 | ---D | M] -- C:\temp [2012.12.06 10:26:32 | 000,000,000 | R--D | M] -- C:\Users [2013.02.26 22:10:30 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,568 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013.02.08 15:27:33 | 000,000,352 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForBlackLight.job [2013.02.09 09:08:24 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2012.03.15 23:09:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2012.03.15 23:09:35 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2012.03.15 23:09:35 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2012.03.15 23:09:35 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2012.03.15 23:09:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2012.03.15 23:09:35 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\drivers\iaStor.sys [2011.11.29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_9c981fcb416c038e\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2012.03.15 23:22:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2012.03.15 23:22:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2012.03.15 23:22:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2012.03.15 23:22:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2012.03.15 23:22:38 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2012.03.15 23:22:38 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2012.03.15 23:22:38 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2012.03.15 23:22:38 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.02.27 17:37:41 | 001,310,720 | -HS- | M] () -- C:\Users\BlackLight\NTUSER.DAT [2013.02.27 17:37:41 | 000,262,144 | -HS- | M] () -- C:\Users\BlackLight\ntuser.dat.LOG1 [2012.12.06 10:26:32 | 000,000,000 | -HS- | M] () -- C:\Users\BlackLight\ntuser.dat.LOG2 [2012.12.06 10:44:36 | 000,065,536 | -HS- | M] () -- C:\Users\BlackLight\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.12.06 10:44:36 | 000,524,288 | -HS- | M] () -- C:\Users\BlackLight\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.12.06 10:44:36 | 000,524,288 | -HS- | M] () -- C:\Users\BlackLight\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.12.06 10:26:32 | 000,000,020 | -HS- | M] () -- C:\Users\BlackLight\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.02.2013 17:36:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\BlackLight\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 67,31% Memory free 7,80 Gb Paging File | 6,39 Gb Available in Paging File | 81,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 445,67 Gb Total Space | 357,11 Gb Free Space | 80,13% Space Free | Partition Type: NTFS Drive D: | 19,80 Gb Total Space | 2,12 Gb Free Space | 10,71% Space Free | Partition Type: NTFS Computer Name: BLACKLIGHT-HP | User Name: BlackLight | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01E83DAA-6AAF-4DA9-94E5-517BE5A21F54}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{063B6F39-4301-4B85-B4FA-E95575EA2FF6}" = lport=2869 | protocol=6 | dir=in | app=system | "{0D6935CE-D55F-4F0E-855F-BBF9B2114364}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{2104E7BA-598F-40A8-B5A6-3E8FC5F8AFF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4C2DED82-E1C1-4ECE-9CA0-E7A77423C10C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5521EC16-718E-4CDB-ABC1-2A356A665C5D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{59901C18-8EEC-4807-B57E-A4A5E5D6F25A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7498DB97-6633-4BCB-8971-825DE048665A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7DD6A192-0C20-4ECB-9C15-82FF431CB445}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{842FEBAD-4432-4B55-AAAA-7184050A4761}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{ABF31B26-5142-4467-A293-6C382A0A7CD5}" = rport=10243 | protocol=6 | dir=out | app=system | "{B2E20141-27D6-472B-91FB-DFE54EBA0252}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E1FCD357-4B60-41EC-A425-51225FD1166A}" = lport=10243 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{062D3B37-D170-4644-ACB9-DD5E11E6BA69}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0E2BA753-6C39-4460-9E9A-72246BD0EC40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2012B00A-8B4A-42F7-98AB-8FF3F3C91190}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{25950EFD-6B13-4F6C-BF36-0862AB7AFE72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{2CFA7904-0D6E-4B24-8817-9C13DDA3AC73}" = protocol=6 | dir=out | app=system | "{5D180E1F-10BE-4484-87BE-D8B7328D0439}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5FF8BABF-F8F2-4312-AE5A-4360FFE0D252}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{688DE2AB-0686-44F4-AFAF-E8A7790172F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6A18D028-2BB5-488A-8CB6-EF5B67146EB8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{8ACBC8F0-124A-42A9-A605-CADD2359FDB4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{90FF92CC-462B-4E3F-9CE5-17F82835329F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AAB4D6CE-4253-4C5C-B1CB-5F6F6930DEA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{AF813B5B-C91C-45AE-B49C-C9264F71FBEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C889730E-740F-44C8-A9DB-6BF25BC547E7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{D2970B0B-69F8-4382-983B-92A97536841A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D954CA6D-EAB1-461E-8E02-6EBE0E5A7EF6}" = dir=in | app=c:\users\blacklight\appdata\local\microsoft\skydrive\skydrive.exe | "{D958C890-E029-4C11-9D04-1EC35BB106D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E91E4BEC-5867-4023-9887-5699D0FFB53E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F71A21EE-558E-4B67-A516-C392B79897AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{5DBE42A9-7F43-4972-9863-295BD3F586BD}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | "TCP Query User{938BF375-D1FF-40E3-839B-D62335DC5AFD}C:\games\world of tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world of tanks\wotlauncher.exe | "UDP Query User{80D4B328-444D-41D6-BC6C-AC76046F5E7E}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | "UDP Query User{D4C73C0D-AD1A-4EEF-84EA-467EC62D671F}C:\games\world of tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world of tanks\wotlauncher.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box "{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0 "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{D3AA8FD3-5FFA-4CFC-BA8E-99BFC6A41943}" = HP Security Assistant "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamSpeak 3 Client" = TeamSpeak 3 Client "VLC media player" = VLC media player 2.0.4 "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific "{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources "{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource "{373C3DAE-62C8-4F63-887C-769A8986ED50}" = GameShadow "{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{438363A8-F486-4C37-834C-4955773CB3D3}" = HP Setup "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1 "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety "{7DA9DD7F-F4D9-40FB-BD27-69B7731DEDD9}" = ESU for Microsoft Windows 7 SP1 "{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager "{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety "{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A142E531-C598-4C74-895B-7EEACF0D571E}" = QuickShare "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}" = HP Software Framework "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{DB183033-C2DD-4A37-B43C-943DD4B28C77}" = HP Documentation "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{F28DAAFA-EEBB-48DB-9C8D-6521DD42786B}_is1" = World of Tanks version 8.1 "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "Black Mirror 2_is1" = Black Mirror 2 "GT Interactive - Driver" = GT Interactive - Driver "ImgBurn" = ImgBurn "Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "PDF Complete" = PDF Complete Corporate Edition "VirtualCloneDrive" = VirtualCloneDrive "Winamp" = Winamp "WinLiveSuite" = Windows Live Essentials ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 01.02.2013 02:08:14 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10 Description = Error - 01.02.2013 06:55:19 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10 Description = Error - 03.02.2013 04:05:54 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10 Description = Error - 04.02.2013 05:15:31 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10 Description = Error - 05.02.2013 02:54:44 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10 Description = Error - 06.02.2013 04:19:50 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10 Description = Error - 06.02.2013 10:51:45 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10 Description = Error - 07.02.2013 01:29:33 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10 Description = Error - 08.02.2013 13:49:52 | Computer Name = BlackLight-HP | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 18.0.2.4780 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 614 Startzeit: 01ce06118412c4a6 Endzeit: 60 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: Error - 08.02.2013 18:55:24 | Computer Name = BlackLight-HP | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 18.0.2.4780, Zeitstempel: 0x510c057b Name des fehlerhaften Moduls: xul.dll, Version: 18.0.2.4780, Zeitstempel: 0x510c04a9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0012bdc8 ID des fehlerhaften Prozesses: 0x12e4 Startzeit der fehlerhaften Anwendung: 0x01ce0624de797d46 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung: 9ec4c4a2-7242-11e2-9ca3-a0b3ccca627e Error - 09.02.2013 04:05:07 | Computer Name = BlackLight-HP | Source = WinMgmt | ID = 10 Description = Error - 09.02.2013 07:59:54 | Computer Name = BlackLight-HP | Source = Application Hang | ID = 1002 Description = Programm ts3client_win64.exe, Version 3.0.9.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: e3c Startzeit: 01ce06bca61e872e Endzeit: 23 Anwendungspfad: C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe Berichts-ID: 32ab0555-72b0-11e2-9a49-a0b3ccca627e [ Hewlett-Packard Events ] Error - 07.12.2012 11:21:32 | Computer Name = BlackLight-HP | Source = HPSF.exe | ID = 4000 Description = Error - 07.12.2012 11:26:13 | Computer Name = BlackLight-HP | Source = HPSF.exe | ID = 4000 Description = Error - 26.01.2013 11:38:05 | Computer Name = BlackLight-HP | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2147467261 bei HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties() Message: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt. StackTrace: bei HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties() Source: HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3996 Ram Utilization: 40 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties() [ HP Connection Manager Events ] Error - 21.12.2012 07:31:07 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5 Description = 2012/12/21 12:31:07.578|00000E98|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 21.12.2012 07:31:09 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5 Description = 2012/12/21 12:31:09.575|00000E98|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 21.12.2012 07:31:11 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5 Description = 2012/12/21 12:31:11.572|00000E98|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 21.12.2012 07:31:15 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5 Description = 2012/12/21 12:31:15.581|00000E98|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 21.12.2012 07:31:17 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5 Description = 2012/12/21 12:31:17.578|00000E98|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 23.12.2012 06:34:25 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5 Description = 2012/12/23 11:34:25.732|00000B28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 23.12.2012 06:34:27 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5 Description = 2012/12/23 11:34:27.731|00000B28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 23.12.2012 06:34:29 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5 Description = 2012/12/23 11:34:29.728|00000B28|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 23.12.2012 16:36:45 | Computer Name = BlackLight-HP | Source = hpCMSrv | ID = 5 Description = 2012/12/23 21:36:45.904|0000139C|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged failed [hr:0x800706BA] Error - 24.12.2012 09:06:25 | Computer Name = BlackLight-HP | Source = hpMobile | ID = 5 Description = 2012.12.24 14:06:25.252|000012E4|Error |[HP.Mobile]Wlan::UpdateProperties{void()}|Die Daten sind unzulässig. (Ausnahme von HRESULT: 0x8007000D) [ HP Software Framework Events ] Error - 15.03.2012 10:06:33 | Computer Name = AULFISL4LFL4V | Source = CaslSmBios | ID = 5 Description = 2012.03.15 15:06:33.028|0000060C|Error |[CaslWmi]CommandPanelBrightness::GetCurrentPanelBrightnessFromOS{hpCasl.enReturnCode(CaslWmi.enPanelBrightnessDataType,ushort&)}|Exception occurred in querying WMI for WmiMonitorBrightness: 'Nicht unterstützt ' [ Media Center Events ] Error - 15.02.2013 03:15:51 | Computer Name = BlackLight-HP | Source = MCUpdate | ID = 0 Description = 08:15:50 - Fehler beim Herstellen der Internetverbindung. 08:15:50 - Serververbindung konnte nicht hergestellt werden.. Error - 15.02.2013 03:16:02 | Computer Name = BlackLight-HP | Source = MCUpdate | ID = 0 Description = 08:15:56 - Fehler beim Herstellen der Internetverbindung. 08:15:56 - Serververbindung konnte nicht hergestellt werden.. Error - 15.02.2013 04:16:35 | Computer Name = BlackLight-HP | Source = MCUpdate | ID = 0 Description = 09:16:35 - Fehler beim Herstellen der Internetverbindung. 09:16:35 - Serververbindung konnte nicht hergestellt werden.. Error - 15.02.2013 04:16:48 | Computer Name = BlackLight-HP | Source = MCUpdate | ID = 0 Description = 09:16:40 - Fehler beim Herstellen der Internetverbindung. 09:16:40 - Serververbindung konnte nicht hergestellt werden.. Error - 24.02.2013 03:22:25 | Computer Name = BlackLight-HP | Source = MCUpdate | ID = 0 Description = 08:22:25 - Fehler beim Herstellen der Internetverbindung. 08:22:25 - Serververbindung konnte nicht hergestellt werden.. Error - 24.02.2013 03:23:24 | Computer Name = BlackLight-HP | Source = MCUpdate | ID = 0 Description = 08:22:30 - Fehler beim Herstellen der Internetverbindung. 08:22:32 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 22.01.2013 07:52:52 | Computer Name = BlackLight-HP | Source = Server | ID = 2505 Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{AA2FA9AC-5CA4-4786-ACA1-177EA4F80946} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Error - 22.01.2013 08:00:52 | Computer Name = BlackLight-HP | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.143.180.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: Microsoft Home Page | Devices and Services Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9103.0 Fehlercode: 0x80072efd Fehlerbeschreibung: Die Serververbindung konnte nicht hergestellt werden. Error - 27.01.2013 08:42:10 | Computer Name = BlackLight-HP | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.143.942.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: Microsoft Home Page | Devices and Services Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9103.0 Fehlercode: 0x80072efd Fehlerbeschreibung: Die Serververbindung konnte nicht hergestellt werden. Error - 31.01.2013 03:54:46 | Computer Name = BlackLight-HP | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.143.1136.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: Microsoft Home Page | Devices and Services Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9103.0 Fehlercode: 0x80072ee2 Fehlerbeschreibung: Das Zeitlimit für den Vorgang wurde erreicht. Error - 07.02.2013 10:11:08 | Computer Name = BlackLight-HP | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.143.1665.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: Microsoft Home Page | Devices and Services Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9103.0 Fehlercode: 0x80072efd Fehlerbeschreibung: Die Serververbindung konnte nicht hergestellt werden. Error - 08.02.2013 02:03:23 | Computer Name = BlackLight-HP | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.143.1665.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: Microsoft Home Page | Devices and Services Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9103.0 Fehlercode: 0x80072efd Fehlerbeschreibung: Die Serververbindung konnte nicht hergestellt werden. Error - 14.02.2013 14:58:47 | Computer Name = BlackLight-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error - 15.02.2013 03:22:37 | Computer Name = BlackLight-HP | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.143.2233.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: Microsoft Home Page | Devices and Services Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9103.0 Fehlercode: 0x80072efd Fehlerbeschreibung: Die Serververbindung konnte nicht hergestellt werden. Error - 15.02.2013 04:23:31 | Computer Name = BlackLight-HP | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht. Error - 16.02.2013 05:21:59 | Computer Name = BlackLight-HP | Source = Microsoft Antimalware | ID = 2001 Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt. Neue Signaturversion: Vorherige Signaturversion: 1.143.2340.0 Aktualisierungsquelle: %%859 Aktualisierungsphase: %%852 Quellpfad: Microsoft Home Page | Devices and Services Signaturtyp: %%800 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\SYSTEM Aktuelle Modulversion: Vorherige Modulversion: 1.1.9103.0 Fehlercode: 0x80072efd Fehlerbeschreibung: Die Serververbindung konnte nicht hergestellt werden. < End of report > Nebenbei Frage: Wie kommt man zu dem mist? |
27.02.2013, 17:59 | #4 |
/// Malware-holic | Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. :files :Commands [emptytemp]
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.02.2013, 18:10 | #5 |
| Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: BlackLight ->Temp folder emptied: 765481 bytes ->Temporary Internet Files folder emptied: 316693 bytes ->FireFox cache emptied: 6679533 bytes ->Flash cache emptied: 722 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 64569 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 8,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02272013_180709 Files\Folders moved on Reboot... C:\Users\BlackLight\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
27.02.2013, 18:19 | #6 |
/// Malware-holic | Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... Hi, Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... |
27.02.2013, 18:26 | #7 |
| Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... 18:22:39.0966 1124 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 18:22:40.0185 1124 ============================================================ 18:22:40.0185 1124 Current date / time: 2013/02/27 18:22:40.0185 18:22:40.0185 1124 SystemInfo: 18:22:40.0185 1124 18:22:40.0185 1124 OS Version: 6.1.7601 ServicePack: 1.0 18:22:40.0185 1124 Product type: Workstation 18:22:40.0185 1124 ComputerName: BLACKLIGHT-HP 18:22:40.0185 1124 UserName: BlackLight 18:22:40.0185 1124 Windows directory: C:\Windows 18:22:40.0185 1124 System windows directory: C:\Windows 18:22:40.0185 1124 Running under WOW64 18:22:40.0185 1124 Processor architecture: Intel x64 18:22:40.0185 1124 Number of processors: 2 18:22:40.0185 1124 Page size: 0x1000 18:22:40.0185 1124 Boot type: Normal boot 18:22:40.0185 1124 ============================================================ 18:22:40.0918 1124 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:22:40.0918 1124 ============================================================ 18:22:40.0918 1124 \Device\Harddisk0\DR0: 18:22:40.0918 1124 MBR partitions: 18:22:40.0918 1124 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 18:22:40.0918 1124 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37B56800 18:22:40.0918 1124 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37BBA800, BlocksNum 0x2797800 18:22:40.0918 1124 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33800 18:22:40.0918 1124 ============================================================ 18:22:40.0933 1124 C: <-> \Device\Harddisk0\DR0\Partition2 18:22:40.0980 1124 D: <-> \Device\Harddisk0\DR0\Partition3 18:22:40.0980 1124 ============================================================ 18:22:40.0980 1124 Initialize success 18:22:40.0980 1124 ============================================================ 18:24:07.0123 5036 ============================================================ 18:24:07.0123 5036 Scan started 18:24:07.0123 5036 Mode: Manual; SigCheck; TDLFS; 18:24:07.0123 5036 ============================================================ 18:24:07.0420 5036 ================ Scan system memory ======================== 18:24:07.0420 5036 System memory - ok 18:24:07.0420 5036 ================ Scan services ============================= 18:24:07.0576 5036 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 18:24:07.0654 5036 1394ohci - ok 18:24:07.0716 5036 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 18:24:07.0763 5036 ACPI - ok 18:24:07.0794 5036 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 18:24:07.0857 5036 AcpiPmi - ok 18:24:07.0966 5036 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 18:24:07.0997 5036 AdobeFlashPlayerUpdateSvc - ok 18:24:08.0044 5036 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 18:24:08.0091 5036 adp94xx - ok 18:24:08.0138 5036 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 18:24:08.0184 5036 adpahci - ok 18:24:08.0216 5036 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 18:24:08.0216 5036 adpu320 - ok 18:24:08.0247 5036 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 18:24:08.0294 5036 AeLookupSvc - ok 18:24:08.0372 5036 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe 18:24:08.0403 5036 AERTFilters - ok 18:24:08.0450 5036 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 18:24:08.0528 5036 AFD - ok 18:24:08.0559 5036 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 18:24:08.0590 5036 agp440 - ok 18:24:08.0621 5036 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 18:24:08.0652 5036 ALG - ok 18:24:08.0699 5036 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 18:24:08.0730 5036 aliide - ok 18:24:08.0746 5036 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 18:24:08.0762 5036 amdide - ok 18:24:08.0808 5036 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 18:24:08.0855 5036 AmdK8 - ok 18:24:08.0886 5036 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 18:24:08.0902 5036 AmdPPM - ok 18:24:08.0933 5036 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 18:24:08.0949 5036 amdsata - ok 18:24:08.0964 5036 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 18:24:08.0980 5036 amdsbs - ok 18:24:08.0996 5036 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 18:24:09.0011 5036 amdxata - ok 18:24:09.0042 5036 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 18:24:09.0105 5036 AppID - ok 18:24:09.0120 5036 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 18:24:09.0198 5036 AppIDSvc - ok 18:24:09.0214 5036 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 18:24:09.0261 5036 Appinfo - ok 18:24:09.0308 5036 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 18:24:09.0323 5036 arc - ok 18:24:09.0339 5036 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 18:24:09.0354 5036 arcsas - ok 18:24:09.0386 5036 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 18:24:09.0464 5036 AsyncMac - ok 18:24:09.0495 5036 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 18:24:09.0495 5036 atapi - ok 18:24:09.0542 5036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 18:24:09.0604 5036 AudioEndpointBuilder - ok 18:24:09.0635 5036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 18:24:09.0666 5036 AudioSrv - ok 18:24:09.0713 5036 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 18:24:09.0791 5036 AxInstSV - ok 18:24:09.0854 5036 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 18:24:09.0885 5036 b06bdrv - ok 18:24:09.0932 5036 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 18:24:09.0994 5036 b57nd60a - ok 18:24:10.0056 5036 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 18:24:10.0150 5036 BCM43XX - ok 18:24:10.0197 5036 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 18:24:10.0228 5036 BDESVC - ok 18:24:10.0259 5036 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 18:24:10.0353 5036 Beep - ok 18:24:10.0400 5036 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 18:24:10.0493 5036 BFE - ok 18:24:10.0540 5036 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 18:24:10.0618 5036 BITS - ok 18:24:10.0665 5036 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 18:24:10.0696 5036 blbdrive - ok 18:24:10.0727 5036 [ 057F482CFDB57E75202E2E37795F2D3B ] BMLoad C:\Windows\system32\drivers\BMLoad.sys 18:24:10.0774 5036 BMLoad ( UnsignedFile.Multi.Generic ) - warning 18:24:10.0774 5036 BMLoad - detected UnsignedFile.Multi.Generic (1) 18:24:10.0821 5036 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 18:24:10.0852 5036 bowser - ok 18:24:10.0883 5036 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 18:24:10.0914 5036 BrFiltLo - ok 18:24:10.0930 5036 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 18:24:10.0946 5036 BrFiltUp - ok 18:24:10.0977 5036 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 18:24:10.0992 5036 Browser - ok 18:24:11.0024 5036 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 18:24:11.0086 5036 Brserid - ok 18:24:11.0117 5036 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 18:24:11.0148 5036 BrSerWdm - ok 18:24:11.0180 5036 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 18:24:11.0226 5036 BrUsbMdm - ok 18:24:11.0242 5036 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 18:24:11.0273 5036 BrUsbSer - ok 18:24:11.0320 5036 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 18:24:11.0367 5036 BTHMODEM - ok 18:24:11.0414 5036 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 18:24:11.0460 5036 bthserv - ok 18:24:11.0492 5036 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 18:24:11.0538 5036 cdfs - ok 18:24:11.0570 5036 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 18:24:11.0616 5036 cdrom - ok 18:24:11.0648 5036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 18:24:11.0726 5036 CertPropSvc - ok 18:24:11.0772 5036 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 18:24:11.0804 5036 circlass - ok 18:24:11.0850 5036 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 18:24:11.0882 5036 CLFS - ok 18:24:11.0928 5036 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:24:11.0944 5036 clr_optimization_v2.0.50727_32 - ok 18:24:11.0975 5036 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:24:11.0991 5036 clr_optimization_v2.0.50727_64 - ok 18:24:12.0053 5036 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:24:12.0084 5036 clr_optimization_v4.0.30319_32 - ok 18:24:12.0116 5036 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:24:12.0131 5036 clr_optimization_v4.0.30319_64 - ok 18:24:12.0131 5036 clwvd - ok 18:24:12.0178 5036 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 18:24:12.0194 5036 CmBatt - ok 18:24:12.0225 5036 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 18:24:12.0256 5036 cmdide - ok 18:24:12.0287 5036 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 18:24:12.0334 5036 CNG - ok 18:24:12.0381 5036 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 18:24:12.0396 5036 Compbatt - ok 18:24:12.0412 5036 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 18:24:12.0443 5036 CompositeBus - ok 18:24:12.0459 5036 COMSysApp - ok 18:24:12.0490 5036 [ 815F3180B5117E42E422188E9CCC89C6 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 18:24:12.0506 5036 cphs - ok 18:24:12.0537 5036 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 18:24:12.0537 5036 crcdisk - ok 18:24:12.0584 5036 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 18:24:12.0615 5036 CryptSvc - ok 18:24:12.0662 5036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 18:24:12.0755 5036 DcomLaunch - ok 18:24:12.0786 5036 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 18:24:12.0833 5036 defragsvc - ok 18:24:12.0880 5036 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 18:24:12.0942 5036 DfsC - ok 18:24:12.0989 5036 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 18:24:13.0020 5036 Dhcp - ok 18:24:13.0036 5036 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 18:24:13.0083 5036 discache - ok 18:24:13.0114 5036 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 18:24:13.0130 5036 Disk - ok 18:24:13.0145 5036 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 18:24:13.0176 5036 Dnscache - ok 18:24:13.0208 5036 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 18:24:13.0254 5036 dot3svc - ok 18:24:13.0286 5036 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 18:24:13.0332 5036 DPS - ok 18:24:13.0364 5036 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 18:24:13.0395 5036 drmkaud - ok 18:24:13.0426 5036 [ CE7743807258A7D383C427E3C178A49E ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 18:24:13.0457 5036 DXGKrnl - ok 18:24:13.0473 5036 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 18:24:13.0520 5036 EapHost - ok 18:24:13.0629 5036 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 18:24:13.0769 5036 ebdrv - ok 18:24:13.0785 5036 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 18:24:13.0816 5036 EFS - ok 18:24:13.0910 5036 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 18:24:13.0956 5036 ehRecvr - ok 18:24:13.0988 5036 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 18:24:14.0003 5036 ehSched - ok 18:24:14.0081 5036 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys 18:24:14.0112 5036 ElbyCDIO - ok 18:24:14.0159 5036 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 18:24:14.0222 5036 elxstor - ok 18:24:14.0237 5036 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 18:24:14.0268 5036 ErrDev - ok 18:24:14.0315 5036 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 18:24:14.0393 5036 EventSystem - ok 18:24:14.0424 5036 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 18:24:14.0471 5036 exfat - ok 18:24:14.0487 5036 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 18:24:14.0534 5036 fastfat - ok 18:24:14.0580 5036 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 18:24:14.0643 5036 Fax - ok 18:24:14.0674 5036 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 18:24:14.0705 5036 fdc - ok 18:24:14.0721 5036 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 18:24:14.0768 5036 fdPHost - ok 18:24:14.0768 5036 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 18:24:14.0799 5036 FDResPub - ok 18:24:14.0830 5036 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 18:24:14.0846 5036 FileInfo - ok 18:24:14.0846 5036 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 18:24:14.0892 5036 Filetrace - ok 18:24:14.0924 5036 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 18:24:14.0939 5036 flpydisk - ok 18:24:14.0955 5036 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 18:24:14.0970 5036 FltMgr - ok 18:24:15.0017 5036 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 18:24:15.0080 5036 FontCache - ok 18:24:15.0126 5036 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:24:15.0158 5036 FontCache3.0.0.0 - ok 18:24:15.0173 5036 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 18:24:15.0189 5036 FsDepends - ok 18:24:15.0236 5036 [ B16B626996C74B564005BA855C5DEE90 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 18:24:15.0251 5036 fssfltr - ok 18:24:15.0360 5036 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 18:24:15.0438 5036 fsssvc - ok 18:24:15.0454 5036 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 18:24:15.0485 5036 Fs_Rec - ok 18:24:15.0501 5036 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 18:24:15.0532 5036 fvevol - ok 18:24:15.0548 5036 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 18:24:15.0563 5036 gagp30kx - ok 18:24:15.0594 5036 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 18:24:15.0672 5036 gpsvc - ok 18:24:15.0688 5036 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 18:24:15.0735 5036 hcw85cir - ok 18:24:15.0782 5036 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 18:24:15.0828 5036 HdAudAddService - ok 18:24:15.0860 5036 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 18:24:15.0891 5036 HDAudBus - ok 18:24:15.0922 5036 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 18:24:15.0969 5036 HidBatt - ok 18:24:15.0984 5036 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 18:24:16.0016 5036 HidBth - ok 18:24:16.0047 5036 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 18:24:16.0078 5036 HidIr - ok 18:24:16.0094 5036 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 18:24:16.0125 5036 hidserv - ok 18:24:16.0172 5036 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 18:24:16.0187 5036 HidUsb - ok 18:24:16.0218 5036 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 18:24:16.0281 5036 hkmsvc - ok 18:24:16.0296 5036 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 18:24:16.0328 5036 HomeGroupListener - ok 18:24:16.0359 5036 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 18:24:16.0390 5036 HomeGroupProvider - ok 18:24:16.0484 5036 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 18:24:16.0499 5036 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - warning 18:24:16.0499 5036 HP Support Assistant Service - detected UnsignedFile.Multi.Generic (1) 18:24:16.0593 5036 [ 7B8C1B09C11E8DB7C4480ABD7D17E821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe 18:24:16.0640 5036 HPAuto - ok 18:24:16.0702 5036 [ 514455F6586473791C5C6B25BA4E1BAB ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 18:24:16.0764 5036 hpqwmiex - ok 18:24:16.0811 5036 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 18:24:16.0811 5036 HpSAMD - ok 18:24:16.0858 5036 [ 2BEC76BDCD1BC080210325E7B5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 18:24:16.0889 5036 HPWMISVC - ok 18:24:16.0936 5036 [ 20BCB023B85632ECAE16825DA4DABB0F ] HSPADataCardusbmdm C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys 18:24:16.0967 5036 HSPADataCardusbmdm - ok 18:24:16.0983 5036 [ 20BCB023B85632ECAE16825DA4DABB0F ] HSPADataCardusbnmea C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys 18:24:17.0014 5036 HSPADataCardusbnmea - ok 18:24:17.0014 5036 [ 20BCB023B85632ECAE16825DA4DABB0F ] HSPADataCardusbser C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys 18:24:17.0030 5036 HSPADataCardusbser - ok 18:24:17.0076 5036 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 18:24:17.0154 5036 HTTP - ok 18:24:17.0170 5036 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 18:24:17.0186 5036 hwpolicy - ok 18:24:17.0217 5036 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 18:24:17.0232 5036 i8042prt - ok 18:24:17.0279 5036 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys 18:24:17.0310 5036 iaStor - ok 18:24:17.0373 5036 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 18:24:17.0404 5036 IAStorDataMgrSvc - ok 18:24:17.0451 5036 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 18:24:17.0482 5036 iaStorV - ok 18:24:17.0560 5036 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:24:17.0622 5036 idsvc - ok 18:24:17.0778 5036 [ 348214F96642FD4FEF630DE021BA3540 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 18:24:17.0966 5036 igfx - ok 18:24:17.0997 5036 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 18:24:18.0012 5036 iirsp - ok 18:24:18.0044 5036 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 18:24:18.0122 5036 IKEEXT - ok 18:24:18.0246 5036 [ 112A84BD9A31C59826AC2979D451F0DA ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 18:24:18.0324 5036 IntcAzAudAddService - ok 18:24:18.0371 5036 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 18:24:18.0434 5036 IntcDAud - ok 18:24:18.0480 5036 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe 18:24:19.0557 5036 Intel(R) Capability Licensing Service Interface - ok 18:24:19.0588 5036 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 18:24:19.0588 5036 intelide - ok 18:24:19.0619 5036 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 18:24:19.0650 5036 intelppm - ok 18:24:19.0666 5036 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 18:24:19.0744 5036 IPBusEnum - ok 18:24:19.0775 5036 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:24:19.0806 5036 IpFilterDriver - ok 18:24:19.0822 5036 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 18:24:19.0853 5036 iphlpsvc - ok 18:24:19.0884 5036 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 18:24:19.0916 5036 IPMIDRV - ok 18:24:19.0916 5036 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 18:24:19.0978 5036 IPNAT - ok 18:24:19.0994 5036 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 18:24:20.0009 5036 IRENUM - ok 18:24:20.0025 5036 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 18:24:20.0025 5036 isapnp - ok 18:24:20.0040 5036 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 18:24:20.0056 5036 iScsiPrt - ok 18:24:20.0103 5036 [ DBD76BC1D498FE368F2C8CB76C3E00A4 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 18:24:20.0134 5036 jhi_service - ok 18:24:20.0150 5036 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 18:24:20.0165 5036 kbdclass - ok 18:24:20.0196 5036 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 18:24:20.0228 5036 kbdhid - ok 18:24:20.0243 5036 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 18:24:20.0259 5036 KeyIso - ok 18:24:20.0290 5036 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 18:24:20.0306 5036 KSecDD - ok 18:24:20.0337 5036 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 18:24:20.0352 5036 KSecPkg - ok 18:24:20.0384 5036 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 18:24:20.0430 5036 ksthunk - ok 18:24:20.0462 5036 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 18:24:20.0493 5036 KtmRm - ok 18:24:20.0555 5036 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 18:24:20.0633 5036 LanmanServer - ok 18:24:20.0649 5036 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 18:24:20.0696 5036 LanmanWorkstation - ok 18:24:20.0742 5036 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 18:24:20.0774 5036 lltdio - ok 18:24:20.0805 5036 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 18:24:20.0898 5036 lltdsvc - ok 18:24:20.0914 5036 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 18:24:20.0961 5036 lmhosts - ok 18:24:21.0008 5036 [ 86E4CC39C953D11EF57CF54C4DC78238 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 18:24:21.0054 5036 LMS - ok 18:24:21.0086 5036 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 18:24:21.0117 5036 LSI_FC - ok 18:24:21.0132 5036 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 18:24:21.0148 5036 LSI_SAS - ok 18:24:21.0164 5036 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 18:24:21.0195 5036 LSI_SAS2 - ok 18:24:21.0210 5036 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 18:24:21.0226 5036 LSI_SCSI - ok 18:24:21.0242 5036 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 18:24:21.0320 5036 luafv - ok 18:24:21.0366 5036 [ 1B4DBCAA0321BBB76255983148051F09 ] massfilter C:\Windows\system32\drivers\massfilter.sys 18:24:21.0382 5036 massfilter - ok 18:24:21.0413 5036 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 18:24:21.0429 5036 Mcx2Svc - ok 18:24:21.0460 5036 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 18:24:21.0476 5036 megasas - ok 18:24:21.0507 5036 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 18:24:21.0522 5036 MegaSR - ok 18:24:21.0554 5036 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 18:24:21.0585 5036 MEIx64 - ok 18:24:21.0616 5036 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 18:24:21.0663 5036 MMCSS - ok 18:24:21.0678 5036 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 18:24:21.0741 5036 Modem - ok 18:24:21.0772 5036 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 18:24:21.0803 5036 monitor - ok 18:24:21.0819 5036 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 18:24:21.0834 5036 mouclass - ok 18:24:21.0866 5036 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\drivers\mouhid.sys 18:24:21.0897 5036 mouhid - ok 18:24:21.0944 5036 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 18:24:21.0944 5036 mountmgr - ok 18:24:22.0006 5036 [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:24:22.0022 5036 MozillaMaintenance - ok 18:24:22.0068 5036 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 18:24:22.0084 5036 MpFilter - ok 18:24:22.0115 5036 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 18:24:22.0131 5036 mpio - ok 18:24:22.0146 5036 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 18:24:22.0178 5036 mpsdrv - ok 18:24:22.0224 5036 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 18:24:22.0349 5036 MpsSvc - ok 18:24:22.0365 5036 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 18:24:22.0380 5036 MRxDAV - ok 18:24:22.0412 5036 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 18:24:22.0427 5036 mrxsmb - ok 18:24:22.0458 5036 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:24:22.0490 5036 mrxsmb10 - ok 18:24:22.0505 5036 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:24:22.0521 5036 mrxsmb20 - ok 18:24:22.0536 5036 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 18:24:22.0552 5036 msahci - ok 18:24:22.0568 5036 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 18:24:22.0583 5036 msdsm - ok 18:24:22.0614 5036 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 18:24:22.0630 5036 MSDTC - ok 18:24:22.0661 5036 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 18:24:22.0708 5036 Msfs - ok 18:24:22.0739 5036 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 18:24:22.0817 5036 mshidkmdf - ok 18:24:22.0833 5036 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 18:24:22.0833 5036 msisadrv - ok 18:24:22.0864 5036 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 18:24:22.0942 5036 MSiSCSI - ok 18:24:22.0942 5036 msiserver - ok 18:24:22.0989 5036 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 18:24:23.0051 5036 MSKSSRV - ok 18:24:23.0160 5036 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe 18:24:23.0176 5036 MsMpSvc - ok 18:24:23.0207 5036 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 18:24:23.0254 5036 MSPCLOCK - ok 18:24:23.0285 5036 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 18:24:23.0348 5036 MSPQM - ok 18:24:23.0379 5036 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 18:24:23.0394 5036 MsRPC - ok 18:24:23.0410 5036 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 18:24:23.0426 5036 mssmbios - ok 18:24:23.0441 5036 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 18:24:23.0488 5036 MSTEE - ok 18:24:23.0519 5036 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 18:24:23.0519 5036 MTConfig - ok 18:24:23.0550 5036 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 18:24:23.0550 5036 Mup - ok 18:24:23.0582 5036 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 18:24:23.0644 5036 napagent - ok 18:24:23.0675 5036 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 18:24:23.0706 5036 NativeWifiP - ok 18:24:23.0769 5036 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 18:24:23.0816 5036 NDIS - ok 18:24:23.0862 5036 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 18:24:23.0940 5036 NdisCap - ok 18:24:23.0972 5036 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 18:24:24.0003 5036 NdisTapi - ok 18:24:24.0018 5036 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 18:24:24.0050 5036 Ndisuio - ok 18:24:24.0065 5036 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 18:24:24.0112 5036 NdisWan - ok 18:24:24.0128 5036 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 18:24:24.0174 5036 NDProxy - ok 18:24:24.0206 5036 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 18:24:24.0237 5036 NetBIOS - ok 18:24:24.0268 5036 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 18:24:24.0299 5036 NetBT - ok 18:24:24.0330 5036 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 18:24:24.0330 5036 Netlogon - ok 18:24:24.0362 5036 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 18:24:24.0424 5036 Netman - ok 18:24:24.0440 5036 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 18:24:24.0502 5036 netprofm - ok 18:24:24.0564 5036 [ FB21D47BA5606A4EDBBAC353D4BD06F0 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys 18:24:24.0642 5036 netr28x - ok 18:24:24.0674 5036 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 18:24:24.0689 5036 NetTcpPortSharing - ok 18:24:24.0720 5036 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 18:24:24.0752 5036 nfrd960 - ok 18:24:24.0798 5036 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 18:24:24.0814 5036 NisDrv - ok 18:24:24.0876 5036 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe 18:24:24.0923 5036 NisSrv - ok 18:24:24.0954 5036 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 18:24:25.0001 5036 NlaSvc - ok 18:24:25.0032 5036 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 18:24:25.0079 5036 Npfs - ok 18:24:25.0110 5036 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 18:24:25.0142 5036 nsi - ok 18:24:25.0142 5036 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 18:24:25.0204 5036 nsiproxy - ok 18:24:25.0266 5036 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 18:24:25.0376 5036 Ntfs - ok 18:24:25.0391 5036 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 18:24:25.0422 5036 Null - ok 18:24:25.0454 5036 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys 18:24:25.0485 5036 NVENETFD - ok 18:24:25.0532 5036 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 18:24:25.0563 5036 nvraid - ok 18:24:25.0578 5036 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 18:24:25.0594 5036 nvstor - ok 18:24:25.0610 5036 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 18:24:25.0625 5036 nv_agp - ok 18:24:25.0641 5036 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 18:24:25.0656 5036 ohci1394 - ok 18:24:25.0688 5036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 18:24:25.0719 5036 p2pimsvc - ok 18:24:25.0797 5036 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 18:24:25.0844 5036 p2psvc - ok 18:24:25.0875 5036 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 18:24:25.0890 5036 Parport - ok 18:24:25.0922 5036 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 18:24:25.0937 5036 partmgr - ok 18:24:25.0937 5036 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 18:24:26.0000 5036 PcaSvc - ok 18:24:26.0031 5036 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 18:24:26.0046 5036 pci - ok 18:24:26.0078 5036 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 18:24:26.0093 5036 pciide - ok 18:24:26.0124 5036 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 18:24:26.0140 5036 pcmcia - ok 18:24:26.0156 5036 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 18:24:26.0156 5036 pcw - ok 18:24:26.0202 5036 pdfcDispatcher - ok 18:24:26.0234 5036 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 18:24:26.0296 5036 PEAUTH - ok 18:24:26.0374 5036 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 18:24:26.0405 5036 PerfHost - ok 18:24:26.0468 5036 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 18:24:26.0561 5036 pla - ok 18:24:26.0592 5036 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 18:24:26.0624 5036 PlugPlay - ok 18:24:26.0639 5036 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 18:24:26.0670 5036 PNRPAutoReg - ok 18:24:26.0702 5036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 18:24:26.0717 5036 PNRPsvc - ok 18:24:26.0733 5036 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 18:24:26.0780 5036 PolicyAgent - ok 18:24:26.0826 5036 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll 18:24:26.0842 5036 Power - ok 18:24:26.0889 5036 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 18:24:26.0951 5036 PptpMiniport - ok 18:24:26.0967 5036 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 18:24:27.0014 5036 Processor - ok 18:24:27.0045 5036 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 18:24:27.0092 5036 ProfSvc - ok 18:24:27.0092 5036 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 18:24:27.0107 5036 ProtectedStorage - ok 18:24:27.0154 5036 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 18:24:27.0232 5036 Psched - ok 18:24:27.0310 5036 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 18:24:27.0404 5036 ql2300 - ok 18:24:27.0419 5036 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 18:24:27.0419 5036 ql40xx - ok 18:24:27.0450 5036 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 18:24:27.0482 5036 QWAVE - ok 18:24:27.0513 5036 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 18:24:27.0528 5036 QWAVEdrv - ok 18:24:27.0560 5036 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 18:24:27.0591 5036 RasAcd - ok 18:24:27.0638 5036 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 18:24:27.0669 5036 RasAgileVpn - ok 18:24:27.0700 5036 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 18:24:27.0794 5036 RasAuto - ok 18:24:27.0809 5036 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 18:24:27.0856 5036 Rasl2tp - ok 18:24:27.0887 5036 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 18:24:27.0934 5036 RasMan - ok 18:24:27.0934 5036 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 18:24:27.0981 5036 RasPppoe - ok 18:24:28.0012 5036 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 18:24:28.0059 5036 RasSstp - ok 18:24:28.0090 5036 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 18:24:28.0137 5036 rdbss - ok 18:24:28.0184 5036 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 18:24:28.0215 5036 rdpbus - ok 18:24:28.0246 5036 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 18:24:28.0293 5036 RDPCDD - ok 18:24:28.0308 5036 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 18:24:28.0355 5036 RDPENCDD - ok 18:24:28.0371 5036 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 18:24:28.0402 5036 RDPREFMP - ok 18:24:28.0449 5036 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 18:24:28.0464 5036 RdpVideoMiniport - ok 18:24:28.0480 5036 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 18:24:28.0496 5036 RDPWD - ok 18:24:28.0527 5036 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 18:24:28.0542 5036 rdyboost - ok 18:24:28.0574 5036 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 18:24:28.0636 5036 RemoteAccess - ok 18:24:28.0667 5036 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 18:24:28.0714 5036 RemoteRegistry - ok 18:24:28.0745 5036 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 18:24:28.0792 5036 RpcEptMapper - ok 18:24:28.0823 5036 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 18:24:28.0839 5036 RpcLocator - ok 18:24:28.0870 5036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 18:24:28.0917 5036 RpcSs - ok 18:24:28.0964 5036 [ 7F324DFFCA5318EEF040DBE351D038D8 ] RSP2STOR C:\Windows\system32\DRIVERS\RtsP2Stor.sys 18:24:28.0979 5036 RSP2STOR - ok 18:24:29.0010 5036 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 18:24:29.0073 5036 rspndr - ok 18:24:29.0198 5036 [ C9222E8191211F68C96CB9F371486996 ] RT80x86 C:\Windows\system32\DRIVERS\RT2860.sys 18:24:29.0244 5036 RT80x86 - ok 18:24:29.0276 5036 [ EB8EA1C4C5E076D9EA61FB59960C5830 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 18:24:29.0291 5036 RTL8167 - ok 18:24:29.0307 5036 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 18:24:29.0322 5036 SamSs - ok 18:24:29.0322 5036 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 18:24:29.0338 5036 sbp2port - ok 18:24:29.0369 5036 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 18:24:29.0400 5036 SCardSvr - ok 18:24:29.0432 5036 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 18:24:29.0478 5036 scfilter - ok 18:24:29.0525 5036 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 18:24:29.0634 5036 Schedule - ok 18:24:29.0666 5036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 18:24:29.0697 5036 SCPolicySvc - ok 18:24:29.0728 5036 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 18:24:29.0759 5036 sdbus - ok 18:24:29.0775 5036 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 18:24:29.0806 5036 SDRSVC - ok 18:24:29.0822 5036 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 18:24:29.0900 5036 secdrv - ok 18:24:29.0915 5036 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 18:24:29.0962 5036 seclogon - ok 18:24:29.0978 5036 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 18:24:30.0024 5036 SENS - ok 18:24:30.0040 5036 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 18:24:30.0056 5036 SensrSvc - ok 18:24:30.0087 5036 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 18:24:30.0102 5036 Serenum - ok 18:24:30.0134 5036 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 18:24:30.0180 5036 Serial - ok 18:24:30.0212 5036 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 18:24:30.0258 5036 sermouse - ok 18:24:30.0290 5036 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 18:24:30.0352 5036 SessionEnv - ok 18:24:30.0368 5036 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 18:24:30.0383 5036 sffdisk - ok 18:24:30.0383 5036 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 18:24:30.0414 5036 sffp_mmc - ok 18:24:30.0430 5036 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 18:24:30.0446 5036 sffp_sd - ok 18:24:30.0492 5036 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 18:24:30.0524 5036 sfloppy - ok 18:24:30.0555 5036 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 18:24:30.0617 5036 SharedAccess - ok 18:24:30.0648 5036 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 18:24:30.0711 5036 ShellHWDetection - ok 18:24:30.0742 5036 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 18:24:30.0758 5036 SiSRaid2 - ok 18:24:30.0789 5036 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 18:24:30.0804 5036 SiSRaid4 - ok 18:24:30.0867 5036 [ 011E958267FEB6ED72F1BFA80072943C ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 18:24:30.0898 5036 SkypeUpdate - ok 18:24:30.0929 5036 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 18:24:30.0992 5036 Smb - ok 18:24:31.0054 5036 [ AA17A14DA3B572C886D8064C72E9CC50 ] SmbDrv C:\Windows\system32\drivers\Smb_driver.sys 18:24:31.0070 5036 SmbDrv - ok 18:24:31.0101 5036 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 18:24:31.0132 5036 SNMPTRAP - ok 18:24:31.0148 5036 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 18:24:31.0148 5036 spldr - ok 18:24:31.0194 5036 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 18:24:31.0226 5036 Spooler - ok 18:24:31.0350 5036 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 18:24:31.0522 5036 sppsvc - ok 18:24:31.0538 5036 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 18:24:31.0569 5036 sppuinotify - ok 18:24:31.0600 5036 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 18:24:31.0631 5036 srv - ok 18:24:31.0647 5036 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 18:24:31.0678 5036 srv2 - ok 18:24:31.0725 5036 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS 18:24:31.0740 5036 SrvHsfHDA - ok 18:24:31.0772 5036 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS 18:24:31.0850 5036 SrvHsfV92 - ok 18:24:31.0865 5036 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 18:24:31.0912 5036 SrvHsfWinac - ok 18:24:31.0928 5036 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 18:24:31.0943 5036 srvnet - ok 18:24:31.0974 5036 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 18:24:32.0037 5036 SSDPSRV - ok 18:24:32.0037 5036 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 18:24:32.0068 5036 SstpSvc - ok 18:24:32.0099 5036 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 18:24:32.0099 5036 stexstor - ok 18:24:32.0146 5036 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 18:24:32.0177 5036 stisvc - ok 18:24:32.0177 5036 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 18:24:32.0193 5036 swenum - ok 18:24:32.0224 5036 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 18:24:32.0271 5036 swprv - ok 18:24:32.0318 5036 [ 321EA1320771419C0956DE50F270C3E5 ] SynTP C:\Windows\system32\drivers\SynTP.sys 18:24:32.0333 5036 SynTP - ok 18:24:32.0364 5036 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 18:24:32.0458 5036 SysMain - ok 18:24:32.0458 5036 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 18:24:32.0474 5036 TabletInputService - ok 18:24:32.0505 5036 [ 8B9FD32C71F29DF235A27CE9FF4F19DC ] taphss6 C:\Windows\system32\DRIVERS\taphss6.sys 18:24:32.0520 5036 taphss6 - ok 18:24:32.0520 5036 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 18:24:32.0552 5036 TapiSrv - ok 18:24:32.0567 5036 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 18:24:32.0614 5036 TBS - ok 18:24:32.0676 5036 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 18:24:32.0817 5036 Tcpip - ok 18:24:32.0942 5036 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 18:24:33.0004 5036 TCPIP6 - ok 18:24:33.0066 5036 [ 1A95043750E359F993154EF8559BE518 ] tcpipBM C:\Windows\system32\drivers\tcpipBM.sys 18:24:33.0098 5036 tcpipBM ( UnsignedFile.Multi.Generic ) - warning 18:24:33.0098 5036 tcpipBM - detected UnsignedFile.Multi.Generic (1) 18:24:33.0129 5036 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 18:24:33.0144 5036 tcpipreg - ok 18:24:33.0176 5036 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 18:24:33.0191 5036 TDPIPE - ok 18:24:33.0222 5036 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 18:24:33.0238 5036 TDTCP - ok 18:24:33.0254 5036 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 18:24:33.0300 5036 tdx - ok 18:24:33.0300 5036 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 18:24:33.0316 5036 TermDD - ok 18:24:33.0347 5036 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 18:24:33.0394 5036 TermService - ok 18:24:33.0410 5036 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 18:24:33.0425 5036 Themes - ok 18:24:33.0441 5036 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 18:24:33.0472 5036 THREADORDER - ok 18:24:33.0488 5036 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 18:24:33.0534 5036 TrkWks - ok 18:24:33.0597 5036 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 18:24:33.0644 5036 TrustedInstaller - ok 18:24:33.0675 5036 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 18:24:33.0722 5036 tssecsrv - ok 18:24:33.0753 5036 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 18:24:33.0800 5036 TsUsbFlt - ok 18:24:33.0831 5036 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 18:24:33.0846 5036 TsUsbGD - ok 18:24:33.0878 5036 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 18:24:33.0940 5036 tunnel - ok 18:24:33.0956 5036 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 18:24:33.0971 5036 uagp35 - ok 18:24:33.0987 5036 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 18:24:34.0034 5036 udfs - ok 18:24:34.0065 5036 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 18:24:34.0080 5036 UI0Detect - ok 18:24:34.0096 5036 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 18:24:34.0112 5036 uliagpkx - ok 18:24:34.0143 5036 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 18:24:34.0158 5036 umbus - ok 18:24:34.0190 5036 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 18:24:34.0221 5036 UmPass - ok 18:24:34.0283 5036 [ D80B1075B69B57A3AB78F750CE463ECE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 18:24:34.0314 5036 UNS - ok 18:24:34.0346 5036 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 18:24:34.0408 5036 upnphost - ok 18:24:34.0470 5036 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 18:24:34.0517 5036 usbaudio - ok 18:24:34.0564 5036 [ 2B26FCB7C634C49313FD72120FB9946E ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 18:24:34.0595 5036 usbccgp - ok 18:24:34.0626 5036 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 18:24:34.0673 5036 usbcir - ok 18:24:34.0689 5036 [ AA68C758B3F225618A5FD1ED40C383C4 ] usbehci C:\Windows\system32\drivers\usbehci.sys 18:24:34.0704 5036 usbehci - ok 18:24:34.0720 5036 [ 66E1EF753543785D7E2C44719B2C5DAD ] usbhub C:\Windows\system32\drivers\usbhub.sys 18:24:34.0767 5036 usbhub - ok 18:24:34.0782 5036 [ B26ACA4784AD1295C25A7501FD4AB79E ] usbohci C:\Windows\system32\drivers\usbohci.sys 18:24:34.0829 5036 usbohci - ok 18:24:34.0845 5036 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 18:24:34.0892 5036 usbprint - ok 18:24:34.0923 5036 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:24:34.0970 5036 USBSTOR - ok 18:24:34.0985 5036 [ 35944CFF264134FFD2E7EED0F8B81A56 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 18:24:35.0001 5036 usbuhci - ok 18:24:35.0032 5036 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 18:24:35.0063 5036 usbvideo - ok 18:24:35.0079 5036 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 18:24:35.0126 5036 UxSms - ok 18:24:35.0126 5036 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 18:24:35.0141 5036 VaultSvc - ok 18:24:35.0172 5036 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys 18:24:35.0188 5036 VClone - ok 18:24:35.0219 5036 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 18:24:35.0219 5036 vdrvroot - ok 18:24:35.0250 5036 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 18:24:35.0313 5036 vds - ok 18:24:35.0344 5036 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 18:24:35.0360 5036 vga - ok 18:24:35.0375 5036 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 18:24:35.0422 5036 VgaSave - ok 18:24:35.0453 5036 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 18:24:35.0469 5036 vhdmp - ok 18:24:35.0484 5036 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 18:24:35.0500 5036 viaide - ok 18:24:35.0516 5036 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 18:24:35.0531 5036 volmgr - ok 18:24:35.0547 5036 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 18:24:35.0562 5036 volmgrx - ok 18:24:35.0594 5036 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys 18:24:35.0609 5036 volsnap - ok 18:24:35.0640 5036 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 18:24:35.0656 5036 vsmraid - ok 18:24:35.0718 5036 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 18:24:35.0828 5036 VSS - ok 18:24:35.0843 5036 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 18:24:35.0874 5036 vwifibus - ok 18:24:35.0890 5036 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 18:24:35.0937 5036 vwififlt - ok 18:24:35.0968 5036 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 18:24:35.0984 5036 vwifimp - ok 18:24:36.0015 5036 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 18:24:36.0062 5036 W32Time - ok 18:24:36.0077 5036 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 18:24:36.0108 5036 WacomPen - ok 18:24:36.0140 5036 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 18:24:36.0202 5036 WANARP - ok 18:24:36.0202 5036 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 18:24:36.0233 5036 Wanarpv6 - ok 18:24:36.0311 5036 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 18:24:36.0389 5036 WatAdminSvc - ok 18:24:36.0436 5036 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 18:24:36.0498 5036 wbengine - ok 18:24:36.0530 5036 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 18:24:36.0545 5036 WbioSrvc - ok 18:24:36.0561 5036 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 18:24:36.0592 5036 wcncsvc - ok 18:24:36.0608 5036 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 18:24:36.0623 5036 WcsPlugInService - ok 18:24:36.0654 5036 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 18:24:36.0654 5036 Wd - ok 18:24:36.0686 5036 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 18:24:36.0748 5036 Wdf01000 - ok 18:24:36.0779 5036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 18:24:36.0842 5036 WdiServiceHost - ok 18:24:36.0842 5036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 18:24:36.0857 5036 WdiSystemHost - ok 18:24:36.0888 5036 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 18:24:36.0904 5036 WebClient - ok 18:24:36.0935 5036 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 18:24:36.0982 5036 Wecsvc - ok 18:24:36.0982 5036 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 18:24:37.0013 5036 wercplsupport - ok 18:24:37.0044 5036 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 18:24:37.0076 5036 WerSvc - ok 18:24:37.0107 5036 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 18:24:37.0138 5036 WfpLwf - ok 18:24:37.0154 5036 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 18:24:37.0169 5036 WIMMount - ok 18:24:37.0200 5036 WinDefend - ok 18:24:37.0200 5036 WinHttpAutoProxySvc - ok 18:24:37.0247 5036 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 18:24:37.0294 5036 Winmgmt - ok 18:24:37.0356 5036 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 18:24:37.0481 5036 WinRM - ok 18:24:37.0512 5036 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 18:24:37.0575 5036 Wlansvc - ok 18:24:37.0715 5036 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:24:37.0824 5036 wlidsvc - ok 18:24:37.0840 5036 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 18:24:37.0871 5036 WmiAcpi - ok 18:24:37.0902 5036 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 18:24:37.0934 5036 wmiApSrv - ok 18:24:37.0949 5036 WMPNetworkSvc - ok 18:24:37.0980 5036 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 18:24:37.0996 5036 WPCSvc - ok 18:24:38.0027 5036 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 18:24:38.0043 5036 WPDBusEnum - ok 18:24:38.0090 5036 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 18:24:38.0152 5036 ws2ifsl - ok 18:24:38.0183 5036 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 18:24:38.0230 5036 wscsvc - ok 18:24:38.0230 5036 WSearch - ok 18:24:38.0308 5036 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 18:24:38.0402 5036 wuauserv - ok 18:24:38.0417 5036 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 18:24:38.0433 5036 WudfPf - ok 18:24:38.0464 5036 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 18:24:38.0495 5036 WUDFRd - ok 18:24:38.0526 5036 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 18:24:38.0542 5036 wudfsvc - ok 18:24:38.0573 5036 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\Windows\System32\wwansvc.dll 18:24:38.0589 5036 WwanSvc - ok 18:24:38.0604 5036 ================ Scan global =============================== 18:24:38.0636 5036 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 18:24:38.0651 5036 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 18:24:38.0651 5036 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 18:24:38.0682 5036 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 18:24:38.0714 5036 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 18:24:38.0714 5036 [Global] - ok 18:24:38.0714 5036 ================ Scan MBR ================================== 18:24:38.0729 5036 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 18:24:39.0041 5036 \Device\Harddisk0\DR0 - ok 18:24:39.0041 5036 ================ Scan VBR ================================== 18:24:39.0057 5036 [ 710B8B3419FC40AA8857786421376A52 ] \Device\Harddisk0\DR0\Partition1 18:24:39.0057 5036 \Device\Harddisk0\DR0\Partition1 - ok 18:24:39.0088 5036 [ 693BFED2803D3816732892E5B6388960 ] \Device\Harddisk0\DR0\Partition2 18:24:39.0088 5036 \Device\Harddisk0\DR0\Partition2 - ok 18:24:39.0135 5036 [ BBF02F872A48440F57A2960F7CD1EFA9 ] \Device\Harddisk0\DR0\Partition3 18:24:39.0135 5036 \Device\Harddisk0\DR0\Partition3 - ok 18:24:39.0150 5036 [ B27587B12213AC0522138E0D16E91A70 ] \Device\Harddisk0\DR0\Partition4 18:24:39.0150 5036 \Device\Harddisk0\DR0\Partition4 - ok 18:24:39.0150 5036 ============================================================ 18:24:39.0150 5036 Scan finished 18:24:39.0150 5036 ============================================================ 18:24:39.0166 3168 Detected object count: 3 18:24:39.0166 3168 Actual detected object count: 3 18:25:18.0791 3168 BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user 18:25:18.0807 3168 BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:25:18.0807 3168 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - skipped by user 18:25:18.0807 3168 HP Support Assistant Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:25:18.0807 3168 tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user 18:25:18.0807 3168 tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:25:38.0572 4864 Deinitialize success |
27.02.2013, 18:44 | #8 |
/// Malware-holic | Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.02.2013, 19:13 | #9 |
| Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... Combofix Logfile: Code:
ATTFilter ComboFix 13-02-26.01 - BlackLight 27.02.2013 19:04:33.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3996.2602 [GMT 1:00] ausgeführt von:: c:\users\BlackLight\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\IsUn0407.exe c:\windows\wininit.ini . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-27 bis 2013-02-27 )))))))))))))))))))))))))))))) . . 2013-02-27 18:09 . 2013-02-27 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-27 17:07 . 2013-02-27 17:07 -------- d-----w- C:\_OTL 2013-02-27 14:50 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5F24BA75-D5E9-40BA-80AA-0AC2F1769123}\mpengine.dll 2013-02-26 08:55 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-02-15 09:17 . 2013-02-15 09:17 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2013-02-15 09:17 . 2013-02-15 09:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2013-02-15 09:17 . 2013-02-15 09:17 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2013-02-13 19:18 . 2013-02-24 08:23 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-02-13 19:18 . 2013-02-24 08:23 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-02-13 19:18 . 2013-02-13 19:18 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2013-02-13 19:08 . 2013-02-13 19:08 -------- d-----w- c:\users\BlackLight\AppData\Local\Windows Live Writer 2013-02-13 19:08 . 2013-02-13 19:08 -------- d-----w- c:\users\BlackLight\AppData\Roaming\Windows Live Writer 2013-02-13 12:09 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 12:09 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 12:08 . 2013-01-09 01:04 96768 ----a-w- c:\windows\system32\mshtmled.dll 2013-02-13 12:08 . 2013-01-09 01:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-13 12:08 . 2013-01-08 21:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-02-13 06:33 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-13 06:33 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-13 06:33 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-13 06:33 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 06:33 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-13 06:33 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-13 06:33 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-13 06:33 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-13 06:33 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-13 06:33 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-13 06:32 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 06:32 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-10 20:07 . 2013-02-10 20:07 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-02-02 14:37 . 2013-02-26 21:42 -------- d-----w- c:\users\BlackLight\AppData\Roaming\TS3Client 2013-02-02 14:36 . 2013-02-02 14:36 -------- d-----w- c:\program files\TeamSpeak 3 Client . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-27 13:19 . 2012-03-15 13:45 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-27 13:19 . 2012-03-15 13:45 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-13 12:12 . 2012-12-06 17:09 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-26 16:02 . 2013-01-26 16:02 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-01-20 14:59 . 2013-01-20 14:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-01-20 14:59 . 2012-08-30 21:03 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-01-04 04:43 . 2013-02-13 06:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-16 17:11 . 2012-12-21 11:30 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 15:42 . 2012-12-16 15:42 1998168 ----a-w- c:\windows\SysWow64\d3dx9_43.dll 2012-12-16 14:45 . 2012-12-21 11:30 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 11:30 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 11:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-14 01:42 . 2012-12-14 01:42 9728 ----a-w- c:\windows\system32\IGFXDEVLib.dll 2012-12-14 01:42 . 2012-12-14 01:42 437760 ----a-w- c:\windows\system32\igfxrnor.lrc 2012-12-14 01:42 . 2012-12-14 01:42 384512 ----a-w- c:\windows\system32\igfxpph.dll 2012-12-14 01:42 . 2012-02-14 18:47 12615680 ----a-w- c:\windows\system32\igdumd64.dll 2012-12-14 01:42 . 2012-12-14 01:42 64512 ----a-w- c:\windows\SysWow64\igdde32.dll 2012-12-14 01:42 . 2012-12-14 01:42 440320 ----a-w- c:\windows\system32\igfxrell.lrc 2012-12-14 01:42 . 2012-12-14 01:42 437760 ----a-w- c:\windows\system32\igfxrptb.lrc 2012-12-14 01:42 . 2012-12-14 01:42 437248 ----a-w- c:\windows\system32\igfxrtha.lrc 2012-12-14 01:42 . 2012-12-14 01:42 435712 ----a-w- c:\windows\system32\igfxrheb.lrc 2012-12-14 01:42 . 2012-12-14 01:42 435712 ----a-w- c:\windows\system32\igfxrara.lrc 2012-12-14 01:42 . 2012-12-14 01:42 431104 ----a-w- c:\windows\system32\igfxrkor.lrc 2012-12-14 01:42 . 2012-12-14 01:42 429056 ----a-w- c:\windows\system32\igfxrcht.lrc 2012-12-14 01:42 . 2012-12-14 01:42 330752 ----a-w- c:\windows\SysWow64\igfxdv32.dll 2012-12-14 01:42 . 2012-12-14 01:42 28672 ----a-w- c:\windows\system32\igfxexps.dll 2012-12-14 01:42 . 2012-10-10 01:22 11174912 ----a-w- c:\windows\SysWow64\igd10umd32.dll 2012-12-14 01:42 . 2012-02-14 17:57 64000 ----a-w- c:\windows\system32\igfxsrvc.dll 2012-12-14 01:42 . 2012-02-14 17:56 110592 ----a-w- c:\windows\system32\hccutils.dll 2012-12-14 01:42 . 2012-12-14 01:42 640512 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll 2012-12-14 01:42 . 2012-12-14 01:42 512112 ----a-w- c:\windows\system32\igfxsrvc.exe 2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrnld.lrc 2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc 2012-12-14 01:42 . 2012-12-14 01:42 3121152 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll 2012-12-14 01:42 . 2012-12-14 01:42 255088 ----a-w- c:\windows\system32\igfxext.exe 2012-12-14 01:42 . 2012-12-14 01:42 13030400 ----a-w- c:\windows\system32\ig4icd64.dll 2012-12-14 01:42 . 2012-12-14 01:42 483840 ----a-w- c:\windows\system32\igfx11cmrt64.dll 2012-12-14 01:42 . 2012-12-14 01:42 439808 ----a-w- c:\windows\system32\igfxresn.lrc 2012-12-14 01:42 . 2012-12-14 01:42 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc 2012-12-14 01:42 . 2012-12-14 01:42 428544 ----a-w- c:\windows\system32\igfxrchs.lrc 2012-12-14 01:42 . 2012-10-10 01:22 9007616 ----a-w- c:\windows\system32\igfxress.dll 2012-12-14 01:42 . 2012-02-14 18:42 12858368 ----a-w- c:\windows\system32\igd10umd64.dll 2012-12-14 01:42 . 2012-12-14 01:42 80384 ----a-w- c:\windows\system32\igdde64.dll 2012-12-14 01:42 . 2012-12-14 01:42 459264 ----a-w- c:\windows\SysWow64\igfx11cmrt32.dll 2012-12-14 01:42 . 2012-12-14 01:42 439296 ----a-w- c:\windows\system32\igfxrrus.lrc 2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrptg.lrc 2012-12-14 01:42 . 2012-12-14 01:42 286208 ----a-w- c:\windows\system32\igfxrenu.lrc 2012-12-14 01:42 . 2012-12-14 01:42 142336 ----a-w- c:\windows\system32\igfxdo.dll 2012-12-14 01:42 . 2012-10-10 01:22 11049472 ----a-w- c:\windows\SysWow64\igdumd32.dll 2012-12-14 01:42 . 2012-12-14 01:42 5353888 ----a-w- c:\windows\system32\drivers\igdkmd64.sys 2012-12-14 01:42 . 2012-12-14 01:42 439296 ----a-w- c:\windows\system32\igfxrrom.lrc 2012-12-14 01:42 . 2012-12-14 01:42 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc 2012-12-14 01:42 . 2012-12-14 01:42 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll 2012-12-14 01:42 . 2012-12-14 01:42 185968 ----a-w- c:\windows\system32\difx64.exe 2012-12-14 01:42 . 2012-12-14 01:42 518656 ----a-w- c:\windows\system32\igfxcmrt64.dll 2012-12-14 01:42 . 2012-12-14 01:42 438272 ----a-w- c:\windows\system32\igfxrfin.lrc 2012-12-14 01:42 . 2012-12-14 01:42 437760 ----a-w- c:\windows\system32\igfxrsve.lrc 2012-12-14 01:42 . 2012-12-14 01:42 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc 2012-12-14 01:42 . 2012-12-14 01:42 116224 ----a-w- c:\windows\system32\igfxCoIn_v2932.dll 2012-12-14 01:42 . 2012-12-14 01:42 10812416 ----a-w- c:\windows\SysWow64\ig4icd32.dll 2012-12-14 01:42 . 2012-12-14 01:42 442880 ----a-w- c:\windows\system32\igfxdev.dll 2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrita.lrc 2012-12-14 01:42 . 2012-12-14 01:42 438272 ----a-w- c:\windows\system32\igfxrhun.lrc 2012-12-14 01:42 . 2012-12-14 01:42 437248 ----a-w- c:\windows\system32\igfxrdan.lrc 2012-12-14 01:42 . 2012-12-14 01:42 126976 ----a-w- c:\windows\system32\igfxcpl.cpl 2012-12-14 01:42 . 2012-12-14 01:42 441968 ----a-w- c:\windows\system32\igfxpers.exe 2012-12-14 01:42 . 2012-12-14 01:42 439808 ----a-w- c:\windows\system32\igfxrfra.lrc 2012-12-14 01:42 . 2012-12-14 01:42 410112 ----a-w- c:\windows\system32\igfxTMM.dll 2012-12-14 01:42 . 2012-12-14 01:42 172144 ----a-w- c:\windows\system32\igfxtray.exe 2012-12-14 01:42 . 2012-12-14 01:42 5906032 ----a-w- c:\windows\system32\GfxUI.exe 2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrsky.lrc 2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrplk.lrc 2012-12-14 01:42 . 2012-12-14 01:42 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc 2012-12-14 01:42 . 2012-12-14 01:42 3511296 ----a-w- c:\windows\system32\igfxcmjit64.dll 2012-12-14 01:42 . 2012-12-14 01:42 175104 ----a-w- c:\windows\system32\gfxSrvc.dll 2012-12-14 01:42 . 2012-12-14 01:42 437760 ----a-w- c:\windows\system32\igfxrslv.lrc 2012-12-14 01:42 . 2012-12-14 01:42 399984 ----a-w- c:\windows\system32\hkcmd.exe 2012-12-14 01:42 . 2012-12-14 01:42 277616 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe 2012-12-11 19:19 . 2012-12-11 19:19 45056 ----a-r- c:\users\BlackLight\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe 2012-12-11 19:19 . 2012-12-11 19:19 45056 ----a-r- c:\users\BlackLight\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe 2012-12-11 19:19 . 2012-12-11 19:19 45056 ----a-r- c:\users\BlackLight\AppData\Roaming\Microsoft\Installer\{373C3DAE-62C8-4F63-887C-769A8986ED50}\ARPPRODUCTICON.exe 2012-12-11 12:05 . 2012-12-11 12:05 81920 ------w- c:\windows\bwUnin-6.1.4.36-8876480L.exe 2012-12-07 13:20 . 2013-01-09 21:25 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 13:15 . 2013-01-09 21:25 2746368 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 12:26 . 2013-01-09 21:25 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 12:20 . 2013-01-09 21:25 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 11:20 . 2013-01-09 21:25 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 11:20 . 2013-01-09 21:25 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 11:20 . 2013-01-09 21:25 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 11:20 . 2013-01-09 21:25 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 11:20 . 2013-01-09 21:25 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 11:20 . 2013-01-09 21:25 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 11:20 . 2013-01-09 21:25 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 11:19 . 2013-01-09 21:25 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 11:19 . 2013-01-09 21:25 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 11:19 . 2013-01-09 21:25 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 11:19 . 2013-01-09 21:25 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 11:19 . 2013-01-09 21:25 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 11:19 . 2013-01-09 21:25 55296 ----a-w- c:\windows\system32\cero.rs . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-01-03 16:07 220632 ----a-w- c:\users\BlackLight\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-01-03 16:07 220632 ----a-w- c:\users\BlackLight\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-01-03 16:07 220632 ----a-w- c:\users\BlackLight\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "Browser Infrastructure Helper"="c:\users\BlackLight\AppData\Local\Smartbar\Application\QuickShare.exe" [2013-02-04 13824] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18708224] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-02-19 684024] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752] . c:\users\BlackLight\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ MCtlSvc.lnk - c:\program files (x86)\congstar\Internet-Manager\Bin\mcserver.exe [2012-12-30 60688] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [2011-08-19 122752] R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [2011-08-19 122752] R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [2011-08-19 122752] R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-08-19 12800] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-02-03 1838656] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys [2011-10-27 259688] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-15 40712] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-11 1255736] S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2009-12-15 16512] S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-08 161560] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2012-02-19 1134584] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-08 363800] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\DRIVERS\RT2860.sys [2011-11-18 3432000] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-01-17 675432] S3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys [2012-02-24 21264] . . Inhalt des "geplante Tasks" Ordners . 2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-15 13:19] . 2013-02-23 c:\windows\Tasks\HPCeeScheduleForBlackLight.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-01-03 16:07 244696 ----a-w- c:\users\BlackLight\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-01-03 16:07 244696 ----a-w- c:\users\BlackLight\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-01-03 16:07 244696 ----a-w- c:\users\BlackLight\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-13 6463592] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-19 44880] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://de.ask.com/?l=dis&o=15788 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = localhost TCP: DhcpNameServer = 192.168.3.1 FF - ProfilePath - c:\users\BlackLight\AppData\Roaming\Mozilla\Firefox\Profiles\y57gwj4e.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=d4951ad8-5c15-460c-9973-0e740681d1a2&searchtype=ds&installDate=01/01/1970&q= FF - prefs.js: network.proxy.ftp - 192.168.14.1 FF - prefs.js: network.proxy.ftp_port - 8001 FF - prefs.js: network.proxy.http - 192.168.14.1 FF - prefs.js: network.proxy.http_port - 8001 FF - prefs.js: network.proxy.socks - 192.168.14.1 FF - prefs.js: network.proxy.socks_port - 8001 FF - prefs.js: network.proxy.ssl - 192.168.14.1 FF - prefs.js: network.proxy.ssl_port - 8001 FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: 2013-02-04 16:22; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\BlackLight\AppData\Roaming\Mozilla\Firefox\Profiles\y57gwj4e.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-GT Interactive - Driver - c:\windows\IsUn0407.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\S-1-5-21-1541843390-3253037748-2459413601-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1541843390-3253037748-2459413601-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-02-27 19:11:47 ComboFix-quarantined-files.txt 2013-02-27 18:11 . Vor Suchlauf: 13 Verzeichnis(se), 384.118.525.952 Bytes frei Nach Suchlauf: 19 Verzeichnis(se), 383.629.164.544 Bytes frei . - - End Of File - - 04C124C62507F387B6E6BE4980687528 ohne probleme durchgelaufen |
27.02.2013, 19:17 | #10 |
/// Malware-holic | Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.02.2013, 19:58 | #11 |
| Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.27.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 BlackLight :: BLACKLIGHT-HP [Administrator] Schutz: Aktiviert 27.02.2013 19:21:11 mbam-log-2013-02-27 (19-21-11).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 340386 Laufzeit: 36 Minute(n), 15 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
27.02.2013, 20:02 | #12 |
/// Malware-holic | Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.02.2013, 20:21 | #13 |
| Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 27.02.2013 6,00MB 11.6.602.171 /notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 27.02.2013 6,00MB 11.6.602.171 /notwendig Adobe Shockwave Player 12.0 Adobe Systems, Inc. 26.02.2013 12.0.0.112 /notwendig Anno 1701 Sunflowers 07.12.2012 1.02 /notwendig (game) Black Mirror 2 dtp 07.12.2012 /notwendig (game) CCleaner Piriform 25.11.2012 3.25 /notwendig congstar Internet-Manager ZTE CORPORATION 30.12.2012 1.0.0.3 /notwendig GameShadow GameShadow Ltd 11.12.2012 18,5MB 2.03.0000 /weiß nicht ob notwendig GT Interactive - Driver 13.01.2013 /notwendig (game) HP Documentation Hewlett-Packard 15.03.2012 440MB 1.1.0.0 /notwendig HP Launch Box Hewlett-Packard Company 04.06.2012 2,38MB 1.1.5 /notwendig HP On Screen Display Hewlett-Packard Company 15.03.2012 1,48MB 1.3.5 /notwendig HP Power Manager Hewlett-Packard Company 04.06.2012 6,03MB 1.4.8 /notwendig HP Quick Launch Hewlett-Packard Company 15.03.2012 7,24MB 2.7.2 /notwendig HP Security Assistant Hewlett-Packard Company 15.03.2012 2,66MB 3.0.2 /notwendig HP Setup Hewlett-Packard Company 15.03.2012 50,9MB 9.1.15430.4033 /notwendig HP Software Framework Hewlett-Packard Company 07.12.2012 8,24MB 4.6.10.1 /notwendig HP Support Assistant Hewlett-Packard Company 26.01.2013 83,8MB 7.0.39.15 /notwendig ImgBurn LIGHTNING UK! 03.01.2013 2.5.7.0 /notwendig Intel(R) Control Center Intel Corporation 04.06.2012 1.2.1.1007 /denke notwendig Intel(R) Management Engine Components Intel Corporation 15.03.2012 8.0.2.1410 /denke notwendig Intel(R) OpenCL CPU Runtime Intel Corporation 04.06.2012 /denke notwendig Intel(R) Processor Graphics Intel Corporation 25.01.2013 9.17.10.2932 /denke notwendig Intel(R) Rapid Storage Technology Intel Corporation 04.06.2012 11.0.0.1032 /unbekannt Intel® Trusted Connect Service Client Intel Corporation 04.06.2012 10,6MB 1.23.605.1 /überfragt Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 27.02.2013 18,4MB 1.70.0.1100 /vermute notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 06.12.2012 38,8MB 4.0.30319 /notwendig Microsoft Security Essentials Microsoft Corporation 14.02.2013 4.2.223.1 /notwendig Microsoft SkyDrive Microsoft Corporation 03.01.2013 25,1MB 16.4.6013.0910 /unsicher ob notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 15.03.2012 1,69MB 3.1.0000 /notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06.12.2012 300KB 8.0.61001 /notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 15.03.2012 788KB 9.0.30729 /notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 04.06.2012 788KB 9.0.30729.4148 /notwendig Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 06.12.2012 788KB 9.0.30729.6161 /notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 15.12.2012 234KB 9.0.30729 /notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 09.12.2012 238KB 9.0.30729 /notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 04.06.2012 596KB 9.0.30729.4148 /notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 06.12.2012 600KB 9.0.30729.6161 /notwendig Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 06.12.2012 12,3MB 10.0.30319 /notwendig Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Corporation 06.12.2012 9,90MB 10.0.30319 /notwendig Mozilla Firefox 19.0 (x86 de) Mozilla 20.02.2013 43,6MB 19.0 /notwendig Mozilla Maintenance Service Mozilla 20.02.2013 330KB 19.0 /notwendig NVIDIA PhysX NVIDIA Corporation 15.12.2012 78,9MB 9.10.0513 /notwendig bzw. unsicher OpenOffice.org 3.4.1 Apache Software Foundation 06.12.2012 331MB 3.41.9593 /notwendig PDF Complete Corporate Edition PDF Complete, Inc 04.06.2012 4.0.87 /notwendig QuickShare Linkury Inc. 06.02.2013 19,4MB 1.6.1.795 /nicht notwendig /unbekannt Ralink RT5390R 802.11b/g/n 1x1 Wi-Fi Adapter Ralink 15.02.2013 3.02.03.0 /notwendig Realtek Ethernet Controller Driver Realtek 04.06.2012 7.51.116.2012 /notwendig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 04.06.2012 6.0.1.6577 /notwendig Realtek PCIE Card Reader Realtek Semiconductor Corp. 04.06.2012 6.1.7601.29005 /notwendig Silent Hunter 4 Wolves of the Pacific Ubisoft 11.12.2012 1.04.0000 /notwendig Skype™ 6.1 Skype Technologies S.A. 10.02.2013 21,1MB 6.1.129 /notwendig Synaptics Pointing Device Driver Synaptics Incorporated 04.06.2012 46,4MB 16.0.1.0 /notwendig TeamSpeak 3 Client TeamSpeak Systems GmbH 02.02.2013 3.0.6 /notwendig VirtualCloneDrive Elaborate Bytes 11.12.2012 /notwendig VLC media player 2.0.4 VideoLAN 06.12.2012 2.0.4 /notwendig Winamp Nullsoft, Inc 13.01.2013 5.63 /notwendig Winamp Erkennungs-Plug-in Nullsoft, Inc 13.01.2013 75,0KB 1.0.0.1 /notwendig Windows Live Essentials Microsoft Corporation 03.01.2013 16.4.3505.0912 /notwendig WinRAR 4.20 (64-Bit) win.rar GmbH 06.12.2012 4.20.0 /notwendig WinZip 16.0 WinZip Computing, S.L. 15.03.2012 75,8MB 16.0.9715 / notwendig World of Tanks version 8.1 Wargaming 11.12.2012 8,33GB 8.1 / nicht notwendig lässt sich nicht deinstallieren |
27.02.2013, 20:47 | #14 |
/// Malware-holic | Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. deinstaliere: QuickShare World of Revo Uninstaller - Download - Filepony mit Rewo deinstalieren. Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.02.2013, 14:21 | #15 |
| Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.113 - Datei am 28/02/2013 um 14:17:39 erstellt # Aktualisiert am 23/02/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : BlackLight - BLACKLIGHT-HP # Bootmodus : Normal # Ausgeführt unter : C:\Users\BlackLight\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\BlackLight\AppData\Roaming\Mozilla\Firefox\Profiles\y57gwj4e.default\searchplugins\Askcom.xml Datei Gelöscht : C:\Users\BlackLight\AppData\Roaming\Mozilla\Firefox\Profiles\y57gwj4e.default\searchplugins\Web Search.xml Ordner Gelöscht : C:\Users\BlackLight\AppData\Roaming\OpenCandy ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Schlüssel Gelöscht : HKCU\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16464 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://de.ask.com/?l=dis&o=15788 --> hxxp://www.google.com -\\ Mozilla Firefox v19.0 (de) Datei : C:\Users\BlackLight\AppData\Roaming\Mozilla\Firefox\Profiles\y57gwj4e.default\prefs.js Gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=d4[...] Gelöscht : user_pref("browser.search.order.1", "Ask.com"); Gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false); Gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); Gelöscht : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=QuickOC&dpid=QuickOC&co=DE&userid=d4951ad8-[...] ************************* AdwCleaner[S1].txt - [3342 octets] - [28/02/2013 14:17:39] ########## EOF - C:\AdwCleaner[S1].txt - [3402 octets] ########## muhahaha... ist weg momentan ^^ und sorry das ich gestern nicht weiter gemacht hab... musste schlafen ^^ |
Themen zu Hi an alle! Habe seit einigen tagen das isearch.babylon.com/?affID=113131& problem... |
finger, firefox, home, mozilla, mozilla firefox, neue, neuen, problem, spring, springt, start, tagen, taste, verbunden, version, öffnen |