|
Plagegeister aller Art und deren Bekämpfung: Delta Search entfernen - Anfrage auf ÜberprüfungWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
16.05.2013, 12:14 | #1 |
| Delta Search entfernen - Anfrage auf Überprüfung Hallöchen. Ich bin auf der Suche nach einem Weg DeltaSearch zu entfernen in diesem Forum gelandet. Nach einigem Lesen, habe ich mich entschieden, die Schritte von ryder in den Postings TomTailer (http://www.trojaner-board.de/131086-...-loeschen.html), sowie Tweety007 (http://www.trojaner-board.de/131450-...entfernen.html)durchzuführen, da sie mir durchaus logisch erschienen. Es hat allem Anschein nach auch gut funktioniert. Nun wollte ich fragen, ob jemand die Muse hat (wie bei den anderen Beiden), die zwei Files, die mittels DDS erstellt wurden durchzusehen? Bei positiver Rückmeldung würde ich mich freuen und die Files asap dann hier posten. @ryder: Vielen Dank für die Anleitung. So etwas Perfektes und Verständliches habe ich selten erlebt. Vielen Dank im Voraus Tensid |
16.05.2013, 14:49 | #2 |
/// Helfer-Team | Delta Search entfernen - Anfrage auf ÜberprüfungSystemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
16.05.2013, 16:38 | #3 |
| Delta Search entfernen - Anfrage auf Überprüfung Hallo,
__________________so ich hoffe mal, dass ich alles richtig gemacht habe. OTL.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.05.2013 17:05:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tensid\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 62,20% Memory free 7,74 Gb Paging File | 5,92 Gb Available in Paging File | 76,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 333,00 Gb Total Space | 214,05 Gb Free Space | 64,28% Space Free | Partition Type: NTFS Drive D: | 1064,17 Gb Total Space | 95,04 Gb Free Space | 8,93% Space Free | Partition Type: NTFS Computer Name: HEINZ-BECKER | User Name: tensid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\tensid\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll () MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll () MOD - C:\Program Files (x86)\Win7codecs\filters\ffdshow.ax () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories) DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (MTSBDA) -- C:\Windows\SysNative\drivers\MtsBda.sys (TechniSat Provide) DRV:64bit: - (MtsHID) -- C:\Windows\SysNative\drivers\MtsHID.sys (TechniSat Provide) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 B1 95 E1 72 BC CA 01 [binary data] IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: 2020Player%402020Technologies.com:5.0.4.0 FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.7.0 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0 FF - prefs.js..extensions.enabledItems: 2020Player_IKEA@2020Technologies.com:5.0.7.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.26 19:21:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.06 02:49:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.03.20 13:31:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.26 19:21:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.06 02:49:23 | 000,000,000 | ---D | M] [2010.04.16 12:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tensid\AppData\Roaming\mozilla\Extensions [2010.04.16 12:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tensid\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.05.16 11:34:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tensid\AppData\Roaming\mozilla\Firefox\Profiles\xbg6c7ta.default\extensions [2013.02.24 21:45:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\tensid\AppData\Roaming\mozilla\Firefox\Profiles\xbg6c7ta.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.25 16:12:44 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\tensid\AppData\Roaming\mozilla\Firefox\Profiles\xbg6c7ta.default\extensions\2020Player@2020Technologies.com [2011.06.25 11:25:00 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\tensid\AppData\Roaming\mozilla\Firefox\Profiles\xbg6c7ta.default\extensions\2020Player_IKEA@2020Technologies.com [2013.05.02 11:15:27 | 000,006,471 | ---- | M] () -- C:\Users\tensid\AppData\Roaming\mozilla\firefox\profiles\xbg6c7ta.default\searchplugins\babylon.xml [2012.06.07 22:02:21 | 000,002,342 | ---- | M] () -- C:\Users\tensid\AppData\Roaming\mozilla\firefox\profiles\xbg6c7ta.default\searchplugins\icq-search.xml [2013.03.10 21:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.26 19:21:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.07.22 19:29:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.14 12:48:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.22 19:29:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.22 19:29:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.22 19:29:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.22 19:29:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-348389179-1454518360-288330992-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-348389179-1454518360-288330992-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-348389179-1454518360-288330992-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-348389179-1454518360-288330992-1000..\Run: [Screenpresso] C:\Users\tensid\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe (Learnpulse) O4 - HKU\S-1-5-21-348389179-1454518360-288330992-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D5D40B3-DD69-4611-8C0B-53EA867D7C0D}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{243AC630-F712-46EB-90A1-4E68C39ECB97}: DhcpNameServer = 139.7.30.126 139.7.30.125 O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{085f84ab-1ffc-11e0-842a-001f1f691263}\Shell - "" = AutoRun O33 - MountPoints2\{085f84ab-1ffc-11e0-842a-001f1f691263}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{085f854e-1ffc-11e0-842a-001f1f691263}\Shell - "" = AutoRun O33 - MountPoints2\{085f854e-1ffc-11e0-842a-001f1f691263}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{3e303c97-642b-11df-8b9f-6cf049720083}\Shell - "" = AutoRun O33 - MountPoints2\{3e303c97-642b-11df-8b9f-6cf049720083}\Shell\AutoRun\command - "" = L:\autorun.exe O33 - MountPoints2\{3e303c97-642b-11df-8b9f-6cf049720083}\Shell\install\command - "" = L:\autorun.exe O33 - MountPoints2\{8b8e56cc-2577-11e0-89de-6cf049720083}\Shell - "" = AutoRun O33 - MountPoints2\{8b8e56cc-2577-11e0-89de-6cf049720083}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.16 16:55:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tensid\Desktop\OTL.exe [2013.05.15 20:52:14 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.15 20:52:14 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.15 20:52:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.15 20:52:13 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.15 20:52:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.15 20:52:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.15 20:52:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.15 20:52:13 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.15 20:52:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.15 20:52:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.15 20:52:12 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.15 20:52:12 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.15 20:52:11 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.15 20:52:11 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.15 20:52:10 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.15 12:44:28 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 12:44:28 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 12:44:14 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 12:44:14 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 12:44:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 12:44:14 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.15 12:44:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.02 11:20:49 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.23 00:13:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.04.20 09:33:07 | 000,000,000 | ---D | C] -- C:\Users\tensid\Documents\ANNO 2070 ========== Files - Modified Within 30 Days ========== [2013.05.16 16:55:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tensid\Desktop\OTL.exe [2013.05.16 16:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.16 13:28:01 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.16 13:28:01 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.16 13:20:16 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2013.05.16 13:20:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.16 13:19:56 | 3117,010,944 | -HS- | M] () -- C:\hiberfil.sys [2013.05.16 11:42:09 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.05.15 23:25:28 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.15 23:25:28 | 000,656,044 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.15 23:25:28 | 000,616,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.15 23:25:28 | 000,130,676 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.15 23:25:28 | 000,106,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.15 21:28:52 | 000,290,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.15 12:42:16 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.15 12:42:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.02 11:20:38 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys ========== Files Created - No Company Name ========== [2013.05.16 11:42:02 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.04.06 03:45:05 | 000,000,791 | ---- | C] () -- C:\Users\tensid\AppData\Roaming\MPQEditor.ini [2013.03.31 19:33:17 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2012.12.28 01:15:53 | 000,000,901 | ---- | C] () -- C:\Users\tensid\.recently-used.xbel [2012.06.29 17:18:01 | 000,000,264 | ---- | C] () -- C:\Windows\_delis32.ini [2011.11.11 22:26:11 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.07.27 23:38:55 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat [2011.01.21 18:20:44 | 000,000,355 | ---- | C] () -- C:\Users\tensid\Computer - Verknüpfung.lnk [2010.06.04 20:59:32 | 000,017,408 | ---- | C] () -- C:\Users\tensid\AppData\Local\WebpageIcons.db [2010.05.03 00:52:42 | 000,007,680 | ---- | C] () -- C:\Users\tensid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > [/CODE] Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.05.2013 17:05:05 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tensid\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 62,20% Memory free 7,74 Gb Paging File | 5,92 Gb Available in Paging File | 76,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 333,00 Gb Total Space | 214,05 Gb Free Space | 64,28% Space Free | Partition Type: NTFS Drive D: | 1064,17 Gb Total Space | 95,04 Gb Free Space | 8,93% Space Free | Partition Type: NTFS Computer Name: HEINZ-BECKER | User Name: tensid | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-348389179-1454518360-288330992-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0F244514-0DF9-4DD6-87BA-03A035DBF074}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1357231A-0971-4BB7-A307-3B24A0EF21A6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2F9C81B6-AD41-41C6-941E-397A87D63723}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4DB2600D-EEB9-434C-809B-A186261F4A08}" = lport=2869 | protocol=6 | dir=in | app=system | "{50CE58FB-2127-4315-8539-F82608436E44}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | "{52659CAD-7201-4804-98CE-D4D7094DC9EE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5F203FC2-37B1-4E8E-96A9-A3D8B3BC33D8}" = rport=139 | protocol=6 | dir=out | app=system | "{647F44F9-109B-4552-ACDC-9B44F8FA87E8}" = rport=445 | protocol=6 | dir=out | app=system | "{6BA1BF77-663D-45B3-84F1-F71FD0B06165}" = lport=445 | protocol=6 | dir=in | app=system | "{6FD3B2BB-1F2C-4197-B554-D9C93D1FCC7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{736A2831-2E30-4531-AC8C-946AA83B8D2D}" = lport=137 | protocol=17 | dir=in | app=system | "{748B383F-DC2C-4EFE-9391-F308700E2DEC}" = rport=137 | protocol=17 | dir=out | app=system | "{7636B6FC-6B59-4DD9-9078-7B43EE6F674A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{79AC7EEB-2FB4-4C89-B446-F669F7B696AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{84B83FEB-7CE1-4BF7-8B99-2BC771B2FDC4}" = lport=10243 | protocol=6 | dir=in | app=system | "{876E5091-B772-448C-A0C9-326CE230BCE4}" = rport=138 | protocol=17 | dir=out | app=system | "{882D58A6-11E2-4B75-98E7-3DEA2027A039}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9D808E1E-9EEC-45EF-8C7B-318D09800DC5}" = rport=10243 | protocol=6 | dir=out | app=system | "{ACAEB78A-F9EC-4F33-959A-F795DACD76A1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C0679392-0D7F-45D1-BFB1-86802A4994FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{CBF73074-A882-4DEF-90DD-692594BBBDAE}" = lport=138 | protocol=17 | dir=in | app=system | "{F7735A69-4335-4591-B12E-F018C1C5B7BF}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{013265B3-C96B-4FFA-B3AC-5BF395E0E216}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{03301C1D-0D3E-451B-B305-8D3DF396AEFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{039CA51D-FAEE-47CC-904D-306423821816}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{0409E363-7C32-4B2A-A2A7-B421DC2C7415}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{045B9A84-8DD5-4F85-9907-4374E0FBE8D5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{07D0329A-8D55-45D2-8115-9B8D24A17F4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{09892CB3-4C96-440F-9459-FAB4BD18C39C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | "{0F7A53A9-DF06-404B-B640-E3AA654CF41A}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | "{12C09456-1327-4BD3-87B1-A5B94D8CAB9F}" = protocol=6 | dir=in | app=d:\spiele\anno1404\tools\anno4web.exe | "{136AFA3B-159C-418A-95B0-CB4AEDD6E7E3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | "{16BC7C45-52D8-4D83-8909-373ACECE4DBB}" = protocol=17 | dir=in | app=c:\users\tensid\appdata\local\temp\blizzard installer bootstrap - 002dca22\installer.exe | "{173ED441-23E5-4DD3-9239-49C93AEFF2EF}" = protocol=6 | dir=in | app=d:\spiele\anno 2070\initengine.exe | "{19B6DAE1-B9F5-4556-9EBD-F19F837709A4}" = protocol=17 | dir=in | app=d:\spiele\anno1404\tools\addonweb.exe | "{1E599428-8C9E-41B6-8F28-43671DB60DB9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | "{1FE2DA9D-5BCD-40C3-81B5-ADB82470CABC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{252FB0F5-0C16-4CFE-9FA2-0D28875BDD13}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{2530A990-22FC-4737-86E2-742806818C3D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{30AA0E23-9E21-4EA0-B4DD-099765738957}" = protocol=17 | dir=in | app=d:\spiele\anno 2070\autopatcher.exe | "{30C431C9-8390-4453-B4D5-DA1492F8C263}" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | "{35D1A615-2571-402A-93A5-23488BCA6BDD}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | "{35F273FA-E2C4-42A8-A728-3F92E02C83C6}" = protocol=6 | dir=out | app=system | "{3A15FB86-A694-43A9-B6AC-C38FF7B3AA15}" = protocol=6 | dir=in | app=d:\spiele\anno1404\anno4.exe | "{3BA1ADA1-4EEC-4946-A3C1-42F78F0B8189}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.exe | "{3D273686-B208-485B-889B-78AAEB135422}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft-1\launcher.patch.exe | "{3EFEC155-065C-4200-8B46-F3BA5A270A17}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | "{3F31AB1C-DE3C-477F-9A35-708C5BC8E961}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft-1\launcher.exe | "{4201AEFF-A841-4A21-905C-F6957C699DEA}" = protocol=17 | dir=in | app=d:\spiele\anno1404\tools\anno4web.exe | "{423BD0A7-56EB-4609-8705-012BF37EDDD8}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft-1\launcher.exe | "{4CB81775-ED78-41D2-978B-39FC079364D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4D529235-12D5-4501-B5E9-9789700D7BBF}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe | "{5078BA80-1BB6-4814-8ECF-1A5338332161}" = protocol=17 | dir=in | app=d:\spiele\anno1404\addon.exe | "{51163828-3FA6-4924-9831-3DAD4BEE9E5E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{5239D00C-8762-4C30-A12A-0BF223858EED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{524B0914-51BA-4270-81E0-6F770BECC235}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | "{5CA82EEE-EB8A-4F9E-B76D-444190438076}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{5FC73385-6704-4601-B847-5B53FF1D7656}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{62005117-1E74-4F61-BE6C-5B57AED3834F}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe | "{640F6BD6-BB3D-485A-AC7C-C9A45DE345D2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | "{68C61E0A-D285-4938-A066-82CBCF26EAD5}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.exe | "{6B3B9958-91E3-4A1F-A1B4-762BC3703629}" = protocol=17 | dir=in | app=c:\users\tensid\appdata\local\temp\blizzard installer bootstrap - 0051df77\installer.exe | "{6C46D8EC-A28C-4D1C-84D2-7D054E6F526B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{6D429602-990E-4239-918C-03D334EBC39F}" = protocol=17 | dir=in | app=d:\spiele\anno 2070\initengine.exe | "{71DE217D-33E7-4327-88B1-3D81720494F4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{7D804AC4-72CB-4428-B786-931BF349A387}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{7D88128B-2F9E-4DDF-BFCD-025B202319D4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{86E51CC2-FAC7-4AE9-9D73-8422296676E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{8BBDE5BF-C9B8-40E3-A348-75C05EEE95D6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{90C92AA4-BC89-42D6-9CE8-C8FC207ED29F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{919A5CC1-08C4-49A9-8C1E-1C4FE37103A4}" = protocol=6 | dir=in | app=d:\spiele\anno1404\tools\addonweb.exe | "{941686AD-1BE7-41BA-AC7E-C4CE76726907}" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\starcraft ii public test.exe | "{97C75407-22AC-4CBC-911C-013DEADDD944}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "{9BB00CEB-58F9-4980-B146-E460B3D6CFAF}" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | "{9E2793E1-51E9-4738-AFD6-0533A13EAB59}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft-1\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{9FAD5CFC-9774-4ED5-B8CB-66BDEB370735}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A03AC367-B12F-4E53-977D-AB80669C21D4}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.patch.exe | "{A834F352-19A6-4679-AD9F-13E43014616E}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fearmp.exe | "{A902D81B-9B68-4FC5-9D8D-2D4F8BCAD336}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | "{B0E1E239-EAB1-4A06-BED6-BAA60E2245E4}" = protocol=6 | dir=in | app=d:\spiele\anno 2070\autopatcher.exe | "{B19BB5A1-4EA1-40BE-A9E6-43C3B157D351}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fearmp.exe | "{B2C17B1E-4BDB-4D76-B6AA-41068C383FD5}" = protocol=17 | dir=in | app=d:\spiele\anno1404\anno4.exe | "{B3474229-804F-4143-972B-9FC06DB4A923}" = protocol=6 | dir=in | app=c:\users\tensid\appdata\local\temp\blizzard installer bootstrap - 002dca22\installer.exe | "{B53A1BAA-2976-4431-A9D2-EF526E95C990}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.patch.exe | "{C0387C96-1E79-4DBA-9B31-9C88A3340401}" = protocol=17 | dir=in | app=d:\spiele\anno 2070\anno5.exe | "{C41E28E3-6AAC-4951-A388-CBBF2A76AE9C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{CB0123AA-9578-4736-A80D-8B4B6C7D9195}" = protocol=6 | dir=in | app=d:\spiele\anno1404\addon.exe | "{CD5FE71C-F68F-43B0-85B3-43A690CD4AD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CDB5E034-6D84-40F5-B2E7-11F00FE27159}" = protocol=6 | dir=in | app=d:\spiele\anno 2070\anno5.exe | "{D6FADE10-DFE7-4B54-8FBB-1A3F363DF4A3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{D92920B7-CF6C-46B3-A918-8C33CA0DA6A7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{DA3D1AD0-966F-4441-99E2-5D5307F8EC82}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{DE5701B8-F090-445F-923B-0DD87D867EF7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E2BFD8C8-0A34-4808-8E34-1CBBF214B1A1}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | "{E4DD1D34-C377-447E-8132-F22B7F94A0C8}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft-1\launcher.patch.exe | "{E83C1EAA-49E1-4B37-9D5F-BD975C69E705}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EB83F94C-91BA-4E66-8153-71B73F28B606}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EDBE3C2F-764F-4B91-B53E-4C6F4B7B90D7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{EE734307-1BCD-461D-9BB5-65EE1E55C967}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft-1\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | "{EFA69A0E-E15B-4C52-8A33-2D8317FF4A69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F40ADBBD-FE97-4571-8830-955EEB66174B}" = protocol=6 | dir=in | app=c:\users\tensid\appdata\local\temp\blizzard installer bootstrap - 0051df77\installer.exe | "{F66CD7B0-6FEA-466F-9978-1F22C5AF9D6B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{F91E6C72-16F0-4541-9478-2EBCBF207307}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | "{FA31A781-126A-400C-BC24-7520EE13ED17}" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | "{FAE66FDC-7AE0-4834-AB7F-3810C7D4A0BC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{FB820FAE-D7B2-40B1-86F0-8D242C6B50A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FC88FE80-167E-4D59-AF5C-4FB0B3BCA8AB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "{FCAB827A-B91A-4D4C-B8F7-FE6D38924E9B}" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | "{FF458653-A54A-4617-94D8-E908C907D1B3}" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\starcraft ii public test.exe | "TCP Query User{06B8ACAA-DECB-434C-9D94-DAD9EA9594DA}D:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | "TCP Query User{06E5EA2F-3028-42B9-9771-2AA1402BFAD8}C:\program files (x86)\mirandafusion\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe | "TCP Query User{1334E80E-257A-43E7-8622-A6AE5538DC2C}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | "TCP Query User{201DBC2E-3E76-42FC-ABB8-E4691DC2661E}D:\spiele\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | "TCP Query User{20F353B8-FC4A-45DE-AC2E-149839D00D68}D:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | "TCP Query User{35C7C592-43D0-4676-961B-35F408457ACD}D:\spiele\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\versions\base24944\sc2.exe | "TCP Query User{3D78F7B3-8A03-45D7-BA6F-A32D8593A40D}D:\spiele\heroes of might and magic v\heroes of might and magic v\bin\h5_game.exe" = protocol=6 | dir=in | app=d:\spiele\heroes of might and magic v\heroes of might and magic v\bin\h5_game.exe | "TCP Query User{4C5279E1-8D75-4C96-BBEC-3E8DD9541D1C}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | "TCP Query User{4EB05021-4230-4B47-94F4-A0CB05794F50}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | "TCP Query User{5C0C2796-9791-495D-B4B1-F3D40DEA7F3B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{6A56AC66-1BBB-4CB4-A16F-35C43CB69D93}C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe | "TCP Query User{6C75FB27-E53C-434D-83C9-EDDCC684E4E2}D:\spiele\world of warcraft\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\blizzard downloader.exe | "TCP Query User{75966520-C625-4478-AEAA-636A749958B9}D:\spiele\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | "TCP Query User{79878E62-8200-4DD9-B8B3-B6EDAF7525CD}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "TCP Query User{8477CCF6-1797-4FF1-8034-A5E4CF536D1D}D:\spiele\catan\catan.exe" = protocol=6 | dir=in | app=d:\spiele\catan\catan.exe | "TCP Query User{9EE844F8-0585-4A27-B027-999E80C9E95A}D:\spiele\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\blizzard downloader.exe | "TCP Query User{A2B4837C-A994-4D6D-AAAD-82DAEA3EAE75}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "TCP Query User{BB6B9025-D078-4E4F-8992-4A3206CB7B40}C:\users\tensid\downloads\miranda_im_3_0_beta_6\miranda32.exe" = protocol=6 | dir=in | app=c:\users\tensid\downloads\miranda_im_3_0_beta_6\miranda32.exe | "TCP Query User{C36042B9-1EE0-403D-BF97-121EBF5C413D}C:\program files (x86)\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "TCP Query User{CA760DDD-9F4C-4C05-BC97-E9528F3F8F80}D:\spiele\world of warcraft\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.exe | "TCP Query User{D6B07FC0-10B8-441C-98BC-4BCC5CFC1F0D}D:\spiele\anno1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\spiele\anno1404\tools\addonweb.exe | "TCP Query User{D6F5CC5E-E737-4C48-AB60-602C11D047D4}D:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | "TCP Query User{E075E3EF-CB25-4745-B1FC-EE9C70ECC0D0}D:\spiele\world of warcraft\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.patch.exe | "TCP Query User{E90B594E-F7CA-467A-B094-0BBE5BE07D6C}D:\spiele\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=d:\spiele\titan quest immortal throne\tqit.exe | "TCP Query User{EEC55E74-00BE-4B05-B2BD-63033AEA44BC}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | "TCP Query User{F10562B4-D292-47F4-9B84-6D2CC3E11CA9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{F60B115C-2982-4CBC-9739-98C884183056}D:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | "TCP Query User{F82D53E7-A070-4B17-AECD-9CF8D6246416}D:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\versions\base15405\sc2.exe | "TCP Query User{F9EBE2F4-337D-41E1-ACA8-EC83F4052FC0}D:\spiele\world of warcraft\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\backgrounddownloader.exe | "UDP Query User{030DA205-FECC-437E-9A09-F7698757785E}D:\spiele\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\blizzard downloader.exe | "UDP Query User{07E31B5A-B370-46E5-9716-7F394C8C4C87}D:\spiele\catan\catan.exe" = protocol=17 | dir=in | app=d:\spiele\catan\catan.exe | "UDP Query User{0DD37EF9-A202-4998-99A0-CDF46294B63E}D:\spiele\heroes of might and magic v\heroes of might and magic v\bin\h5_game.exe" = protocol=17 | dir=in | app=d:\spiele\heroes of might and magic v\heroes of might and magic v\bin\h5_game.exe | "UDP Query User{0E15B4E5-5FF2-446E-94A2-F339E5631B36}D:\spiele\world of warcraft\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.patch.exe | "UDP Query User{20AC0A66-16F0-45BA-8AB1-5D25C8655D77}D:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | "UDP Query User{274BAF9B-7BF3-45F8-9576-BE842B722E27}D:\spiele\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\versions\base24944\sc2.exe | "UDP Query User{2C5F6813-DF6C-414D-A20D-B28E2433088A}D:\spiele\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | "UDP Query User{341DEE34-BF4B-4046-90FC-E9B54DBD8BBE}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | "UDP Query User{390747A6-BD35-48EF-B651-554AB2E237F3}D:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\versions\base15405\sc2.exe | "UDP Query User{51C7F07A-A822-461D-A39F-723DE0FF60FA}C:\program files (x86)\mirandafusion\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe | "UDP Query User{557E06A5-CDEE-425D-AAFF-1FD5B05F277A}D:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | "UDP Query User{60733FD6-1C55-4443-BD12-33C54CBD6AAC}D:\spiele\world of warcraft\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\blizzard downloader.exe | "UDP Query User{60F70BF1-BF84-4216-9D87-F84FF2D9D522}D:\spiele\world of warcraft\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.exe | "UDP Query User{6BB33F8A-E0C2-4770-A304-D1F528F0E8FD}D:\spiele\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=d:\spiele\titan quest immortal throne\tqit.exe | "UDP Query User{78E03DF6-B9CD-4269-8BFF-D599D5C4D1CC}D:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | "UDP Query User{7BD22B4C-3DEF-48DE-8EE0-1EBADB3039E3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{7D305CB5-33A8-46A1-BB57-20966EA281A1}D:\spiele\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | "UDP Query User{831849B4-E7C9-4928-A43E-64E1F9057142}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | "UDP Query User{85454250-3D65-47A8-BFBF-FECC5DCFE368}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{A7F468A8-CFBA-473E-B06D-FD2518FF3599}C:\users\tensid\downloads\miranda_im_3_0_beta_6\miranda32.exe" = protocol=17 | dir=in | app=c:\users\tensid\downloads\miranda_im_3_0_beta_6\miranda32.exe | "UDP Query User{AA096B11-8789-464F-87D8-EB2AF0766B82}C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe | "UDP Query User{AC38D476-8221-42C4-8DAF-2A3A62661552}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | "UDP Query User{B654BE87-A277-49DA-884D-3266C9165C5B}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "UDP Query User{B6E045E0-240C-4E6E-A7A2-2B1FD4F60734}C:\program files (x86)\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | "UDP Query User{D2C9DF56-D460-4769-9379-3640C5E51EF3}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "UDP Query User{DA5D3C28-58BD-4A01-9227-5FA836DB9D21}D:\spiele\anno1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\spiele\anno1404\tools\addonweb.exe | "UDP Query User{E20EDC3B-E320-476A-A511-58FDBEFCD713}D:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | "UDP Query User{EC18C231-1BED-47CA-AF0F-5045472E6E73}D:\spiele\world of warcraft\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\backgrounddownloader.exe | "UDP Query User{EF321A2D-98A5-424F-B3DE-6BD5E148A681}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback "{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding "{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding "{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition "{10209B87-55D6-493E-A30A-12A265AA324E}" = TQ Defiler "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V "{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2 "{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zoodirektor-Sammlung "{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR "{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static "{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest "{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE "{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate "{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East "{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI "{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M "{793FCE60-DE5E-4977-A942-A7B69A45B17D}" = MainConcept DTV Decoder Pro "{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista "{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7 "{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070 "{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne "{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoPlus "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FC1C2427-5954-451C-9ED8-A92D48ED7E07}" = CSI-Eindeutige Beweise "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Catan" = Catan - Die erste Insel "C-Control Pro_is1" = C-Control Pro 1.99 "CSI - Deadly Intent" = CSI - Deadly Intent "CSI - Tödliche Verschwörung" = CSI - Tödliche Verschwörung "CSI-Mord in 3 Dimensionen" = CSI-Mord in 3 Dimensionen 1.0 "Die Gilde Gold-Edition" = Die Gilde Gold-Edition "DVD Shrink_is1" = DVD Shrink 3.2 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320 "InstallShield_{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zoodirektor-Sammlung "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "Mozilla Thunderbird (3.0.11)" = Mozilla Thunderbird (3.0.11) "MozillaMaintenanceService" = Mozilla Maintenance Service "Orbit_is1" = Orbit Downloader "Return to Castle Wolfenstein" = Return to Castle Wolfenstein "S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0004] "SpellForce" = SpellForce "StarCraft II" = StarCraft II "Steam App 22380" = Fallout: New Vegas "Tales of Monkey Island" = Tales of Monkey Island "TheGuild2" = Die Gilde 2 "Thief22DeinstallKey" = Dark Project 2 "Totalcmd" = Total Commander (Remove or Repair) "Tropico3" = Tropico 3 1.00 "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.0.5 "Winamp" = Winamp "WinGimp-2.0_is1" = GIMP 2.6.8 "WinRAR archiver" = WinRAR "World of Warcraft" = World of Warcraft ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-348389179-1454518360-288330992-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Screenpresso" = Screenpresso "Tropico 4" = Tropico 4 1.00 "Winamp Detect" = Winamp Erkennungs-Plug-in "World of Warcraft Trial" = Probeversion von World of Warcraft ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 02.04.2013 16:10:18 | Computer Name = heinz-becker | Source = Application Hang | ID = 1002 Description = Programm SC2.exe, Version 2.0.6.25180 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 7e4 Startzeit: 01ce2fdb0d47daa2 Endzeit: 90 Anwendungspfad: D:\Spiele\StarCraft II\Versions\Base24944\SC2.exe Berichts-ID: Error - 02.04.2013 16:34:59 | Computer Name = heinz-becker | Source = Application Hang | ID = 1002 Description = Programm SC2.exe, Version 2.0.6.25180 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: fb4 Startzeit: 01ce2fde2b677463 Endzeit: 60 Anwendungspfad: D:\Spiele\StarCraft II\Versions\Base24944\SC2.exe Berichts-ID: Error - 03.04.2013 07:16:20 | Computer Name = heinz-becker | Source = Microsoft-Windows-Defrag | ID = 257 Description = Error - 05.04.2013 07:47:19 | Computer Name = heinz-becker | Source = Microsoft-Windows-Defrag | ID = 257 Description = Error - 12.04.2013 10:49:38 | Computer Name = heinz-becker | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 7.8.0.6800, Zeitstempel: 0x4f9e81cc Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96f Ausnahmecode: 0xc0000096 Fehleroffset: 0x000485fe ID des fehlerhaften Prozesses: 0x964 Startzeit der fehlerhaften Anwendung: 0x01ce378cddc99dc9 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ICQ7M\ICQ.exe Pfad des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll Berichtskennung: 32cc3aac-a380-11e2-ba50-6cf049720083 Error - 12.04.2013 10:49:38 | Computer Name = heinz-becker | Source = Application Error | ID = 1005 Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden: Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten Speichertreibern, oder der Datenträger fehlt. Das Programm ICQ wurde wegen dieses Fehlers geschlossen. Programm: ICQ Datei: Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet. Benutzeraktion 1. Öffnen Sie die Datei erneut. Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird. 2. Wenn Sie weiterhin nicht auf die Datei zugreifen können und - diese sich im Netzwerk befindet, dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann. - diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist. 3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE. 4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht. 5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt. Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt. Zusätzliche Daten Fehlerwert: 00000000 Datenträgertyp: 0 Error - 29.04.2013 10:08:25 | Computer Name = heinz-becker | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Uplay.exe, Version: 0.0.0.0, Zeitstempel: 0x5165852c Name des fehlerhaften Moduls: npuplaypchub.dll, Version: 1.0.0.1, Zeitstempel: 0x51658483 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00009a40 ID des fehlerhaften Prozesses: 0xff4 Startzeit der fehlerhaften Anwendung: 0x01ce44d1dffa8062 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll Berichtskennung: 41bc7593-b0d6-11e2-9077-6cf049720083 Error - 14.05.2013 05:12:19 | Computer Name = heinz-becker | Source = Application Hang | ID = 1002 Description = Programm ICQ.exe, Version 7.8.0.6800 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 818 Startzeit: 01ce50827c9bc360 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\ICQ7M\ICQ.exe Berichts-ID: 4ed15945-bc76-11e2-8d58-6cf049720083 Error - 14.05.2013 10:32:47 | Computer Name = heinz-becker | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847, Zeitstempel: 0x51650aee Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847, Zeitstempel: 0x51650a09 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b10e8 ID des fehlerhaften Prozesses: 0xaac Startzeit der fehlerhaften Anwendung: 0x01ce50af9fe68d2f Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung: 253e37fb-bca3-11e2-b146-6cf049720083 Error - 15.05.2013 06:32:31 | Computer Name = heinz-becker | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 20.0.1.4847 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1390 Startzeit: 01ce51570dede1d0 Endzeit: 45 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: b491834f-bd4a-11e2-a644-6cf049720083 [ Media Center Events ] Error - 08.06.2010 13:36:16 | Computer Name = heinz-becker | Source = MCUpdate | ID = 0 Description = 19:36:16 - Fehler beim Herstellen der Internetverbindung. 19:36:16 - Serververbindung konnte nicht hergestellt werden.. Error - 08.06.2010 13:36:25 | Computer Name = heinz-becker | Source = MCUpdate | ID = 0 Description = 19:36:21 - Fehler beim Herstellen der Internetverbindung. 19:36:21 - Serververbindung konnte nicht hergestellt werden.. Error - 11.09.2010 15:45:59 | Computer Name = heinz-becker | Source = MCUpdate | ID = 0 Description = 21:45:51 - Fehler beim Herstellen der Internetverbindung. 21:45:51 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 13.05.2013 14:26:36 | Computer Name = heinz-becker | Source = bowser | ID = 8003 Description = Error - 13.05.2013 14:28:07 | Computer Name = heinz-becker | Source = bowser | ID = 8003 Description = Error - 13.05.2013 14:29:37 | Computer Name = heinz-becker | Source = bowser | ID = 8003 Description = Error - 13.05.2013 14:31:07 | Computer Name = heinz-becker | Source = bowser | ID = 8003 Description = Error - 13.05.2013 14:32:37 | Computer Name = heinz-becker | Source = bowser | ID = 8003 Description = Error - 14.05.2013 10:26:42 | Computer Name = heinz-becker | Source = bowser | ID = 8003 Description = Error - 15.05.2013 06:14:08 | Computer Name = heinz-becker | Source = bowser | ID = 8003 Description = Error - 15.05.2013 15:29:54 | Computer Name = heinz-becker | Source = bowser | ID = 8003 Description = Error - 16.05.2013 05:25:29 | Computer Name = heinz-becker | Source = bowser | ID = 8003 Description = Error - 16.05.2013 06:17:41 | Computer Name = heinz-becker | Source = VDS Basic Provider | ID = 33554433 Description = < End of report > MfG Tensid |
16.05.2013, 17:59 | #4 |
/// Helfer-Team | Delta Search entfernen - Anfrage auf Überprüfung Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - File not found :Files ipconfig /flushdns /c :Commands [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade Dir bitte Malwarebytes Anti-Malware
danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
17.05.2013, 20:42 | #5 |
| Delta Search entfernen - Anfrage auf Überprüfung Moin, moin t'john Habs endlich hinbekommen. hier die files: OTL: Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll deleted successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\tensid\Desktop\cmd.bat deleted successfully. C:\Users\tensid\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: tensid ->Temp folder emptied: 1716882 bytes ->Temporary Internet Files folder emptied: 3113562 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 85335257 bytes ->Flash cache emptied: 1751 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1824 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 86,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 05172013_134127 Files\Folders moved on Reboot... C:\Users\tensid\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.17.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16576 tensid :: HEINZ-BECKER [Administrator] Schutz: Aktiviert 17.05.2013 15:08:52 mbam-log-2013-05-17 (15-08-52).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 442765 Laufzeit: 49 Minute(n), 23 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\tensid\Downloads\w7kf-setup.exe (PUP.Hacktool) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v2.301 - Datei am 17/05/2013 um 21:15:04 erstellt # Aktualisiert am 16/05/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : tensid - HEINZ-BECKER # Bootmodus : Normal # Ausgeführt unter : C:\Users\tensid\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\tensid\AppData\Roaming\Mozilla\Firefox\Profiles\xbg6c7ta.default\searchplugins\Babylon.xml Ordner Gelöscht : C:\ProgramData\BrowserProtect ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16576 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v20.0.1 (de) Datei : C:\Users\tensid\AppData\Roaming\Mozilla\Firefox\Profiles\xbg6c7ta.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [16577 octets] - [16/05/2013 11:41:02] AdwCleaner[R2].txt - [1976 octets] - [17/05/2013 21:10:33] AdwCleaner[S1].txt - [16631 octets] - [16/05/2013 11:41:54] AdwCleaner[S2].txt - [335 octets] - [17/05/2013 21:14:38] AdwCleaner[S3].txt - [1972 octets] - [17/05/2013 21:15:04] ########## EOF - C:\AdwCleaner[S3].txt - [2032 octets] ########## Tensid
__________________ Tensid... kationisch, immer positiv geladen! |
18.05.2013, 10:02 | #6 |
/// Helfer-Team | Delta Search entfernen - Anfrage auf Überprüfung Sehr gut! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: ESET Online Scanner
danach: Downloade Dir bitte SecurityCheck und:
__________________ --> Delta Search entfernen - Anfrage auf Überprüfung |
20.05.2013, 19:18 | #7 |
| Delta Search entfernen - Anfrage auf Überprüfung hier die Files (sorry, dass die erst jetzt kommen) ASW: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-05-18 14:04:41 ----------------------------- 14:04:41.512 OS Version: Windows x64 6.1.7601 Service Pack 1 14:04:41.512 Number of processors: 4 586 0x2502 14:04:41.513 ComputerName: HEINZ-BECKER UserName: tensid 14:04:42.720 Initialize success 14:07:50.298 AVAST engine defs: 13051800 14:11:02.600 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6 14:11:02.600 Disk 0 Vendor: WDC_WD15EADS-00R6B0 01.00A01 Size: 1430799MB BusType: 11 14:11:02.616 Disk 0 MBR read successfully 14:11:02.616 Disk 0 MBR scan 14:11:02.631 Disk 0 Windows 7 default MBR code 14:11:02.631 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 14:11:02.647 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 340992 MB offset 206848 14:11:02.678 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 1089705 MB offset 698558464 14:11:02.709 Disk 0 scanning C:\Windows\system32\drivers 14:11:21.913 Service scanning 14:11:47.575 Modules scanning 14:11:47.575 Disk 0 trace - called modules: 14:11:47.606 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80035de2c0]<<spwq.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 14:11:48.121 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047a2060] 14:11:48.121 3 CLASSPNP.SYS[fffff88000c7543f] -> nt!IofCallDriver -> [0xfffffa800455bdc0] 14:11:48.136 5 ACPI.sys[fffff880013a77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-6[0xfffffa800450f060] 14:11:48.136 \Driver\atapi[0xfffffa8004418440] -> IRP_MJ_CREATE -> 0xfffffa80035de2c0 14:11:49.260 AVAST engine scan C:\Windows 14:11:51.475 AVAST engine scan C:\Windows\system32 14:15:53.291 AVAST engine scan C:\Windows\system32\drivers 14:16:13.618 AVAST engine scan C:\Users\tensid 14:23:25.774 AVAST engine scan C:\ProgramData 14:25:55.362 Scan finished successfully 14:34:00.913 Disk 0 MBR has been saved successfully to "C:\Users\tensid\Desktop\MBR.dat" 14:34:00.913 The log file has been saved successfully to "C:\Users\tensid\Desktop\20130518aswMBR.txt" Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=56e86741d578e3469d3ee08c28e78f82 # engine=13863 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-05-19 02:21:35 # local_time=2013-05-19 04:21:35 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 96 16549 2928255 9336 0 # compatibility_mode=5893 16776574 100 94 3812604 120603145 0 0 # scanned=280240 # found=3 # cleaned=0 # scan_time=16053 sh=06F9D29173B0FFCA3C4E0F249104F80C423074AA ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.BHO.NJQ application" ac=I fn="D:\Spiele-Software\crack patch siedler 2 wikinger.zip" sh=DBFB8DD7E5EAB28131EF1996A6CD0187A161B22A ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Toolbar.Eztracks.A application" ac=I fn="D:\Spiele-Software\The Sims 2\Die Sims 2 Haustiere Ger-=Silent=- Crack.rar" sh=B9C9DC03206DA85849C7E6920DBF572956B9FF6E ft=0 fh=0000000000000000 vn="probably unknown NewHeur_PE virus" ac=I fn="F:\laptop\Programmierung\DotNetC#.iso" ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=56e86741d578e3469d3ee08c28e78f82 # engine=13869 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-05-20 02:04:13 # local_time=2013-05-20 04:04:13 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 96 14621 3013613 7408 0 # compatibility_mode=5893 16776574 100 94 3897962 120688503 0 0 # scanned=273876 # found=1 # cleaned=0 # scan_time=13841 sh=B9C9DC03206DA85849C7E6920DBF572956B9FF6E ft=0 fh=0000000000000000 vn="probably unknown NewHeur_PE virus" ac=I fn="F:\laptop\Programmierung\DotNetC#.iso" SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.7.700.202 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (20.0.1) Mozilla Thunderbird (3.0.11) Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
__________________ Tensid... kationisch, immer positiv geladen! |
20.05.2013, 20:06 | #8 |
/// Helfer-Team | Delta Search entfernen - Anfrage auf Überprüfung OK: Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
|
21.05.2013, 21:37 | #9 |
| Delta Search entfernen - Anfrage auf Überprüfung Hallo t'john, das Programm hat kein log-file erstellt. Ich habe daher den Report genommen. Ich hoffe das ist si ok? Code:
ATTFilter 22:24:14.0183 4400 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 22:24:14.0653 4400 ============================================================ 22:24:14.0653 4400 Current date / time: 2013/05/21 22:24:14.0653 22:24:14.0653 4400 SystemInfo: 22:24:14.0653 4400 22:24:14.0653 4400 OS Version: 6.1.7601 ServicePack: 1.0 22:24:14.0653 4400 Product type: Workstation 22:24:14.0653 4400 ComputerName: HEINZ-BECKER 22:24:14.0653 4400 UserName: tensid 22:24:14.0653 4400 Windows directory: C:\Windows 22:24:14.0653 4400 System windows directory: C:\Windows 22:24:14.0653 4400 Running under WOW64 22:24:14.0653 4400 Processor architecture: Intel x64 22:24:14.0653 4400 Number of processors: 4 22:24:14.0653 4400 Page size: 0x1000 22:24:14.0653 4400 Boot type: Normal boot 22:24:14.0653 4400 ============================================================ 22:24:16.0793 4400 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0xA8178, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040 22:24:16.0803 4400 ============================================================ 22:24:16.0803 4400 \Device\Harddisk0\DR0: 22:24:16.0803 4400 MBR partitions: 22:24:16.0803 4400 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 22:24:16.0803 4400 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x29A00000 22:24:16.0803 4400 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x29A32800, BlocksNum 0x85054800 22:24:16.0803 4400 ============================================================ 22:24:16.0823 4400 C: <-> \Device\Harddisk0\DR0\Partition2 22:24:16.0863 4400 D: <-> \Device\Harddisk0\DR0\Partition3 22:24:16.0863 4400 ============================================================ 22:24:16.0863 4400 Initialize success 22:24:16.0863 4400 ============================================================ 22:24:27.0533 4476 ============================================================ 22:24:27.0533 4476 Scan started 22:24:27.0533 4476 Mode: Manual; SigCheck; TDLFS; 22:24:27.0533 4476 ============================================================ 22:24:28.0723 4476 ================ Scan system memory ======================== 22:24:28.0723 4476 System memory - ok 22:24:28.0723 4476 ================ Scan services ============================= 22:24:28.0863 4476 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 22:24:29.0003 4476 1394ohci - ok 22:24:29.0053 4476 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 22:24:29.0083 4476 ACPI - ok 22:24:29.0123 4476 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 22:24:29.0213 4476 AcpiPmi - ok 22:24:29.0353 4476 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 22:24:29.0383 4476 AdobeARMservice - ok 22:24:29.0503 4476 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:24:29.0543 4476 AdobeFlashPlayerUpdateSvc - ok 22:24:29.0583 4476 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 22:24:29.0623 4476 adp94xx - ok 22:24:29.0633 4476 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 22:24:29.0653 4476 adpahci - ok 22:24:29.0673 4476 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 22:24:29.0683 4476 adpu320 - ok 22:24:29.0713 4476 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 22:24:29.0873 4476 AeLookupSvc - ok 22:24:29.0943 4476 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 22:24:30.0043 4476 AFD - ok 22:24:30.0083 4476 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 22:24:30.0103 4476 agp440 - ok 22:24:30.0123 4476 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 22:24:30.0183 4476 ALG - ok 22:24:30.0233 4476 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 22:24:30.0263 4476 aliide - ok 22:24:30.0303 4476 [ 54716D9BB43733578A5647E9B121141F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 22:24:30.0403 4476 AMD External Events Utility - ok 22:24:30.0413 4476 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 22:24:30.0433 4476 amdide - ok 22:24:30.0453 4476 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 22:24:30.0533 4476 AmdK8 - ok 22:24:30.0703 4476 [ 522A8BD1414CC7517FAEC907F138DB9C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 22:24:30.0993 4476 amdkmdag - ok 22:24:31.0013 4476 [ F712C26D40BF3CD2C020BB518E8150B1 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 22:24:31.0053 4476 amdkmdap - ok 22:24:31.0073 4476 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 22:24:31.0113 4476 AmdPPM - ok 22:24:31.0153 4476 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 22:24:31.0183 4476 amdsata - ok 22:24:31.0213 4476 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 22:24:31.0243 4476 amdsbs - ok 22:24:31.0283 4476 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 22:24:31.0303 4476 amdxata - ok 22:24:31.0373 4476 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe 22:24:31.0393 4476 AntiVirSchedulerService - ok 22:24:31.0443 4476 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe 22:24:31.0453 4476 AntiVirService - ok 22:24:31.0503 4476 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 22:24:31.0663 4476 AppID - ok 22:24:31.0693 4476 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 22:24:31.0783 4476 AppIDSvc - ok 22:24:31.0823 4476 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 22:24:31.0863 4476 Appinfo - ok 22:24:31.0923 4476 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 22:24:31.0973 4476 AppMgmt - ok 22:24:32.0023 4476 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 22:24:32.0053 4476 arc - ok 22:24:32.0063 4476 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 22:24:32.0083 4476 arcsas - ok 22:24:32.0093 4476 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 22:24:32.0123 4476 AsyncMac - ok 22:24:32.0163 4476 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 22:24:32.0183 4476 atapi - ok 22:24:32.0233 4476 [ E02B26650ACC2F4901342D4A66774AD7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 22:24:32.0273 4476 AtiHDAudioService - ok 22:24:32.0293 4476 [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 22:24:32.0333 4476 AtiHdmiService - ok 22:24:32.0373 4476 [ FC0E8778C000291CAF60EB88C011E931 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys 22:24:32.0393 4476 atksgt - ok 22:24:32.0453 4476 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 22:24:32.0573 4476 AudioEndpointBuilder - ok 22:24:32.0603 4476 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 22:24:32.0643 4476 AudioSrv - ok 22:24:32.0693 4476 [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 22:24:32.0713 4476 avgntflt - ok 22:24:32.0773 4476 [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 22:24:32.0803 4476 avipbb - ok 22:24:32.0823 4476 [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 22:24:32.0833 4476 avkmgr - ok 22:24:32.0883 4476 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 22:24:32.0943 4476 AxInstSV - ok 22:24:32.0983 4476 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 22:24:33.0033 4476 b06bdrv - ok 22:24:33.0083 4476 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 22:24:33.0123 4476 b57nd60a - ok 22:24:33.0163 4476 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 22:24:33.0193 4476 BDESVC - ok 22:24:33.0213 4476 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 22:24:33.0293 4476 Beep - ok 22:24:33.0363 4476 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 22:24:33.0463 4476 BFE - ok 22:24:33.0483 4476 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 22:24:33.0563 4476 BITS - ok 22:24:33.0593 4476 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 22:24:33.0633 4476 blbdrive - ok 22:24:33.0653 4476 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 22:24:33.0703 4476 bowser - ok 22:24:33.0733 4476 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:24:33.0813 4476 BrFiltLo - ok 22:24:33.0833 4476 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:24:33.0853 4476 BrFiltUp - ok 22:24:33.0903 4476 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 22:24:33.0933 4476 Browser - ok 22:24:33.0943 4476 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 22:24:33.0993 4476 Brserid - ok 22:24:34.0003 4476 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 22:24:34.0033 4476 BrSerWdm - ok 22:24:34.0033 4476 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 22:24:34.0123 4476 BrUsbMdm - ok 22:24:34.0123 4476 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 22:24:34.0143 4476 BrUsbSer - ok 22:24:34.0163 4476 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 22:24:34.0213 4476 BTHMODEM - ok 22:24:34.0253 4476 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 22:24:34.0313 4476 bthserv - ok 22:24:34.0323 4476 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 22:24:34.0413 4476 cdfs - ok 22:24:34.0463 4476 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 22:24:34.0513 4476 cdrom - ok 22:24:34.0563 4476 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 22:24:34.0613 4476 CertPropSvc - ok 22:24:34.0623 4476 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 22:24:34.0653 4476 circlass - ok 22:24:34.0683 4476 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 22:24:34.0703 4476 CLFS - ok 22:24:34.0753 4476 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:24:34.0793 4476 clr_optimization_v2.0.50727_32 - ok 22:24:34.0823 4476 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:24:34.0843 4476 clr_optimization_v2.0.50727_64 - ok 22:24:34.0923 4476 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:24:34.0983 4476 clr_optimization_v4.0.30319_32 - ok 22:24:35.0033 4476 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:24:35.0053 4476 clr_optimization_v4.0.30319_64 - ok 22:24:35.0073 4476 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 22:24:35.0093 4476 CmBatt - ok 22:24:35.0133 4476 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 22:24:35.0163 4476 cmdide - ok 22:24:35.0213 4476 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 22:24:35.0263 4476 CNG - ok 22:24:35.0273 4476 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 22:24:35.0283 4476 Compbatt - ok 22:24:35.0323 4476 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 22:24:35.0373 4476 CompositeBus - ok 22:24:35.0383 4476 COMSysApp - ok 22:24:35.0403 4476 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 22:24:35.0423 4476 crcdisk - ok 22:24:35.0463 4476 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 22:24:35.0523 4476 CryptSvc - ok 22:24:35.0573 4476 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 22:24:35.0643 4476 CSC - ok 22:24:35.0703 4476 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 22:24:35.0743 4476 CscService - ok 22:24:35.0793 4476 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 22:24:35.0863 4476 DcomLaunch - ok 22:24:35.0893 4476 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 22:24:35.0953 4476 defragsvc - ok 22:24:36.0003 4476 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 22:24:36.0093 4476 DfsC - ok 22:24:36.0113 4476 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 22:24:36.0163 4476 Dhcp - ok 22:24:36.0183 4476 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 22:24:36.0263 4476 discache - ok 22:24:36.0293 4476 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 22:24:36.0323 4476 Disk - ok 22:24:36.0363 4476 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 22:24:36.0423 4476 Dnscache - ok 22:24:36.0453 4476 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 22:24:36.0533 4476 dot3svc - ok 22:24:36.0573 4476 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 22:24:36.0633 4476 DPS - ok 22:24:36.0663 4476 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 22:24:36.0703 4476 drmkaud - ok 22:24:36.0743 4476 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 22:24:36.0793 4476 DXGKrnl - ok 22:24:36.0833 4476 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 22:24:36.0913 4476 EapHost - ok 22:24:37.0003 4476 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 22:24:37.0153 4476 ebdrv - ok 22:24:37.0213 4476 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 22:24:37.0253 4476 EFS - ok 22:24:37.0293 4476 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 22:24:37.0383 4476 ehRecvr - ok 22:24:37.0413 4476 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 22:24:37.0463 4476 ehSched - ok 22:24:37.0503 4476 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 22:24:37.0543 4476 elxstor - ok 22:24:37.0583 4476 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 22:24:37.0623 4476 ErrDev - ok 22:24:37.0663 4476 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 22:24:37.0733 4476 EventSystem - ok 22:24:37.0793 4476 [ 251AF86E0A4DDF3A6B181ED5103B06B1 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys 22:24:37.0853 4476 ewusbnet - ok 22:24:37.0913 4476 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 22:24:37.0973 4476 exfat - ok 22:24:37.0993 4476 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 22:24:38.0033 4476 fastfat - ok 22:24:38.0103 4476 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 22:24:38.0163 4476 Fax - ok 22:24:38.0183 4476 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 22:24:38.0213 4476 fdc - ok 22:24:38.0233 4476 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 22:24:38.0313 4476 fdPHost - ok 22:24:38.0333 4476 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 22:24:38.0393 4476 FDResPub - ok 22:24:38.0423 4476 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 22:24:38.0443 4476 FileInfo - ok 22:24:38.0443 4476 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 22:24:38.0573 4476 Filetrace - ok 22:24:38.0583 4476 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 22:24:38.0603 4476 flpydisk - ok 22:24:38.0633 4476 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 22:24:38.0653 4476 FltMgr - ok 22:24:38.0723 4476 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 22:24:38.0763 4476 FontCache - ok 22:24:38.0813 4476 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:24:38.0843 4476 FontCache3.0.0.0 - ok 22:24:38.0853 4476 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 22:24:38.0873 4476 FsDepends - ok 22:24:38.0903 4476 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 22:24:38.0913 4476 Fs_Rec - ok 22:24:38.0953 4476 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 22:24:38.0993 4476 fvevol - ok 22:24:39.0013 4476 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 22:24:39.0033 4476 gagp30kx - ok 22:24:39.0073 4476 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 22:24:39.0193 4476 gpsvc - ok 22:24:39.0213 4476 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 22:24:39.0243 4476 hcw85cir - ok 22:24:39.0293 4476 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 22:24:39.0353 4476 HdAudAddService - ok 22:24:39.0383 4476 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 22:24:39.0423 4476 HDAudBus - ok 22:24:39.0423 4476 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 22:24:39.0453 4476 HidBatt - ok 22:24:39.0453 4476 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 22:24:39.0483 4476 HidBth - ok 22:24:39.0503 4476 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 22:24:39.0543 4476 HidIr - ok 22:24:39.0563 4476 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 22:24:39.0623 4476 hidserv - ok 22:24:39.0683 4476 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 22:24:39.0703 4476 HidUsb - ok 22:24:39.0753 4476 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 22:24:39.0823 4476 hkmsvc - ok 22:24:39.0853 4476 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 22:24:39.0873 4476 HomeGroupListener - ok 22:24:39.0913 4476 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 22:24:39.0963 4476 HomeGroupProvider - ok 22:24:39.0993 4476 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 22:24:40.0023 4476 HpSAMD - ok 22:24:40.0093 4476 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 22:24:40.0213 4476 HTTP - ok 22:24:40.0263 4476 [ D969D0E26C5B1E813B17066A8318D5D4 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 22:24:40.0283 4476 hwdatacard - ok 22:24:40.0313 4476 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 22:24:40.0333 4476 hwpolicy - ok 22:24:40.0363 4476 [ 9C13A2691AC410CC7469F298684DCA5D ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys 22:24:40.0403 4476 hwusbfake - ok 22:24:40.0433 4476 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 22:24:40.0453 4476 i8042prt - ok 22:24:40.0493 4476 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 22:24:40.0523 4476 iaStorV - ok 22:24:40.0633 4476 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 22:24:40.0673 4476 IDriverT ( UnsignedFile.Multi.Generic ) - warning 22:24:40.0673 4476 IDriverT - detected UnsignedFile.Multi.Generic (1) 22:24:40.0743 4476 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:24:40.0813 4476 idsvc - ok 22:24:40.0843 4476 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 22:24:40.0853 4476 iirsp - ok 22:24:40.0913 4476 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 22:24:41.0043 4476 IKEEXT - ok 22:24:41.0053 4476 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 22:24:41.0063 4476 intelide - ok 22:24:41.0073 4476 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 22:24:41.0093 4476 intelppm - ok 22:24:41.0113 4476 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 22:24:41.0173 4476 IPBusEnum - ok 22:24:41.0213 4476 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:24:41.0243 4476 IpFilterDriver - ok 22:24:41.0323 4476 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 22:24:41.0383 4476 iphlpsvc - ok 22:24:41.0423 4476 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 22:24:41.0443 4476 IPMIDRV - ok 22:24:41.0463 4476 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 22:24:41.0543 4476 IPNAT - ok 22:24:41.0563 4476 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 22:24:41.0643 4476 IRENUM - ok 22:24:41.0683 4476 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 22:24:41.0713 4476 isapnp - ok 22:24:41.0753 4476 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 22:24:41.0793 4476 iScsiPrt - ok 22:24:41.0813 4476 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 22:24:41.0823 4476 kbdclass - ok 22:24:41.0853 4476 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 22:24:41.0903 4476 kbdhid - ok 22:24:41.0933 4476 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 22:24:41.0953 4476 KeyIso - ok 22:24:41.0983 4476 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 22:24:42.0003 4476 KSecDD - ok 22:24:42.0033 4476 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 22:24:42.0073 4476 KSecPkg - ok 22:24:42.0083 4476 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 22:24:42.0143 4476 ksthunk - ok 22:24:42.0173 4476 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 22:24:42.0243 4476 KtmRm - ok 22:24:42.0273 4476 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 22:24:42.0343 4476 LanmanServer - ok 22:24:42.0383 4476 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 22:24:42.0453 4476 LanmanWorkstation - ok 22:24:42.0473 4476 [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys 22:24:42.0493 4476 lirsgt - ok 22:24:42.0523 4476 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 22:24:42.0603 4476 lltdio - ok 22:24:42.0643 4476 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 22:24:42.0723 4476 lltdsvc - ok 22:24:42.0743 4476 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 22:24:42.0783 4476 lmhosts - ok 22:24:42.0803 4476 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 22:24:42.0823 4476 LSI_FC - ok 22:24:42.0833 4476 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 22:24:42.0853 4476 LSI_SAS - ok 22:24:42.0863 4476 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:24:42.0883 4476 LSI_SAS2 - ok 22:24:42.0883 4476 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:24:42.0903 4476 LSI_SCSI - ok 22:24:42.0913 4476 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 22:24:42.0963 4476 luafv - ok 22:24:43.0023 4476 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 22:24:43.0053 4476 MBAMProtector - ok 22:24:43.0143 4476 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe 22:24:43.0183 4476 MBAMScheduler - ok 22:24:43.0223 4476 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 22:24:43.0243 4476 MBAMService - ok 22:24:43.0273 4476 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 22:24:43.0313 4476 Mcx2Svc - ok 22:24:43.0343 4476 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 22:24:43.0353 4476 megasas - ok 22:24:43.0373 4476 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 22:24:43.0393 4476 MegaSR - ok 22:24:43.0413 4476 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 22:24:43.0483 4476 MMCSS - ok 22:24:43.0493 4476 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 22:24:43.0543 4476 Modem - ok 22:24:43.0573 4476 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 22:24:43.0603 4476 monitor - ok 22:24:43.0643 4476 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 22:24:43.0663 4476 mouclass - ok 22:24:43.0683 4476 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 22:24:43.0723 4476 mouhid - ok 22:24:43.0783 4476 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 22:24:43.0813 4476 mountmgr - ok 22:24:43.0853 4476 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 22:24:43.0873 4476 MozillaMaintenance - ok 22:24:43.0913 4476 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 22:24:43.0933 4476 mpio - ok 22:24:43.0953 4476 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 22:24:44.0013 4476 mpsdrv - ok 22:24:44.0063 4476 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 22:24:44.0183 4476 MpsSvc - ok 22:24:44.0213 4476 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 22:24:44.0253 4476 MRxDAV - ok 22:24:44.0293 4476 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 22:24:44.0363 4476 mrxsmb - ok 22:24:44.0403 4476 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:24:44.0433 4476 mrxsmb10 - ok 22:24:44.0453 4476 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:24:44.0483 4476 mrxsmb20 - ok 22:24:44.0523 4476 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 22:24:44.0553 4476 msahci - ok 22:24:44.0583 4476 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 22:24:44.0613 4476 msdsm - ok 22:24:44.0623 4476 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 22:24:44.0653 4476 MSDTC - ok 22:24:44.0673 4476 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 22:24:44.0713 4476 Msfs - ok 22:24:44.0733 4476 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 22:24:44.0763 4476 mshidkmdf - ok 22:24:44.0803 4476 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 22:24:44.0813 4476 msisadrv - ok 22:24:44.0833 4476 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 22:24:44.0893 4476 MSiSCSI - ok 22:24:44.0893 4476 msiserver - ok 22:24:44.0923 4476 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 22:24:44.0963 4476 MSKSSRV - ok 22:24:44.0973 4476 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 22:24:45.0023 4476 MSPCLOCK - ok 22:24:45.0033 4476 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 22:24:45.0093 4476 MSPQM - ok 22:24:45.0123 4476 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 22:24:45.0163 4476 MsRPC - ok 22:24:45.0193 4476 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 22:24:45.0213 4476 mssmbios - ok 22:24:45.0223 4476 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 22:24:45.0273 4476 MSTEE - ok 22:24:45.0293 4476 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 22:24:45.0313 4476 MTConfig - ok 22:24:45.0343 4476 [ 96C19D6F5C1BBB5D97D89B61A6251F2D ] MTSBDA C:\Windows\system32\Drivers\MtsBda.sys 22:24:45.0363 4476 MTSBDA - ok 22:24:45.0393 4476 [ BEC9FAE9155BF8C68BB8B11C35A581FE ] MtsHID C:\Windows\system32\drivers\MtsHID.sys 22:24:45.0413 4476 MtsHID - ok 22:24:45.0433 4476 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 22:24:45.0453 4476 Mup - ok 22:24:45.0503 4476 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 22:24:45.0573 4476 napagent - ok 22:24:45.0623 4476 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 22:24:45.0683 4476 NativeWifiP - ok 22:24:45.0753 4476 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 22:24:45.0793 4476 NDIS - ok 22:24:45.0803 4476 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 22:24:45.0853 4476 NdisCap - ok 22:24:45.0863 4476 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 22:24:45.0903 4476 NdisTapi - ok 22:24:45.0943 4476 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 22:24:46.0013 4476 Ndisuio - ok 22:24:46.0043 4476 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 22:24:46.0103 4476 NdisWan - ok 22:24:46.0123 4476 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 22:24:46.0203 4476 NDProxy - ok 22:24:46.0223 4476 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 22:24:46.0283 4476 NetBIOS - ok 22:24:46.0303 4476 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 22:24:46.0353 4476 NetBT - ok 22:24:46.0373 4476 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 22:24:46.0383 4476 Netlogon - ok 22:24:46.0403 4476 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 22:24:46.0453 4476 Netman - ok 22:24:46.0483 4476 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 22:24:46.0543 4476 netprofm - ok 22:24:46.0613 4476 [ 618C55B392238B9467F9113E13525C49 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys 22:24:46.0683 4476 netr28ux - ok 22:24:46.0713 4476 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:24:46.0743 4476 NetTcpPortSharing - ok 22:24:46.0773 4476 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 22:24:46.0803 4476 nfrd960 - ok 22:24:46.0833 4476 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 22:24:46.0873 4476 NlaSvc - ok 22:24:46.0923 4476 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 22:24:46.0973 4476 Npfs - ok 22:24:46.0983 4476 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 22:24:47.0033 4476 nsi - ok 22:24:47.0053 4476 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 22:24:47.0133 4476 nsiproxy - ok 22:24:47.0193 4476 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 22:24:47.0273 4476 Ntfs - ok 22:24:47.0293 4476 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 22:24:47.0343 4476 Null - ok 22:24:47.0383 4476 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 22:24:47.0403 4476 nvraid - ok 22:24:47.0453 4476 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 22:24:47.0483 4476 nvstor - ok 22:24:47.0533 4476 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 22:24:47.0573 4476 nv_agp - ok 22:24:47.0593 4476 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 22:24:47.0623 4476 ohci1394 - ok 22:24:47.0663 4476 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 22:24:47.0703 4476 p2pimsvc - ok 22:24:47.0733 4476 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 22:24:47.0763 4476 p2psvc - ok 22:24:47.0773 4476 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 22:24:47.0793 4476 Parport - ok 22:24:47.0823 4476 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 22:24:47.0843 4476 partmgr - ok 22:24:47.0863 4476 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 22:24:47.0903 4476 PcaSvc - ok 22:24:47.0933 4476 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 22:24:47.0953 4476 pci - ok 22:24:47.0983 4476 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 22:24:48.0003 4476 pciide - ok 22:24:48.0013 4476 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 22:24:48.0033 4476 pcmcia - ok 22:24:48.0043 4476 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 22:24:48.0063 4476 pcw - ok 22:24:48.0083 4476 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 22:24:48.0153 4476 PEAUTH - ok 22:24:48.0203 4476 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 22:24:48.0283 4476 PeerDistSvc - ok 22:24:48.0363 4476 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 22:24:48.0403 4476 PerfHost - ok 22:24:48.0473 4476 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 22:24:48.0583 4476 pla - ok 22:24:48.0643 4476 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 22:24:48.0713 4476 PlugPlay - ok 22:24:48.0733 4476 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 22:24:48.0783 4476 PNRPAutoReg - ok 22:24:48.0803 4476 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 22:24:48.0833 4476 PNRPsvc - ok 22:24:48.0853 4476 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 22:24:48.0923 4476 PolicyAgent - ok 22:24:48.0963 4476 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 22:24:49.0023 4476 Power - ok 22:24:49.0073 4476 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 22:24:49.0153 4476 PptpMiniport - ok 22:24:49.0183 4476 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 22:24:49.0223 4476 Processor - ok 22:24:49.0253 4476 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 22:24:49.0303 4476 ProfSvc - ok 22:24:49.0323 4476 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 22:24:49.0343 4476 ProtectedStorage - ok 22:24:49.0393 4476 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 22:24:49.0463 4476 Psched - ok 22:24:49.0493 4476 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 22:24:49.0573 4476 ql2300 - ok 22:24:49.0583 4476 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 22:24:49.0603 4476 ql40xx - ok 22:24:49.0633 4476 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 22:24:49.0653 4476 QWAVE - ok 22:24:49.0663 4476 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 22:24:49.0713 4476 QWAVEdrv - ok 22:24:49.0723 4476 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 22:24:49.0783 4476 RasAcd - ok 22:24:49.0813 4476 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 22:24:49.0853 4476 RasAgileVpn - ok 22:24:49.0853 4476 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 22:24:49.0913 4476 RasAuto - ok 22:24:49.0953 4476 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 22:24:50.0023 4476 Rasl2tp - ok 22:24:50.0053 4476 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 22:24:50.0113 4476 RasMan - ok 22:24:50.0133 4476 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 22:24:50.0193 4476 RasPppoe - ok 22:24:50.0223 4476 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 22:24:50.0283 4476 RasSstp - ok 22:24:50.0323 4476 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 22:24:50.0393 4476 rdbss - ok 22:24:50.0423 4476 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 22:24:50.0433 4476 rdpbus - ok 22:24:50.0463 4476 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 22:24:50.0513 4476 RDPCDD - ok 22:24:50.0543 4476 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 22:24:50.0563 4476 RDPDR - ok 22:24:50.0583 4476 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 22:24:50.0643 4476 RDPENCDD - ok 22:24:50.0663 4476 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 22:24:50.0693 4476 RDPREFMP - ok 22:24:50.0733 4476 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 22:24:50.0773 4476 RDPWD - ok 22:24:50.0813 4476 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 22:24:50.0843 4476 rdyboost - ok 22:24:50.0873 4476 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 22:24:50.0943 4476 RemoteAccess - ok 22:24:50.0973 4476 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 22:24:51.0053 4476 RemoteRegistry - ok 22:24:51.0083 4476 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 22:24:51.0143 4476 RpcEptMapper - ok 22:24:51.0173 4476 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 22:24:51.0223 4476 RpcLocator - ok 22:24:51.0283 4476 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 22:24:51.0333 4476 RpcSs - ok 22:24:51.0363 4476 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 22:24:51.0443 4476 rspndr - ok 22:24:51.0493 4476 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 22:24:51.0523 4476 RTL8167 - ok 22:24:51.0573 4476 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 22:24:51.0613 4476 s3cap - ok 22:24:51.0613 4476 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 22:24:51.0633 4476 SamSs - ok 22:24:51.0663 4476 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 22:24:51.0693 4476 sbp2port - ok 22:24:51.0723 4476 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 22:24:51.0813 4476 SCardSvr - ok 22:24:51.0853 4476 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 22:24:51.0913 4476 scfilter - ok 22:24:51.0963 4476 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 22:24:52.0093 4476 Schedule - ok 22:24:52.0123 4476 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 22:24:52.0163 4476 SCPolicySvc - ok 22:24:52.0193 4476 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 22:24:52.0243 4476 SDRSVC - ok 22:24:52.0273 4476 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 22:24:52.0343 4476 secdrv - ok 22:24:52.0363 4476 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 22:24:52.0433 4476 seclogon - ok 22:24:52.0453 4476 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 22:24:52.0503 4476 SENS - ok 22:24:52.0513 4476 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 22:24:52.0543 4476 SensrSvc - ok 22:24:52.0573 4476 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 22:24:52.0583 4476 Serenum - ok 22:24:52.0603 4476 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 22:24:52.0643 4476 Serial - ok 22:24:52.0693 4476 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 22:24:52.0723 4476 sermouse - ok 22:24:52.0773 4476 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 22:24:52.0833 4476 SessionEnv - ok 22:24:52.0863 4476 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 22:24:52.0913 4476 sffdisk - ok 22:24:52.0933 4476 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 22:24:52.0983 4476 sffp_mmc - ok 22:24:53.0003 4476 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 22:24:53.0053 4476 sffp_sd - ok 22:24:53.0073 4476 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 22:24:53.0093 4476 sfloppy - ok 22:24:53.0123 4476 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 22:24:53.0203 4476 SharedAccess - ok 22:24:53.0253 4476 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 22:24:53.0323 4476 ShellHWDetection - ok 22:24:53.0383 4476 [ 7799106FEE728B907A86D9C9751E02D5 ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys 22:24:53.0423 4476 silabenm - ok 22:24:53.0463 4476 [ 39A6F89D7EFF9B1B839570134170D859 ] silabser C:\Windows\system32\DRIVERS\silabser.sys 22:24:53.0493 4476 silabser - ok 22:24:53.0523 4476 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:24:53.0543 4476 SiSRaid2 - ok 22:24:53.0553 4476 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 22:24:53.0573 4476 SiSRaid4 - ok 22:24:53.0593 4476 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 22:24:53.0663 4476 Smb - ok 22:24:53.0703 4476 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 22:24:53.0733 4476 SNMPTRAP - ok 22:24:53.0743 4476 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 22:24:53.0763 4476 spldr - ok 22:24:53.0803 4476 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 22:24:53.0863 4476 Spooler - ok 22:24:53.0953 4476 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 22:24:54.0083 4476 sppsvc - ok 22:24:54.0113 4476 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 22:24:54.0173 4476 sppuinotify - ok 22:24:54.0253 4476 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys 22:24:54.0253 4476 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB 22:24:54.0253 4476 sptd ( LockedFile.Multi.Generic ) - warning 22:24:54.0253 4476 sptd - detected LockedFile.Multi.Generic (1) 22:24:54.0293 4476 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 22:24:54.0363 4476 srv - ok 22:24:54.0383 4476 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 22:24:54.0423 4476 srv2 - ok 22:24:54.0433 4476 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 22:24:54.0473 4476 srvnet - ok 22:24:54.0493 4476 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 22:24:54.0553 4476 SSDPSRV - ok 22:24:54.0573 4476 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 22:24:54.0613 4476 SstpSvc - ok 22:24:54.0653 4476 Steam Client Service - ok 22:24:54.0673 4476 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 22:24:54.0703 4476 stexstor - ok 22:24:54.0753 4476 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 22:24:54.0793 4476 stisvc - ok 22:24:54.0823 4476 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 22:24:54.0833 4476 storflt - ok 22:24:54.0853 4476 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 22:24:54.0893 4476 StorSvc - ok 22:24:54.0953 4476 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 22:24:54.0983 4476 storvsc - ok 22:24:55.0013 4476 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 22:24:55.0033 4476 swenum - ok 22:24:55.0053 4476 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 22:24:55.0153 4476 swprv - ok 22:24:55.0223 4476 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 22:24:55.0313 4476 SysMain - ok 22:24:55.0343 4476 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 22:24:55.0363 4476 TabletInputService - ok 22:24:55.0383 4476 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 22:24:55.0453 4476 TapiSrv - ok 22:24:55.0463 4476 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 22:24:55.0513 4476 TBS - ok 22:24:55.0563 4476 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 22:24:55.0643 4476 Tcpip - ok 22:24:55.0673 4476 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 22:24:55.0703 4476 TCPIP6 - ok 22:24:55.0753 4476 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 22:24:55.0793 4476 tcpipreg - ok 22:24:55.0833 4476 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 22:24:55.0863 4476 TDPIPE - ok 22:24:55.0903 4476 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 22:24:55.0943 4476 TDTCP - ok 22:24:56.0013 4476 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 22:24:56.0093 4476 tdx - ok 22:24:56.0123 4476 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 22:24:56.0143 4476 TermDD - ok 22:24:56.0193 4476 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 22:24:56.0273 4476 TermService - ok 22:24:56.0293 4476 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 22:24:56.0333 4476 Themes - ok 22:24:56.0343 4476 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 22:24:56.0383 4476 THREADORDER - ok 22:24:56.0393 4476 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 22:24:56.0443 4476 TrkWks - ok 22:24:56.0503 4476 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 22:24:56.0593 4476 TrustedInstaller - ok 22:24:56.0643 4476 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 22:24:56.0683 4476 tssecsrv - ok 22:24:56.0743 4476 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 22:24:56.0783 4476 TsUsbFlt - ok 22:24:56.0843 4476 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 22:24:56.0893 4476 tunnel - ok 22:24:56.0913 4476 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 22:24:56.0933 4476 uagp35 - ok 22:24:56.0973 4476 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 22:24:57.0063 4476 udfs - ok 22:24:57.0093 4476 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 22:24:57.0143 4476 UI0Detect - ok 22:24:57.0173 4476 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 22:24:57.0203 4476 uliagpkx - ok 22:24:57.0243 4476 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 22:24:57.0283 4476 umbus - ok 22:24:57.0303 4476 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 22:24:57.0323 4476 UmPass - ok 22:24:57.0353 4476 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 22:24:57.0393 4476 UmRdpService - ok 22:24:57.0413 4476 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 22:24:57.0473 4476 upnphost - ok 22:24:57.0503 4476 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 22:24:57.0533 4476 usbccgp - ok 22:24:57.0553 4476 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 22:24:57.0583 4476 usbcir - ok 22:24:57.0623 4476 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 22:24:57.0653 4476 usbehci - ok 22:24:57.0703 4476 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 22:24:57.0763 4476 usbhub - ok 22:24:57.0803 4476 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 22:24:57.0843 4476 usbohci - ok 22:24:57.0873 4476 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 22:24:57.0913 4476 usbprint - ok 22:24:57.0943 4476 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 22:24:57.0973 4476 usbscan - ok 22:24:57.0983 4476 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:24:58.0003 4476 USBSTOR - ok 22:24:58.0043 4476 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 22:24:58.0073 4476 usbuhci - ok 22:24:58.0103 4476 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 22:24:58.0163 4476 UxSms - ok 22:24:58.0193 4476 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 22:24:58.0203 4476 VaultSvc - ok 22:24:58.0253 4476 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 22:24:58.0273 4476 vdrvroot - ok 22:24:58.0323 4476 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 22:24:58.0403 4476 vds - ok 22:24:58.0433 4476 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 22:24:58.0453 4476 vga - ok 22:24:58.0463 4476 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 22:24:58.0513 4476 VgaSave - ok 22:24:58.0543 4476 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 22:24:58.0563 4476 vhdmp - ok 22:24:58.0573 4476 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 22:24:58.0593 4476 viaide - ok 22:24:58.0633 4476 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 22:24:58.0663 4476 vmbus - ok 22:24:58.0703 4476 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 22:24:58.0733 4476 VMBusHID - ok 22:24:58.0753 4476 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 22:24:58.0773 4476 volmgr - ok 22:24:58.0813 4476 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 22:24:58.0843 4476 volmgrx - ok 22:24:58.0873 4476 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 22:24:58.0903 4476 volsnap - ok 22:24:58.0983 4476 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys 22:24:59.0013 4476 vpcbus - ok 22:24:59.0063 4476 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys 22:24:59.0123 4476 vpcnfltr - ok 22:24:59.0143 4476 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys 22:24:59.0163 4476 vpcusb - ok 22:24:59.0183 4476 [ 63F4E10873BEB4124028C6D1A66B0968 ] vpcuxd C:\Windows\system32\drivers\vpcuxd.sys 22:24:59.0213 4476 vpcuxd - ok 22:24:59.0273 4476 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys 22:24:59.0303 4476 vpcvmm - ok 22:24:59.0333 4476 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 22:24:59.0353 4476 vsmraid - ok 22:24:59.0403 4476 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 22:24:59.0503 4476 VSS - ok 22:24:59.0523 4476 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 22:24:59.0553 4476 vwifibus - ok 22:24:59.0563 4476 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 22:24:59.0613 4476 vwififlt - ok 22:24:59.0633 4476 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 22:24:59.0653 4476 vwifimp - ok 22:24:59.0703 4476 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 22:24:59.0783 4476 W32Time - ok 22:24:59.0793 4476 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 22:24:59.0833 4476 WacomPen - ok 22:24:59.0883 4476 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 22:24:59.0973 4476 WANARP - ok 22:24:59.0993 4476 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 22:25:00.0023 4476 Wanarpv6 - ok 22:25:00.0103 4476 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 22:25:00.0193 4476 WatAdminSvc - ok 22:25:00.0263 4476 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 22:25:00.0333 4476 wbengine - ok 22:25:00.0353 4476 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 22:25:00.0383 4476 WbioSrvc - ok 22:25:00.0423 4476 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 22:25:00.0483 4476 wcncsvc - ok 22:25:00.0503 4476 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 22:25:00.0523 4476 WcsPlugInService - ok 22:25:00.0543 4476 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 22:25:00.0563 4476 Wd - ok 22:25:00.0603 4476 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 22:25:00.0683 4476 Wdf01000 - ok 22:25:00.0693 4476 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 22:25:00.0733 4476 WdiServiceHost - ok 22:25:00.0733 4476 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 22:25:00.0753 4476 WdiSystemHost - ok 22:25:00.0783 4476 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 22:25:00.0823 4476 WebClient - ok 22:25:00.0853 4476 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 22:25:00.0903 4476 Wecsvc - ok 22:25:00.0913 4476 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 22:25:00.0973 4476 wercplsupport - ok 22:25:00.0993 4476 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 22:25:01.0053 4476 WerSvc - ok 22:25:01.0073 4476 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 22:25:01.0113 4476 WfpLwf - ok 22:25:01.0123 4476 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 22:25:01.0133 4476 WIMMount - ok 22:25:01.0153 4476 WinDefend - ok 22:25:01.0153 4476 WinHttpAutoProxySvc - ok 22:25:01.0203 4476 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 22:25:01.0253 4476 Winmgmt - ok 22:25:01.0323 4476 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 22:25:01.0493 4476 WinRM - ok 22:25:01.0563 4476 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 22:25:01.0613 4476 WinUsb - ok 22:25:01.0653 4476 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 22:25:01.0703 4476 Wlansvc - ok 22:25:01.0733 4476 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 22:25:01.0743 4476 WmiAcpi - ok 22:25:01.0763 4476 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 22:25:01.0793 4476 wmiApSrv - ok 22:25:01.0833 4476 WMPNetworkSvc - ok 22:25:01.0853 4476 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 22:25:01.0863 4476 WPCSvc - ok 22:25:01.0903 4476 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 22:25:01.0933 4476 WPDBusEnum - ok 22:25:01.0953 4476 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 22:25:02.0023 4476 ws2ifsl - ok 22:25:02.0053 4476 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 22:25:02.0083 4476 wscsvc - ok 22:25:02.0093 4476 WSearch - ok 22:25:02.0173 4476 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 22:25:02.0283 4476 wuauserv - ok 22:25:02.0313 4476 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 22:25:02.0333 4476 WudfPf - ok 22:25:02.0353 4476 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 22:25:02.0383 4476 WUDFRd - ok 22:25:02.0423 4476 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 22:25:02.0463 4476 wudfsvc - ok 22:25:02.0493 4476 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 22:25:02.0543 4476 WwanSvc - ok 22:25:02.0583 4476 ================ Scan global =============================== 22:25:02.0603 4476 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 22:25:02.0653 4476 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 22:25:02.0683 4476 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 22:25:02.0713 4476 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 22:25:02.0743 4476 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 22:25:02.0763 4476 [Global] - ok 22:25:02.0763 4476 ================ Scan MBR ================================== 22:25:02.0773 4476 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 22:25:03.0043 4476 \Device\Harddisk0\DR0 - ok 22:25:03.0043 4476 ================ Scan VBR ================================== 22:25:03.0053 4476 [ A9B929C5B804C13865DC6B9CD8A7ECB5 ] \Device\Harddisk0\DR0\Partition1 22:25:03.0053 4476 \Device\Harddisk0\DR0\Partition1 - ok 22:25:03.0073 4476 [ F51D038F8CE3180C8CB62842C70F8693 ] \Device\Harddisk0\DR0\Partition2 22:25:03.0083 4476 \Device\Harddisk0\DR0\Partition2 - ok 22:25:03.0103 4476 [ 10CB206786123DB49E5354C8DC1AE4F5 ] \Device\Harddisk0\DR0\Partition3 22:25:03.0103 4476 \Device\Harddisk0\DR0\Partition3 - ok 22:25:03.0103 4476 ============================================================ 22:25:03.0103 4476 Scan finished 22:25:03.0103 4476 ============================================================ 22:25:03.0123 4064 Detected object count: 2 22:25:03.0123 4064 Actual detected object count: 2 22:25:13.0233 4064 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 22:25:13.0233 4064 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:25:13.0233 4064 sptd ( LockedFile.Multi.Generic ) - skipped by user 22:25:13.0233 4064 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
__________________ Tensid... kationisch, immer positiv geladen! |
22.05.2013, 13:45 | #10 |
/// Helfer-Team | Delta Search entfernen - Anfrage auf Überprüfung Aktualisiere:
Sehr gut! damit bist Du sauber und entlassen! adwCleaner entfernen
Tool-Bereinigung Die Reihenfolge ist hier entscheidend.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html http://www.trojaner-board.de/109844-...ren-seite.html PC wird immer langsamer - was tun? |
13.09.2013, 16:59 | #11 |
/// Helfer-Team | Delta Search entfernen - Anfrage auf Überprüfung Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
Themen zu Delta Search entfernen - Anfrage auf Überprüfung |
.html, anderen, anfrage, delta, durchzusehen, entfernen, entschieden, erstellt, frage, funktionier, postings, pup.hacktool, rückmeldung, schritte, search, win32/adware.bho.njq, win32/adware.toolbar.eztracks.a, würde |