Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Delta Search entfernen - Anfrage auf Überprüfung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.05.2013, 12:14   #1
Tensid
 
Delta Search entfernen - Anfrage auf Überprüfung - Standard

Delta Search entfernen - Anfrage auf Überprüfung



Hallöchen.

Ich bin auf der Suche nach einem Weg DeltaSearch zu entfernen in diesem Forum gelandet.
Nach einigem Lesen, habe ich mich entschieden, die Schritte von ryder in den Postings TomTailer (http://www.trojaner-board.de/131086-...-loeschen.html), sowie Tweety007 (http://www.trojaner-board.de/131450-...entfernen.html)durchzuführen, da sie mir durchaus logisch erschienen.

Es hat allem Anschein nach auch gut funktioniert.
Nun wollte ich fragen, ob jemand die Muse hat (wie bei den anderen Beiden), die zwei Files, die mittels DDS erstellt wurden durchzusehen?

Bei positiver Rückmeldung würde ich mich freuen und die Files asap dann hier posten.

@ryder: Vielen Dank für die Anleitung. So etwas Perfektes und Verständliches habe ich selten erlebt.

Vielen Dank im Voraus
Tensid

Alt 16.05.2013, 14:49   #2
t'john
/// Helfer-Team
 
Delta Search entfernen - Anfrage auf Überprüfung - Standard

Delta Search entfernen - Anfrage auf Überprüfung





Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 16.05.2013, 16:38   #3
Tensid
 
Delta Search entfernen - Anfrage auf Überprüfung - Standard

Delta Search entfernen - Anfrage auf Überprüfung



Hallo,

so ich hoffe mal, dass ich alles richtig gemacht habe.

OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.05.2013 17:05:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\tensid\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 62,20% Memory free
7,74 Gb Paging File | 5,92 Gb Available in Paging File | 76,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 333,00 Gb Total Space | 214,05 Gb Free Space | 64,28% Space Free | Partition Type: NTFS
Drive D: | 1064,17 Gb Total Space | 95,04 Gb Free Space | 8,93% Space Free | Partition Type: NTFS
 
Computer Name: HEINZ-BECKER | User Name: tensid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\tensid\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll ()
MOD - C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ()
MOD - C:\Program Files (x86)\Win7codecs\filters\ffdshow.ax ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (silabser) -- C:\Windows\SysNative\drivers\silabser.sys (Silicon Laboratories)
DRV:64bit: - (silabenm) -- C:\Windows\SysNative\drivers\silabenm.sys (Silicon Laboratories)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcuxd) -- C:\Windows\SysNative\drivers\vpcuxd.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (MTSBDA) -- C:\Windows\SysNative\drivers\MtsBda.sys (TechniSat Provide)
DRV:64bit: - (MtsHID) -- C:\Windows\SysNative\drivers\MtsHID.sys (TechniSat Provide)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwusbfake) -- C:\Windows\SysNative\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 59 B1 95 E1 72 BC CA 01  [binary data]
IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-348389179-1454518360-288330992-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: 2020Player%402020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.7.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledItems: 2020Player_IKEA@2020Technologies.com:5.0.7.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files (x86)\INNOVA-engineering GmbH\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.26 19:21:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.06 02:49:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.03.20 13:31:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.26 19:21:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.06 02:49:23 | 000,000,000 | ---D | M]
 
[2010.04.16 12:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tensid\AppData\Roaming\mozilla\Extensions
[2010.04.16 12:58:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tensid\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.16 11:34:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tensid\AppData\Roaming\mozilla\Firefox\Profiles\xbg6c7ta.default\extensions
[2013.02.24 21:45:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\tensid\AppData\Roaming\mozilla\Firefox\Profiles\xbg6c7ta.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.04.25 16:12:44 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\tensid\AppData\Roaming\mozilla\Firefox\Profiles\xbg6c7ta.default\extensions\2020Player@2020Technologies.com
[2011.06.25 11:25:00 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\tensid\AppData\Roaming\mozilla\Firefox\Profiles\xbg6c7ta.default\extensions\2020Player_IKEA@2020Technologies.com
[2013.05.02 11:15:27 | 000,006,471 | ---- | M] () -- C:\Users\tensid\AppData\Roaming\mozilla\firefox\profiles\xbg6c7ta.default\searchplugins\babylon.xml
[2012.06.07 22:02:21 | 000,002,342 | ---- | M] () -- C:\Users\tensid\AppData\Roaming\mozilla\firefox\profiles\xbg6c7ta.default\searchplugins\icq-search.xml
[2013.03.10 21:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.26 19:21:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.07.22 19:29:48 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.14 12:48:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.22 19:29:48 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.22 19:29:48 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.22 19:29:48 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.22 19:29:48 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-348389179-1454518360-288330992-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-348389179-1454518360-288330992-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-348389179-1454518360-288330992-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-348389179-1454518360-288330992-1000..\Run: [Screenpresso] C:\Users\tensid\AppData\Local\LearnPulse\Screenpresso\Screenpresso.exe (Learnpulse)
O4 - HKU\S-1-5-21-348389179-1454518360-288330992-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D5D40B3-DD69-4611-8C0B-53EA867D7C0D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{243AC630-F712-46EB-90A1-4E68C39ECB97}: DhcpNameServer = 139.7.30.126 139.7.30.125
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{085f84ab-1ffc-11e0-842a-001f1f691263}\Shell - "" = AutoRun
O33 - MountPoints2\{085f84ab-1ffc-11e0-842a-001f1f691263}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{085f854e-1ffc-11e0-842a-001f1f691263}\Shell - "" = AutoRun
O33 - MountPoints2\{085f854e-1ffc-11e0-842a-001f1f691263}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{3e303c97-642b-11df-8b9f-6cf049720083}\Shell - "" = AutoRun
O33 - MountPoints2\{3e303c97-642b-11df-8b9f-6cf049720083}\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\{3e303c97-642b-11df-8b9f-6cf049720083}\Shell\install\command - "" = L:\autorun.exe
O33 - MountPoints2\{8b8e56cc-2577-11e0-89de-6cf049720083}\Shell - "" = AutoRun
O33 - MountPoints2\{8b8e56cc-2577-11e0-89de-6cf049720083}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.16 16:55:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tensid\Desktop\OTL.exe
[2013.05.15 20:52:14 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.15 20:52:14 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.15 20:52:13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.15 20:52:13 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.15 20:52:13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.15 20:52:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.15 20:52:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.15 20:52:13 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.15 20:52:13 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.15 20:52:13 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.15 20:52:12 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.15 20:52:12 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.15 20:52:11 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 20:52:11 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.15 20:52:10 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.15 12:44:28 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 12:44:28 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 12:44:14 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 12:44:14 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 12:44:14 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 12:44:14 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 12:44:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.02 11:20:49 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.04.23 00:13:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.04.20 09:33:07 | 000,000,000 | ---D | C] -- C:\Users\tensid\Documents\ANNO 2070
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.16 16:55:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tensid\Desktop\OTL.exe
[2013.05.16 16:41:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.16 13:28:01 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 13:28:01 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.16 13:20:16 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.05.16 13:20:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.16 13:19:56 | 3117,010,944 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.16 11:42:09 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.05.15 23:25:28 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.15 23:25:28 | 000,656,044 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.15 23:25:28 | 000,616,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.15 23:25:28 | 000,130,676 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.15 23:25:28 | 000,106,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.15 21:28:52 | 000,290,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.15 12:42:16 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 12:42:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.02 11:20:38 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
 
========== Files Created - No Company Name ==========
 
[2013.05.16 11:42:02 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.04.06 03:45:05 | 000,000,791 | ---- | C] () -- C:\Users\tensid\AppData\Roaming\MPQEditor.ini
[2013.03.31 19:33:17 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2012.12.28 01:15:53 | 000,000,901 | ---- | C] () -- C:\Users\tensid\.recently-used.xbel
[2012.06.29 17:18:01 | 000,000,264 | ---- | C] () -- C:\Windows\_delis32.ini
[2011.11.11 22:26:11 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.07.27 23:38:55 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2011.01.21 18:20:44 | 000,000,355 | ---- | C] () -- C:\Users\tensid\Computer - Verknüpfung.lnk
[2010.06.04 20:59:32 | 000,017,408 | ---- | C] () -- C:\Users\tensid\AppData\Local\WebpageIcons.db
[2010.05.03 00:52:42 | 000,007,680 | ---- | C] () -- C:\Users\tensid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---

[/CODE]

Extras.txt
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.05.2013 17:05:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\tensid\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 62,20% Memory free
7,74 Gb Paging File | 5,92 Gb Available in Paging File | 76,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 333,00 Gb Total Space | 214,05 Gb Free Space | 64,28% Space Free | Partition Type: NTFS
Drive D: | 1064,17 Gb Total Space | 95,04 Gb Free Space | 8,93% Space Free | Partition Type: NTFS
 
Computer Name: HEINZ-BECKER | User Name: tensid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-348389179-1454518360-288330992-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F244514-0DF9-4DD6-87BA-03A035DBF074}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1357231A-0971-4BB7-A307-3B24A0EF21A6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2F9C81B6-AD41-41C6-941E-397A87D63723}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4DB2600D-EEB9-434C-809B-A186261F4A08}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{50CE58FB-2127-4315-8539-F82608436E44}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{52659CAD-7201-4804-98CE-D4D7094DC9EE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5F203FC2-37B1-4E8E-96A9-A3D8B3BC33D8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{647F44F9-109B-4552-ACDC-9B44F8FA87E8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6BA1BF77-663D-45B3-84F1-F71FD0B06165}" = lport=445 | protocol=6 | dir=in | app=system | 
"{6FD3B2BB-1F2C-4197-B554-D9C93D1FCC7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{736A2831-2E30-4531-AC8C-946AA83B8D2D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{748B383F-DC2C-4EFE-9391-F308700E2DEC}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7636B6FC-6B59-4DD9-9078-7B43EE6F674A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{79AC7EEB-2FB4-4C89-B446-F669F7B696AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{84B83FEB-7CE1-4BF7-8B99-2BC771B2FDC4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{876E5091-B772-448C-A0C9-326CE230BCE4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{882D58A6-11E2-4B75-98E7-3DEA2027A039}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9D808E1E-9EEC-45EF-8C7B-318D09800DC5}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{ACAEB78A-F9EC-4F33-959A-F795DACD76A1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C0679392-0D7F-45D1-BFB1-86802A4994FD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CBF73074-A882-4DEF-90DD-692594BBBDAE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F7735A69-4335-4591-B12E-F018C1C5B7BF}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013265B3-C96B-4FFA-B3AC-5BF395E0E216}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{03301C1D-0D3E-451B-B305-8D3DF396AEFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{039CA51D-FAEE-47CC-904D-306423821816}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{0409E363-7C32-4B2A-A2A7-B421DC2C7415}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{045B9A84-8DD5-4F85-9907-4374E0FBE8D5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{07D0329A-8D55-45D2-8115-9B8D24A17F4B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{09892CB3-4C96-440F-9459-FAB4BD18C39C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | 
"{0F7A53A9-DF06-404B-B640-E3AA654CF41A}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{12C09456-1327-4BD3-87B1-A5B94D8CAB9F}" = protocol=6 | dir=in | app=d:\spiele\anno1404\tools\anno4web.exe | 
"{136AFA3B-159C-418A-95B0-CB4AEDD6E7E3}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{16BC7C45-52D8-4D83-8909-373ACECE4DBB}" = protocol=17 | dir=in | app=c:\users\tensid\appdata\local\temp\blizzard installer bootstrap - 002dca22\installer.exe | 
"{173ED441-23E5-4DD3-9239-49C93AEFF2EF}" = protocol=6 | dir=in | app=d:\spiele\anno 2070\initengine.exe | 
"{19B6DAE1-B9F5-4556-9EBD-F19F837709A4}" = protocol=17 | dir=in | app=d:\spiele\anno1404\tools\addonweb.exe | 
"{1E599428-8C9E-41B6-8F28-43671DB60DB9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{1FE2DA9D-5BCD-40C3-81B5-ADB82470CABC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{252FB0F5-0C16-4CFE-9FA2-0D28875BDD13}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{2530A990-22FC-4737-86E2-742806818C3D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{30AA0E23-9E21-4EA0-B4DD-099765738957}" = protocol=17 | dir=in | app=d:\spiele\anno 2070\autopatcher.exe | 
"{30C431C9-8390-4453-B4D5-DA1492F8C263}" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | 
"{35D1A615-2571-402A-93A5-23488BCA6BDD}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{35F273FA-E2C4-42A8-A728-3F92E02C83C6}" = protocol=6 | dir=out | app=system | 
"{3A15FB86-A694-43A9-B6AC-C38FF7B3AA15}" = protocol=6 | dir=in | app=d:\spiele\anno1404\anno4.exe | 
"{3BA1ADA1-4EEC-4946-A3C1-42F78F0B8189}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.exe | 
"{3D273686-B208-485B-889B-78AAEB135422}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft-1\launcher.patch.exe | 
"{3EFEC155-065C-4200-8B46-F3BA5A270A17}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{3F31AB1C-DE3C-477F-9A35-708C5BC8E961}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft-1\launcher.exe | 
"{4201AEFF-A841-4A21-905C-F6957C699DEA}" = protocol=17 | dir=in | app=d:\spiele\anno1404\tools\anno4web.exe | 
"{423BD0A7-56EB-4609-8705-012BF37EDDD8}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft-1\launcher.exe | 
"{4CB81775-ED78-41D2-978B-39FC079364D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4D529235-12D5-4501-B5E9-9789700D7BBF}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe | 
"{5078BA80-1BB6-4814-8ECF-1A5338332161}" = protocol=17 | dir=in | app=d:\spiele\anno1404\addon.exe | 
"{51163828-3FA6-4924-9831-3DAD4BEE9E5E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5239D00C-8762-4C30-A12A-0BF223858EED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{524B0914-51BA-4270-81E0-6F770BECC235}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{5CA82EEE-EB8A-4F9E-B76D-444190438076}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{5FC73385-6704-4601-B847-5B53FF1D7656}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{62005117-1E74-4F61-BE6C-5B57AED3834F}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fear.exe | 
"{640F6BD6-BB3D-485A-AC7C-C9A45DE345D2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{68C61E0A-D285-4938-A066-82CBCF26EAD5}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.exe | 
"{6B3B9958-91E3-4A1F-A1B4-762BC3703629}" = protocol=17 | dir=in | app=c:\users\tensid\appdata\local\temp\blizzard installer bootstrap - 0051df77\installer.exe | 
"{6C46D8EC-A28C-4D1C-84D2-7D054E6F526B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{6D429602-990E-4239-918C-03D334EBC39F}" = protocol=17 | dir=in | app=d:\spiele\anno 2070\initengine.exe | 
"{71DE217D-33E7-4327-88B1-3D81720494F4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{7D804AC4-72CB-4428-B786-931BF349A387}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{7D88128B-2F9E-4DDF-BFCD-025B202319D4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{86E51CC2-FAC7-4AE9-9D73-8422296676E1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BBDE5BF-C9B8-40E3-A348-75C05EEE95D6}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{90C92AA4-BC89-42D6-9CE8-C8FC207ED29F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{919A5CC1-08C4-49A9-8C1E-1C4FE37103A4}" = protocol=6 | dir=in | app=d:\spiele\anno1404\tools\addonweb.exe | 
"{941686AD-1BE7-41BA-AC7E-C4CE76726907}" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\starcraft ii public test.exe | 
"{97C75407-22AC-4CBC-911C-013DEADDD944}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{9BB00CEB-58F9-4980-B146-E460B3D6CFAF}" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | 
"{9E2793E1-51E9-4738-AFD6-0533A13EAB59}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft-1\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{9FAD5CFC-9774-4ED5-B8CB-66BDEB370735}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A03AC367-B12F-4E53-977D-AB80669C21D4}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.patch.exe | 
"{A834F352-19A6-4679-AD9F-13E43014616E}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra\fear\fearmp.exe | 
"{A902D81B-9B68-4FC5-9D8D-2D4F8BCAD336}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe | 
"{B0E1E239-EAB1-4A06-BED6-BAA60E2245E4}" = protocol=6 | dir=in | app=d:\spiele\anno 2070\autopatcher.exe | 
"{B19BB5A1-4EA1-40BE-A9E6-43C3B157D351}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra\fear\fearmp.exe | 
"{B2C17B1E-4BDB-4D76-B6AA-41068C383FD5}" = protocol=17 | dir=in | app=d:\spiele\anno1404\anno4.exe | 
"{B3474229-804F-4143-972B-9FC06DB4A923}" = protocol=6 | dir=in | app=c:\users\tensid\appdata\local\temp\blizzard installer bootstrap - 002dca22\installer.exe | 
"{B53A1BAA-2976-4431-A9D2-EF526E95C990}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.patch.exe | 
"{C0387C96-1E79-4DBA-9B31-9C88A3340401}" = protocol=17 | dir=in | app=d:\spiele\anno 2070\anno5.exe | 
"{C41E28E3-6AAC-4951-A388-CBBF2A76AE9C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CB0123AA-9578-4736-A80D-8B4B6C7D9195}" = protocol=6 | dir=in | app=d:\spiele\anno1404\addon.exe | 
"{CD5FE71C-F68F-43B0-85B3-43A690CD4AD9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CDB5E034-6D84-40F5-B2E7-11F00FE27159}" = protocol=6 | dir=in | app=d:\spiele\anno 2070\anno5.exe | 
"{D6FADE10-DFE7-4B54-8FBB-1A3F363DF4A3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{D92920B7-CF6C-46B3-A918-8C33CA0DA6A7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DA3D1AD0-966F-4441-99E2-5D5307F8EC82}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{DE5701B8-F090-445F-923B-0DD87D867EF7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E2BFD8C8-0A34-4808-8E34-1CBBF214B1A1}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{E4DD1D34-C377-447E-8132-F22B7F94A0C8}" = protocol=6 | dir=in | app=d:\spiele\world of warcraft-1\launcher.patch.exe | 
"{E83C1EAA-49E1-4B37-9D5F-BD975C69E705}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB83F94C-91BA-4E66-8153-71B73F28B606}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EDBE3C2F-764F-4B91-B53E-4C6F4B7B90D7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{EE734307-1BCD-461D-9BB5-65EE1E55C967}" = protocol=17 | dir=in | app=d:\spiele\world of warcraft-1\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{EFA69A0E-E15B-4C52-8A33-2D8317FF4A69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F40ADBBD-FE97-4571-8830-955EEB66174B}" = protocol=6 | dir=in | app=c:\users\tensid\appdata\local\temp\blizzard installer bootstrap - 0051df77\installer.exe | 
"{F66CD7B0-6FEA-466F-9978-1F22C5AF9D6B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{F91E6C72-16F0-4541-9478-2EBCBF207307}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{FA31A781-126A-400C-BC24-7520EE13ED17}" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | 
"{FAE66FDC-7AE0-4834-AB7F-3810C7D4A0BC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FB820FAE-D7B2-40B1-86F0-8D242C6B50A8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FC88FE80-167E-4D59-AF5C-4FB0B3BCA8AB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{FCAB827A-B91A-4D4C-B8F7-FE6D38924E9B}" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | 
"{FF458653-A54A-4617-94D8-E908C907D1B3}" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\starcraft ii public test.exe | 
"TCP Query User{06B8ACAA-DECB-434C-9D94-DAD9EA9594DA}D:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"TCP Query User{06E5EA2F-3028-42B9-9771-2AA1402BFAD8}C:\program files (x86)\mirandafusion\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe | 
"TCP Query User{1334E80E-257A-43E7-8622-A6AE5538DC2C}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{201DBC2E-3E76-42FC-ABB8-E4691DC2661E}D:\spiele\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | 
"TCP Query User{20F353B8-FC4A-45DE-AC2E-149839D00D68}D:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"TCP Query User{35C7C592-43D0-4676-961B-35F408457ACD}D:\spiele\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{3D78F7B3-8A03-45D7-BA6F-A32D8593A40D}D:\spiele\heroes of might and magic v\heroes of might and magic v\bin\h5_game.exe" = protocol=6 | dir=in | app=d:\spiele\heroes of might and magic v\heroes of might and magic v\bin\h5_game.exe | 
"TCP Query User{4C5279E1-8D75-4C96-BBEC-3E8DD9541D1C}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"TCP Query User{4EB05021-4230-4B47-94F4-A0CB05794F50}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"TCP Query User{5C0C2796-9791-495D-B4B1-F3D40DEA7F3B}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{6A56AC66-1BBB-4CB4-A16F-35C43CB69D93}C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe | 
"TCP Query User{6C75FB27-E53C-434D-83C9-EDDCC684E4E2}D:\spiele\world of warcraft\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\blizzard downloader.exe | 
"TCP Query User{75966520-C625-4478-AEAA-636A749958B9}D:\spiele\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | 
"TCP Query User{79878E62-8200-4DD9-B8B3-B6EDAF7525CD}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{8477CCF6-1797-4FF1-8034-A5E4CF536D1D}D:\spiele\catan\catan.exe" = protocol=6 | dir=in | app=d:\spiele\catan\catan.exe | 
"TCP Query User{9EE844F8-0585-4A27-B027-999E80C9E95A}D:\spiele\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\blizzard downloader.exe | 
"TCP Query User{A2B4837C-A994-4D6D-AAAD-82DAEA3EAE75}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{BB6B9025-D078-4E4F-8992-4A3206CB7B40}C:\users\tensid\downloads\miranda_im_3_0_beta_6\miranda32.exe" = protocol=6 | dir=in | app=c:\users\tensid\downloads\miranda_im_3_0_beta_6\miranda32.exe | 
"TCP Query User{C36042B9-1EE0-403D-BF97-121EBF5C413D}C:\program files (x86)\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"TCP Query User{CA760DDD-9F4C-4C05-BC97-E9528F3F8F80}D:\spiele\world of warcraft\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.exe | 
"TCP Query User{D6B07FC0-10B8-441C-98BC-4BCC5CFC1F0D}D:\spiele\anno1404\tools\addonweb.exe" = protocol=6 | dir=in | app=d:\spiele\anno1404\tools\addonweb.exe | 
"TCP Query User{D6F5CC5E-E737-4C48-AB60-602C11D047D4}D:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{E075E3EF-CB25-4745-B1FC-EE9C70ECC0D0}D:\spiele\world of warcraft\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.patch.exe | 
"TCP Query User{E90B594E-F7CA-467A-B094-0BBE5BE07D6C}D:\spiele\titan quest immortal throne\tqit.exe" = protocol=6 | dir=in | app=d:\spiele\titan quest immortal throne\tqit.exe | 
"TCP Query User{EEC55E74-00BE-4B05-B2BD-63033AEA44BC}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
"TCP Query User{F10562B4-D292-47F4-9B84-6D2CC3E11CA9}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{F60B115C-2982-4CBC-9739-98C884183056}D:\spiele\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"TCP Query User{F82D53E7-A070-4B17-AECD-9CF8D6246416}D:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{F9EBE2F4-337D-41E1-ACA8-EC83F4052FC0}D:\spiele\world of warcraft\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{030DA205-FECC-437E-9A09-F7698757785E}D:\spiele\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\blizzard downloader.exe | 
"UDP Query User{07E31B5A-B370-46E5-9716-7F394C8C4C87}D:\spiele\catan\catan.exe" = protocol=17 | dir=in | app=d:\spiele\catan\catan.exe | 
"UDP Query User{0DD37EF9-A202-4998-99A0-CDF46294B63E}D:\spiele\heroes of might and magic v\heroes of might and magic v\bin\h5_game.exe" = protocol=17 | dir=in | app=d:\spiele\heroes of might and magic v\heroes of might and magic v\bin\h5_game.exe | 
"UDP Query User{0E15B4E5-5FF2-446E-94A2-F339E5631B36}D:\spiele\world of warcraft\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.patch.exe | 
"UDP Query User{20AC0A66-16F0-45BA-8AB1-5D25C8655D77}D:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\temp\wow-4.0.0.2104-enus-tools-downloader.exe | 
"UDP Query User{274BAF9B-7BF3-45F8-9576-BE842B722E27}D:\spiele\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{2C5F6813-DF6C-414D-A20D-B28E2433088A}D:\spiele\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | 
"UDP Query User{341DEE34-BF4B-4046-90FC-E9B54DBD8BBE}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe | 
"UDP Query User{390747A6-BD35-48EF-B651-554AB2E237F3}D:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{51C7F07A-A822-461D-A39F-723DE0FF60FA}C:\program files (x86)\mirandafusion\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirandafusion\miranda32.exe | 
"UDP Query User{557E06A5-CDEE-425D-AAFF-1FD5B05F277A}D:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{60733FD6-1C55-4443-BD12-33C54CBD6AAC}D:\spiele\world of warcraft\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\blizzard downloader.exe | 
"UDP Query User{60F70BF1-BF84-4216-9D87-F84FF2D9D522}D:\spiele\world of warcraft\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\launcher.exe | 
"UDP Query User{6BB33F8A-E0C2-4770-A304-D1F528F0E8FD}D:\spiele\titan quest immortal throne\tqit.exe" = protocol=17 | dir=in | app=d:\spiele\titan quest immortal throne\tqit.exe | 
"UDP Query User{78E03DF6-B9CD-4269-8BFF-D599D5C4D1CC}D:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"UDP Query User{7BD22B4C-3DEF-48DE-8EE0-1EBADB3039E3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{7D305CB5-33A8-46A1-BB57-20966EA281A1}D:\spiele\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.patch.exe | 
"UDP Query User{831849B4-E7C9-4928-A43E-64E1F9057142}C:\program files (x86)\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files (x86)\anno 1701\anno1701.exe | 
"UDP Query User{85454250-3D65-47A8-BFBF-FECC5DCFE368}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{A7F468A8-CFBA-473E-B06D-FD2518FF3599}C:\users\tensid\downloads\miranda_im_3_0_beta_6\miranda32.exe" = protocol=17 | dir=in | app=c:\users\tensid\downloads\miranda_im_3_0_beta_6\miranda32.exe | 
"UDP Query User{AA096B11-8789-464F-87D8-EB2AF0766B82}C:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe | 
"UDP Query User{AC38D476-8221-42C4-8DAF-2A3A62661552}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{B654BE87-A277-49DA-884D-3266C9165C5B}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{B6E045E0-240C-4E6E-A7A2-2B1FD4F60734}C:\program files (x86)\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"UDP Query User{D2C9DF56-D460-4769-9379-3640C5E51EF3}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{DA5D3C28-58BD-4A01-9227-5FA836DB9D21}D:\spiele\anno1404\tools\addonweb.exe" = protocol=17 | dir=in | app=d:\spiele\anno1404\tools\addonweb.exe | 
"UDP Query User{E20EDC3B-E320-476A-A511-58FDBEFCD713}D:\spiele\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\launcher.exe | 
"UDP Query User{EC18C231-1BED-47CA-AF0F-5045472E6E73}D:\spiele\world of warcraft\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\spiele\world of warcraft\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{EF321A2D-98A5-424F-B3DE-6BD5E148A681}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
"{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{077A7810-A937-4465-AD08-ACED9807995F}" = ANNO 1602 Königs-Edition
"{10209B87-55D6-493E-A30A-12A265AA324E}" = TQ Defiler
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zoodirektor-Sammlung
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE 
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{793FCE60-DE5E-4977-A942-A7B69A45B17D}" = MainConcept DTV Decoder Pro
"{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
"{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}" = Titan Quest Immortal Throne
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoPlus
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FC1C2427-5954-451C-9ED8-A92D48ED7E07}" = CSI-Eindeutige Beweise
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Catan" = Catan - Die erste Insel
"C-Control Pro_is1" = C-Control Pro 1.99
"CSI - Deadly Intent" = CSI - Deadly Intent
"CSI - Tödliche Verschwörung" = CSI - Tödliche Verschwörung
"CSI-Mord in 3 Dimensionen" = CSI-Mord in 3 Dimensionen 1.0
"Die Gilde Gold-Edition" = Die Gilde Gold-Edition
"DVD Shrink_is1" = DVD Shrink 3.2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"InstallShield_{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zoodirektor-Sammlung
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird (3.0.11)" = Mozilla Thunderbird (3.0.11)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Orbit_is1" = Orbit Downloader
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0004]
"SpellForce" = SpellForce
"StarCraft II" = StarCraft II
"Steam App 22380" = Fallout: New Vegas
"Tales of Monkey Island" = Tales of Monkey Island
"TheGuild2" = Die Gilde 2
"Thief22DeinstallKey" = Dark Project 2
"Totalcmd" = Total Commander (Remove or Repair)
"Tropico3" = Tropico 3 1.00
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-348389179-1454518360-288330992-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Screenpresso" = Screenpresso
"Tropico 4" = Tropico 4 1.00
"Winamp Detect" = Winamp Erkennungs-Plug-in
"World of Warcraft Trial" = Probeversion von World of Warcraft
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.04.2013 16:10:18 | Computer Name = heinz-becker | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 2.0.6.25180 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 7e4    Startzeit: 
01ce2fdb0d47daa2    Endzeit: 90    Anwendungspfad: D:\Spiele\StarCraft II\Versions\Base24944\SC2.exe

Berichts-ID:
   
 
Error - 02.04.2013 16:34:59 | Computer Name = heinz-becker | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 2.0.6.25180 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: fb4    Startzeit: 
01ce2fde2b677463    Endzeit: 60    Anwendungspfad: D:\Spiele\StarCraft II\Versions\Base24944\SC2.exe

Berichts-ID:
   
 
Error - 03.04.2013 07:16:20 | Computer Name = heinz-becker | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 05.04.2013 07:47:19 | Computer Name = heinz-becker | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 12.04.2013 10:49:38 | Computer Name = heinz-becker | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 7.8.0.6800, Zeitstempel:
 0x4f9e81cc  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel:
 0x4ce7b96f  Ausnahmecode: 0xc0000096  Fehleroffset: 0x000485fe  ID des fehlerhaften Prozesses:
 0x964  Startzeit der fehlerhaften Anwendung: 0x01ce378cddc99dc9  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\ICQ7M\ICQ.exe  Pfad des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll
Berichtskennung:
 32cc3aac-a380-11e2-ba50-6cf049720083
 
Error - 12.04.2013 10:49:38 | Computer Name = heinz-becker | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm ICQ wurde wegen dieses Fehlers geschlossen.    Programm:
 ICQ  Datei:     Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.  Benutzeraktion
1.
 Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und   - diese sich im Netzwerk 
befindet,   dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.   - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
   Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, 
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: 00000000  Datenträgertyp: 0
 
Error - 29.04.2013 10:08:25 | Computer Name = heinz-becker | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Uplay.exe, Version: 0.0.0.0, Zeitstempel:
 0x5165852c  Name des fehlerhaften Moduls: npuplaypchub.dll, Version: 1.0.0.1, Zeitstempel:
 0x51658483  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00009a40  ID des fehlerhaften Prozesses:
 0xff4  Startzeit der fehlerhaften Anwendung: 0x01ce44d1dffa8062  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe  Pfad des
 fehlerhaften Moduls: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
Berichtskennung:
 41bc7593-b0d6-11e2-9077-6cf049720083
 
Error - 14.05.2013 05:12:19 | Computer Name = heinz-becker | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 7.8.0.6800 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 818    Startzeit: 
01ce50827c9bc360    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\ICQ7M\ICQ.exe    Berichts-ID:
 4ed15945-bc76-11e2-8d58-6cf049720083  
 
Error - 14.05.2013 10:32:47 | Computer Name = heinz-becker | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 20.0.1.4847,
 Zeitstempel: 0x51650aee  Name des fehlerhaften Moduls: xul.dll, Version: 20.0.1.4847,
 Zeitstempel: 0x51650a09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b10e8  ID des fehlerhaften
 Prozesses: 0xaac  Startzeit der fehlerhaften Anwendung: 0x01ce50af9fe68d2f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll  Berichtskennung:
 253e37fb-bca3-11e2-b146-6cf049720083
 
Error - 15.05.2013 06:32:31 | Computer Name = heinz-becker | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 20.0.1.4847 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1390    Startzeit:
 01ce51570dede1d0    Endzeit: 45    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 b491834f-bd4a-11e2-a644-6cf049720083  
 
[ Media Center Events ]
Error - 08.06.2010 13:36:16 | Computer Name = heinz-becker | Source = MCUpdate | ID = 0
Description = 19:36:16 - Fehler beim Herstellen der Internetverbindung.  19:36:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 08.06.2010 13:36:25 | Computer Name = heinz-becker | Source = MCUpdate | ID = 0
Description = 19:36:21 - Fehler beim Herstellen der Internetverbindung.  19:36:21 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.09.2010 15:45:59 | Computer Name = heinz-becker | Source = MCUpdate | ID = 0
Description = 21:45:51 - Fehler beim Herstellen der Internetverbindung.  21:45:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 13.05.2013 14:26:36 | Computer Name = heinz-becker | Source = bowser | ID = 8003
Description = 
 
Error - 13.05.2013 14:28:07 | Computer Name = heinz-becker | Source = bowser | ID = 8003
Description = 
 
Error - 13.05.2013 14:29:37 | Computer Name = heinz-becker | Source = bowser | ID = 8003
Description = 
 
Error - 13.05.2013 14:31:07 | Computer Name = heinz-becker | Source = bowser | ID = 8003
Description = 
 
Error - 13.05.2013 14:32:37 | Computer Name = heinz-becker | Source = bowser | ID = 8003
Description = 
 
Error - 14.05.2013 10:26:42 | Computer Name = heinz-becker | Source = bowser | ID = 8003
Description = 
 
Error - 15.05.2013 06:14:08 | Computer Name = heinz-becker | Source = bowser | ID = 8003
Description = 
 
Error - 15.05.2013 15:29:54 | Computer Name = heinz-becker | Source = bowser | ID = 8003
Description = 
 
Error - 16.05.2013 05:25:29 | Computer Name = heinz-becker | Source = bowser | ID = 8003
Description = 
 
Error - 16.05.2013 06:17:41 | Computer Name = heinz-becker | Source = VDS Basic Provider | ID = 33554433
Description = 
 
 
< End of report >
         
--- --- ---


MfG
Tensid
__________________

Alt 16.05.2013, 17:59   #4
t'john
/// Helfer-Team
 
Delta Search entfernen - Anfrage auf Überprüfung - Standard

Delta Search entfernen - Anfrage auf Überprüfung



Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - File not found 

:Files 

ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
Mfg, t'john
Das TB unterstützen

Alt 17.05.2013, 20:42   #5
Tensid
 
Delta Search entfernen - Anfrage auf Überprüfung - Standard

Delta Search entfernen - Anfrage auf Überprüfung



Moin, moin t'john

Habs endlich hinbekommen.
hier die files:
OTL:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\tensid\Desktop\cmd.bat deleted successfully.
C:\Users\tensid\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: tensid
->Temp folder emptied: 1716882 bytes
->Temporary Internet Files folder emptied: 3113562 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 85335257 bytes
->Flash cache emptied: 1751 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1824 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 86,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05172013_134127

Files\Folders moved on Reboot...
C:\Users\tensid\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
malewarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.17.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
tensid :: HEINZ-BECKER [Administrator]

Schutz: Aktiviert

17.05.2013 15:08:52
mbam-log-2013-05-17 (15-08-52).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 442765
Laufzeit: 49 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\tensid\Downloads\w7kf-setup.exe (PUP.Hacktool) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 17/05/2013 um 21:15:04 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : tensid - HEINZ-BECKER
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\tensid\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\tensid\AppData\Roaming\Mozilla\Firefox\Profiles\xbg6c7ta.default\searchplugins\Babylon.xml
Ordner Gelöscht : C:\ProgramData\BrowserProtect

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\tensid\AppData\Roaming\Mozilla\Firefox\Profiles\xbg6c7ta.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [16577 octets] - [16/05/2013 11:41:02]
AdwCleaner[R2].txt - [1976 octets] - [17/05/2013 21:10:33]
AdwCleaner[S1].txt - [16631 octets] - [16/05/2013 11:41:54]
AdwCleaner[S2].txt - [335 octets] - [17/05/2013 21:14:38]
AdwCleaner[S3].txt - [1972 octets] - [17/05/2013 21:15:04]

########## EOF - C:\AdwCleaner[S3].txt - [2032 octets] ##########
         
MfG
Tensid

__________________
Tensid...
kationisch, immer positiv geladen!

Alt 18.05.2013, 10:02   #6
t'john
/// Helfer-Team
 
Delta Search entfernen - Anfrage auf Überprüfung - Standard

Delta Search entfernen - Anfrage auf Überprüfung



Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
--> Delta Search entfernen - Anfrage auf Überprüfung

Alt 20.05.2013, 19:18   #7
Tensid
 
Delta Search entfernen - Anfrage auf Überprüfung - Standard

Delta Search entfernen - Anfrage auf Überprüfung



hier die Files (sorry, dass die erst jetzt kommen)

ASW:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-18 14:04:41
-----------------------------
14:04:41.512    OS Version: Windows x64 6.1.7601 Service Pack 1
14:04:41.512    Number of processors: 4 586 0x2502
14:04:41.513    ComputerName: HEINZ-BECKER  UserName: tensid
14:04:42.720    Initialize success
14:07:50.298    AVAST engine defs: 13051800
14:11:02.600    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-6
14:11:02.600    Disk 0 Vendor: WDC_WD15EADS-00R6B0 01.00A01 Size: 1430799MB BusType: 11
14:11:02.616    Disk 0 MBR read successfully
14:11:02.616    Disk 0 MBR scan
14:11:02.631    Disk 0 Windows 7 default MBR code
14:11:02.631    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:11:02.647    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       340992 MB offset 206848
14:11:02.678    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS      1089705 MB offset 698558464
14:11:02.709    Disk 0 scanning C:\Windows\system32\drivers
14:11:21.913    Service scanning
14:11:47.575    Modules scanning
14:11:47.575    Disk 0 trace - called modules:
14:11:47.606    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80035de2c0]<<spwq.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
14:11:48.121    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047a2060]
14:11:48.121    3 CLASSPNP.SYS[fffff88000c7543f] -> nt!IofCallDriver -> [0xfffffa800455bdc0]
14:11:48.136    5 ACPI.sys[fffff880013a77a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-6[0xfffffa800450f060]
14:11:48.136    \Driver\atapi[0xfffffa8004418440] -> IRP_MJ_CREATE -> 0xfffffa80035de2c0
14:11:49.260    AVAST engine scan C:\Windows
14:11:51.475    AVAST engine scan C:\Windows\system32
14:15:53.291    AVAST engine scan C:\Windows\system32\drivers
14:16:13.618    AVAST engine scan C:\Users\tensid
14:23:25.774    AVAST engine scan C:\ProgramData
14:25:55.362    Scan finished successfully
14:34:00.913    Disk 0 MBR has been saved successfully to "C:\Users\tensid\Desktop\MBR.dat"
14:34:00.913    The log file has been saved successfully to "C:\Users\tensid\Desktop\20130518aswMBR.txt"
         
ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=56e86741d578e3469d3ee08c28e78f82
# engine=13863
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-19 02:21:35
# local_time=2013-05-19 04:21:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 16549 2928255 9336 0
# compatibility_mode=5893 16776574 100 94 3812604 120603145 0 0
# scanned=280240
# found=3
# cleaned=0
# scan_time=16053
sh=06F9D29173B0FFCA3C4E0F249104F80C423074AA ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.BHO.NJQ application" ac=I fn="D:\Spiele-Software\crack patch siedler 2 wikinger.zip"
sh=DBFB8DD7E5EAB28131EF1996A6CD0187A161B22A ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Toolbar.Eztracks.A application" ac=I fn="D:\Spiele-Software\The Sims 2\Die Sims 2 Haustiere Ger-=Silent=- Crack.rar"
sh=B9C9DC03206DA85849C7E6920DBF572956B9FF6E ft=0 fh=0000000000000000 vn="probably unknown NewHeur_PE virus" ac=I fn="F:\laptop\Programmierung\DotNetC#.iso"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=56e86741d578e3469d3ee08c28e78f82
# engine=13869
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-20 02:04:13
# local_time=2013-05-20 04:04:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 14621 3013613 7408 0
# compatibility_mode=5893 16776574 100 94 3897962 120688503 0 0
# scanned=273876
# found=1
# cleaned=0
# scan_time=13841
sh=B9C9DC03206DA85849C7E6920DBF572956B9FF6E ft=0 fh=0000000000000000 vn="probably unknown NewHeur_PE virus" ac=I fn="F:\laptop\Programmierung\DotNetC#.iso"
         
Keine Ahnung warum der an dem ISO meckert. Das ist eine DVD zu einem Buch gewesen. Unser Admin hat mir die gegeben weil mein Firmenlaptop kein CD/DVD Laufwerk hat.

SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Adobe Flash Player 11.7.700.202  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (20.0.1) 
 Mozilla Thunderbird (3.0.11) Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
MfG, Tensid
__________________
Tensid...
kationisch, immer positiv geladen!

Alt 20.05.2013, 20:06   #8
t'john
/// Helfer-Team
 
Delta Search entfernen - Anfrage auf Überprüfung - Standard

Delta Search entfernen - Anfrage auf Überprüfung



OK:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.05.2013, 21:37   #9
Tensid
 
Delta Search entfernen - Anfrage auf Überprüfung - Standard

Delta Search entfernen - Anfrage auf Überprüfung



Hallo t'john,

das Programm hat kein log-file erstellt. Ich habe daher den Report genommen. Ich hoffe das ist si ok?

Code:
ATTFilter
22:24:14.0183 4400  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:24:14.0653 4400  ============================================================
22:24:14.0653 4400  Current date / time: 2013/05/21 22:24:14.0653
22:24:14.0653 4400  SystemInfo:
22:24:14.0653 4400  
22:24:14.0653 4400  OS Version: 6.1.7601 ServicePack: 1.0
22:24:14.0653 4400  Product type: Workstation
22:24:14.0653 4400  ComputerName: HEINZ-BECKER
22:24:14.0653 4400  UserName: tensid
22:24:14.0653 4400  Windows directory: C:\Windows
22:24:14.0653 4400  System windows directory: C:\Windows
22:24:14.0653 4400  Running under WOW64
22:24:14.0653 4400  Processor architecture: Intel x64
22:24:14.0653 4400  Number of processors: 4
22:24:14.0653 4400  Page size: 0x1000
22:24:14.0653 4400  Boot type: Normal boot
22:24:14.0653 4400  ============================================================
22:24:16.0793 4400  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0xA8178, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
22:24:16.0803 4400  ============================================================
22:24:16.0803 4400  \Device\Harddisk0\DR0:
22:24:16.0803 4400  MBR partitions:
22:24:16.0803 4400  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:24:16.0803 4400  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x29A00000
22:24:16.0803 4400  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x29A32800, BlocksNum 0x85054800
22:24:16.0803 4400  ============================================================
22:24:16.0823 4400  C: <-> \Device\Harddisk0\DR0\Partition2
22:24:16.0863 4400  D: <-> \Device\Harddisk0\DR0\Partition3
22:24:16.0863 4400  ============================================================
22:24:16.0863 4400  Initialize success
22:24:16.0863 4400  ============================================================
22:24:27.0533 4476  ============================================================
22:24:27.0533 4476  Scan started
22:24:27.0533 4476  Mode: Manual; SigCheck; TDLFS; 
22:24:27.0533 4476  ============================================================
22:24:28.0723 4476  ================ Scan system memory ========================
22:24:28.0723 4476  System memory - ok
22:24:28.0723 4476  ================ Scan services =============================
22:24:28.0863 4476  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:24:29.0003 4476  1394ohci - ok
22:24:29.0053 4476  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:24:29.0083 4476  ACPI - ok
22:24:29.0123 4476  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:24:29.0213 4476  AcpiPmi - ok
22:24:29.0353 4476  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:24:29.0383 4476  AdobeARMservice - ok
22:24:29.0503 4476  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:24:29.0543 4476  AdobeFlashPlayerUpdateSvc - ok
22:24:29.0583 4476  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:24:29.0623 4476  adp94xx - ok
22:24:29.0633 4476  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:24:29.0653 4476  adpahci - ok
22:24:29.0673 4476  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:24:29.0683 4476  adpu320 - ok
22:24:29.0713 4476  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:24:29.0873 4476  AeLookupSvc - ok
22:24:29.0943 4476  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:24:30.0043 4476  AFD - ok
22:24:30.0083 4476  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:24:30.0103 4476  agp440 - ok
22:24:30.0123 4476  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:24:30.0183 4476  ALG - ok
22:24:30.0233 4476  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:24:30.0263 4476  aliide - ok
22:24:30.0303 4476  [ 54716D9BB43733578A5647E9B121141F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:24:30.0403 4476  AMD External Events Utility - ok
22:24:30.0413 4476  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:24:30.0433 4476  amdide - ok
22:24:30.0453 4476  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:24:30.0533 4476  AmdK8 - ok
22:24:30.0703 4476  [ 522A8BD1414CC7517FAEC907F138DB9C ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:24:30.0993 4476  amdkmdag - ok
22:24:31.0013 4476  [ F712C26D40BF3CD2C020BB518E8150B1 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:24:31.0053 4476  amdkmdap - ok
22:24:31.0073 4476  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:24:31.0113 4476  AmdPPM - ok
22:24:31.0153 4476  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:24:31.0183 4476  amdsata - ok
22:24:31.0213 4476  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:24:31.0243 4476  amdsbs - ok
22:24:31.0283 4476  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:24:31.0303 4476  amdxata - ok
22:24:31.0373 4476  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:24:31.0393 4476  AntiVirSchedulerService - ok
22:24:31.0443 4476  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:24:31.0453 4476  AntiVirService - ok
22:24:31.0503 4476  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:24:31.0663 4476  AppID - ok
22:24:31.0693 4476  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:24:31.0783 4476  AppIDSvc - ok
22:24:31.0823 4476  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
22:24:31.0863 4476  Appinfo - ok
22:24:31.0923 4476  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
22:24:31.0973 4476  AppMgmt - ok
22:24:32.0023 4476  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:24:32.0053 4476  arc - ok
22:24:32.0063 4476  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:24:32.0083 4476  arcsas - ok
22:24:32.0093 4476  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:24:32.0123 4476  AsyncMac - ok
22:24:32.0163 4476  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:24:32.0183 4476  atapi - ok
22:24:32.0233 4476  [ E02B26650ACC2F4901342D4A66774AD7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:24:32.0273 4476  AtiHDAudioService - ok
22:24:32.0293 4476  [ 77C149E6D702737B2E372DEE166FAEF8 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
22:24:32.0333 4476  AtiHdmiService - ok
22:24:32.0373 4476  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
22:24:32.0393 4476  atksgt - ok
22:24:32.0453 4476  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:24:32.0573 4476  AudioEndpointBuilder - ok
22:24:32.0603 4476  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:24:32.0643 4476  AudioSrv - ok
22:24:32.0693 4476  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:24:32.0713 4476  avgntflt - ok
22:24:32.0773 4476  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:24:32.0803 4476  avipbb - ok
22:24:32.0823 4476  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:24:32.0833 4476  avkmgr - ok
22:24:32.0883 4476  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:24:32.0943 4476  AxInstSV - ok
22:24:32.0983 4476  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:24:33.0033 4476  b06bdrv - ok
22:24:33.0083 4476  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:24:33.0123 4476  b57nd60a - ok
22:24:33.0163 4476  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:24:33.0193 4476  BDESVC - ok
22:24:33.0213 4476  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:24:33.0293 4476  Beep - ok
22:24:33.0363 4476  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:24:33.0463 4476  BFE - ok
22:24:33.0483 4476  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
22:24:33.0563 4476  BITS - ok
22:24:33.0593 4476  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:24:33.0633 4476  blbdrive - ok
22:24:33.0653 4476  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:24:33.0703 4476  bowser - ok
22:24:33.0733 4476  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:24:33.0813 4476  BrFiltLo - ok
22:24:33.0833 4476  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:24:33.0853 4476  BrFiltUp - ok
22:24:33.0903 4476  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:24:33.0933 4476  Browser - ok
22:24:33.0943 4476  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:24:33.0993 4476  Brserid - ok
22:24:34.0003 4476  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:24:34.0033 4476  BrSerWdm - ok
22:24:34.0033 4476  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:24:34.0123 4476  BrUsbMdm - ok
22:24:34.0123 4476  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:24:34.0143 4476  BrUsbSer - ok
22:24:34.0163 4476  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:24:34.0213 4476  BTHMODEM - ok
22:24:34.0253 4476  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:24:34.0313 4476  bthserv - ok
22:24:34.0323 4476  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:24:34.0413 4476  cdfs - ok
22:24:34.0463 4476  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
22:24:34.0513 4476  cdrom - ok
22:24:34.0563 4476  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:24:34.0613 4476  CertPropSvc - ok
22:24:34.0623 4476  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:24:34.0653 4476  circlass - ok
22:24:34.0683 4476  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:24:34.0703 4476  CLFS - ok
22:24:34.0753 4476  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:24:34.0793 4476  clr_optimization_v2.0.50727_32 - ok
22:24:34.0823 4476  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:24:34.0843 4476  clr_optimization_v2.0.50727_64 - ok
22:24:34.0923 4476  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:24:34.0983 4476  clr_optimization_v4.0.30319_32 - ok
22:24:35.0033 4476  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:24:35.0053 4476  clr_optimization_v4.0.30319_64 - ok
22:24:35.0073 4476  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:24:35.0093 4476  CmBatt - ok
22:24:35.0133 4476  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:24:35.0163 4476  cmdide - ok
22:24:35.0213 4476  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:24:35.0263 4476  CNG - ok
22:24:35.0273 4476  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:24:35.0283 4476  Compbatt - ok
22:24:35.0323 4476  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:24:35.0373 4476  CompositeBus - ok
22:24:35.0383 4476  COMSysApp - ok
22:24:35.0403 4476  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:24:35.0423 4476  crcdisk - ok
22:24:35.0463 4476  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:24:35.0523 4476  CryptSvc - ok
22:24:35.0573 4476  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
22:24:35.0643 4476  CSC - ok
22:24:35.0703 4476  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
22:24:35.0743 4476  CscService - ok
22:24:35.0793 4476  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:24:35.0863 4476  DcomLaunch - ok
22:24:35.0893 4476  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:24:35.0953 4476  defragsvc - ok
22:24:36.0003 4476  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:24:36.0093 4476  DfsC - ok
22:24:36.0113 4476  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:24:36.0163 4476  Dhcp - ok
22:24:36.0183 4476  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:24:36.0263 4476  discache - ok
22:24:36.0293 4476  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:24:36.0323 4476  Disk - ok
22:24:36.0363 4476  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:24:36.0423 4476  Dnscache - ok
22:24:36.0453 4476  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:24:36.0533 4476  dot3svc - ok
22:24:36.0573 4476  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:24:36.0633 4476  DPS - ok
22:24:36.0663 4476  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:24:36.0703 4476  drmkaud - ok
22:24:36.0743 4476  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:24:36.0793 4476  DXGKrnl - ok
22:24:36.0833 4476  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:24:36.0913 4476  EapHost - ok
22:24:37.0003 4476  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:24:37.0153 4476  ebdrv - ok
22:24:37.0213 4476  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:24:37.0253 4476  EFS - ok
22:24:37.0293 4476  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:24:37.0383 4476  ehRecvr - ok
22:24:37.0413 4476  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:24:37.0463 4476  ehSched - ok
22:24:37.0503 4476  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:24:37.0543 4476  elxstor - ok
22:24:37.0583 4476  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:24:37.0623 4476  ErrDev - ok
22:24:37.0663 4476  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:24:37.0733 4476  EventSystem - ok
22:24:37.0793 4476  [ 251AF86E0A4DDF3A6B181ED5103B06B1 ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
22:24:37.0853 4476  ewusbnet - ok
22:24:37.0913 4476  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:24:37.0973 4476  exfat - ok
22:24:37.0993 4476  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:24:38.0033 4476  fastfat - ok
22:24:38.0103 4476  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:24:38.0163 4476  Fax - ok
22:24:38.0183 4476  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:24:38.0213 4476  fdc - ok
22:24:38.0233 4476  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:24:38.0313 4476  fdPHost - ok
22:24:38.0333 4476  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:24:38.0393 4476  FDResPub - ok
22:24:38.0423 4476  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:24:38.0443 4476  FileInfo - ok
22:24:38.0443 4476  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:24:38.0573 4476  Filetrace - ok
22:24:38.0583 4476  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:24:38.0603 4476  flpydisk - ok
22:24:38.0633 4476  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:24:38.0653 4476  FltMgr - ok
22:24:38.0723 4476  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
22:24:38.0763 4476  FontCache - ok
22:24:38.0813 4476  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:24:38.0843 4476  FontCache3.0.0.0 - ok
22:24:38.0853 4476  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:24:38.0873 4476  FsDepends - ok
22:24:38.0903 4476  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:24:38.0913 4476  Fs_Rec - ok
22:24:38.0953 4476  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:24:38.0993 4476  fvevol - ok
22:24:39.0013 4476  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:24:39.0033 4476  gagp30kx - ok
22:24:39.0073 4476  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:24:39.0193 4476  gpsvc - ok
22:24:39.0213 4476  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:24:39.0243 4476  hcw85cir - ok
22:24:39.0293 4476  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:24:39.0353 4476  HdAudAddService - ok
22:24:39.0383 4476  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:24:39.0423 4476  HDAudBus - ok
22:24:39.0423 4476  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:24:39.0453 4476  HidBatt - ok
22:24:39.0453 4476  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:24:39.0483 4476  HidBth - ok
22:24:39.0503 4476  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:24:39.0543 4476  HidIr - ok
22:24:39.0563 4476  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:24:39.0623 4476  hidserv - ok
22:24:39.0683 4476  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
22:24:39.0703 4476  HidUsb - ok
22:24:39.0753 4476  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:24:39.0823 4476  hkmsvc - ok
22:24:39.0853 4476  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:24:39.0873 4476  HomeGroupListener - ok
22:24:39.0913 4476  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:24:39.0963 4476  HomeGroupProvider - ok
22:24:39.0993 4476  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:24:40.0023 4476  HpSAMD - ok
22:24:40.0093 4476  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:24:40.0213 4476  HTTP - ok
22:24:40.0263 4476  [ D969D0E26C5B1E813B17066A8318D5D4 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
22:24:40.0283 4476  hwdatacard - ok
22:24:40.0313 4476  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:24:40.0333 4476  hwpolicy - ok
22:24:40.0363 4476  [ 9C13A2691AC410CC7469F298684DCA5D ] hwusbfake       C:\Windows\system32\DRIVERS\ewusbfake.sys
22:24:40.0403 4476  hwusbfake - ok
22:24:40.0433 4476  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:24:40.0453 4476  i8042prt - ok
22:24:40.0493 4476  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:24:40.0523 4476  iaStorV - ok
22:24:40.0633 4476  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:24:40.0673 4476  IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:24:40.0673 4476  IDriverT - detected UnsignedFile.Multi.Generic (1)
22:24:40.0743 4476  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:24:40.0813 4476  idsvc - ok
22:24:40.0843 4476  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:24:40.0853 4476  iirsp - ok
22:24:40.0913 4476  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:24:41.0043 4476  IKEEXT - ok
22:24:41.0053 4476  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:24:41.0063 4476  intelide - ok
22:24:41.0073 4476  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:24:41.0093 4476  intelppm - ok
22:24:41.0113 4476  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:24:41.0173 4476  IPBusEnum - ok
22:24:41.0213 4476  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:24:41.0243 4476  IpFilterDriver - ok
22:24:41.0323 4476  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:24:41.0383 4476  iphlpsvc - ok
22:24:41.0423 4476  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:24:41.0443 4476  IPMIDRV - ok
22:24:41.0463 4476  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:24:41.0543 4476  IPNAT - ok
22:24:41.0563 4476  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:24:41.0643 4476  IRENUM - ok
22:24:41.0683 4476  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:24:41.0713 4476  isapnp - ok
22:24:41.0753 4476  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:24:41.0793 4476  iScsiPrt - ok
22:24:41.0813 4476  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:24:41.0823 4476  kbdclass - ok
22:24:41.0853 4476  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:24:41.0903 4476  kbdhid - ok
22:24:41.0933 4476  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:24:41.0953 4476  KeyIso - ok
22:24:41.0983 4476  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:24:42.0003 4476  KSecDD - ok
22:24:42.0033 4476  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:24:42.0073 4476  KSecPkg - ok
22:24:42.0083 4476  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:24:42.0143 4476  ksthunk - ok
22:24:42.0173 4476  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:24:42.0243 4476  KtmRm - ok
22:24:42.0273 4476  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:24:42.0343 4476  LanmanServer - ok
22:24:42.0383 4476  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:24:42.0453 4476  LanmanWorkstation - ok
22:24:42.0473 4476  [ 156AB2E56DC3CA0B582E3362E07CDED7 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
22:24:42.0493 4476  lirsgt - ok
22:24:42.0523 4476  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:24:42.0603 4476  lltdio - ok
22:24:42.0643 4476  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:24:42.0723 4476  lltdsvc - ok
22:24:42.0743 4476  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:24:42.0783 4476  lmhosts - ok
22:24:42.0803 4476  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:24:42.0823 4476  LSI_FC - ok
22:24:42.0833 4476  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:24:42.0853 4476  LSI_SAS - ok
22:24:42.0863 4476  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:24:42.0883 4476  LSI_SAS2 - ok
22:24:42.0883 4476  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:24:42.0903 4476  LSI_SCSI - ok
22:24:42.0913 4476  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:24:42.0963 4476  luafv - ok
22:24:43.0023 4476  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
22:24:43.0053 4476  MBAMProtector - ok
22:24:43.0143 4476  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:24:43.0183 4476  MBAMScheduler - ok
22:24:43.0223 4476  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:24:43.0243 4476  MBAMService - ok
22:24:43.0273 4476  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:24:43.0313 4476  Mcx2Svc - ok
22:24:43.0343 4476  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:24:43.0353 4476  megasas - ok
22:24:43.0373 4476  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:24:43.0393 4476  MegaSR - ok
22:24:43.0413 4476  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:24:43.0483 4476  MMCSS - ok
22:24:43.0493 4476  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:24:43.0543 4476  Modem - ok
22:24:43.0573 4476  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:24:43.0603 4476  monitor - ok
22:24:43.0643 4476  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
22:24:43.0663 4476  mouclass - ok
22:24:43.0683 4476  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:24:43.0723 4476  mouhid - ok
22:24:43.0783 4476  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:24:43.0813 4476  mountmgr - ok
22:24:43.0853 4476  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:24:43.0873 4476  MozillaMaintenance - ok
22:24:43.0913 4476  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:24:43.0933 4476  mpio - ok
22:24:43.0953 4476  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:24:44.0013 4476  mpsdrv - ok
22:24:44.0063 4476  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:24:44.0183 4476  MpsSvc - ok
22:24:44.0213 4476  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:24:44.0253 4476  MRxDAV - ok
22:24:44.0293 4476  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:24:44.0363 4476  mrxsmb - ok
22:24:44.0403 4476  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:24:44.0433 4476  mrxsmb10 - ok
22:24:44.0453 4476  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:24:44.0483 4476  mrxsmb20 - ok
22:24:44.0523 4476  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:24:44.0553 4476  msahci - ok
22:24:44.0583 4476  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:24:44.0613 4476  msdsm - ok
22:24:44.0623 4476  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:24:44.0653 4476  MSDTC - ok
22:24:44.0673 4476  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:24:44.0713 4476  Msfs - ok
22:24:44.0733 4476  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:24:44.0763 4476  mshidkmdf - ok
22:24:44.0803 4476  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:24:44.0813 4476  msisadrv - ok
22:24:44.0833 4476  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:24:44.0893 4476  MSiSCSI - ok
22:24:44.0893 4476  msiserver - ok
22:24:44.0923 4476  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:24:44.0963 4476  MSKSSRV - ok
22:24:44.0973 4476  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:24:45.0023 4476  MSPCLOCK - ok
22:24:45.0033 4476  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:24:45.0093 4476  MSPQM - ok
22:24:45.0123 4476  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:24:45.0163 4476  MsRPC - ok
22:24:45.0193 4476  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:24:45.0213 4476  mssmbios - ok
22:24:45.0223 4476  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:24:45.0273 4476  MSTEE - ok
22:24:45.0293 4476  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:24:45.0313 4476  MTConfig - ok
22:24:45.0343 4476  [ 96C19D6F5C1BBB5D97D89B61A6251F2D ] MTSBDA          C:\Windows\system32\Drivers\MtsBda.sys
22:24:45.0363 4476  MTSBDA - ok
22:24:45.0393 4476  [ BEC9FAE9155BF8C68BB8B11C35A581FE ] MtsHID          C:\Windows\system32\drivers\MtsHID.sys
22:24:45.0413 4476  MtsHID - ok
22:24:45.0433 4476  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:24:45.0453 4476  Mup - ok
22:24:45.0503 4476  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:24:45.0573 4476  napagent - ok
22:24:45.0623 4476  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:24:45.0683 4476  NativeWifiP - ok
22:24:45.0753 4476  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:24:45.0793 4476  NDIS - ok
22:24:45.0803 4476  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:24:45.0853 4476  NdisCap - ok
22:24:45.0863 4476  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:24:45.0903 4476  NdisTapi - ok
22:24:45.0943 4476  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:24:46.0013 4476  Ndisuio - ok
22:24:46.0043 4476  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:24:46.0103 4476  NdisWan - ok
22:24:46.0123 4476  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:24:46.0203 4476  NDProxy - ok
22:24:46.0223 4476  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:24:46.0283 4476  NetBIOS - ok
22:24:46.0303 4476  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:24:46.0353 4476  NetBT - ok
22:24:46.0373 4476  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:24:46.0383 4476  Netlogon - ok
22:24:46.0403 4476  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:24:46.0453 4476  Netman - ok
22:24:46.0483 4476  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:24:46.0543 4476  netprofm - ok
22:24:46.0613 4476  [ 618C55B392238B9467F9113E13525C49 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
22:24:46.0683 4476  netr28ux - ok
22:24:46.0713 4476  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:24:46.0743 4476  NetTcpPortSharing - ok
22:24:46.0773 4476  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:24:46.0803 4476  nfrd960 - ok
22:24:46.0833 4476  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:24:46.0873 4476  NlaSvc - ok
22:24:46.0923 4476  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:24:46.0973 4476  Npfs - ok
22:24:46.0983 4476  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:24:47.0033 4476  nsi - ok
22:24:47.0053 4476  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:24:47.0133 4476  nsiproxy - ok
22:24:47.0193 4476  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:24:47.0273 4476  Ntfs - ok
22:24:47.0293 4476  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:24:47.0343 4476  Null - ok
22:24:47.0383 4476  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:24:47.0403 4476  nvraid - ok
22:24:47.0453 4476  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:24:47.0483 4476  nvstor - ok
22:24:47.0533 4476  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:24:47.0573 4476  nv_agp - ok
22:24:47.0593 4476  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:24:47.0623 4476  ohci1394 - ok
22:24:47.0663 4476  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:24:47.0703 4476  p2pimsvc - ok
22:24:47.0733 4476  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:24:47.0763 4476  p2psvc - ok
22:24:47.0773 4476  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:24:47.0793 4476  Parport - ok
22:24:47.0823 4476  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:24:47.0843 4476  partmgr - ok
22:24:47.0863 4476  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:24:47.0903 4476  PcaSvc - ok
22:24:47.0933 4476  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:24:47.0953 4476  pci - ok
22:24:47.0983 4476  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:24:48.0003 4476  pciide - ok
22:24:48.0013 4476  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:24:48.0033 4476  pcmcia - ok
22:24:48.0043 4476  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:24:48.0063 4476  pcw - ok
22:24:48.0083 4476  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:24:48.0153 4476  PEAUTH - ok
22:24:48.0203 4476  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
22:24:48.0283 4476  PeerDistSvc - ok
22:24:48.0363 4476  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:24:48.0403 4476  PerfHost - ok
22:24:48.0473 4476  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:24:48.0583 4476  pla - ok
22:24:48.0643 4476  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:24:48.0713 4476  PlugPlay - ok
22:24:48.0733 4476  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:24:48.0783 4476  PNRPAutoReg - ok
22:24:48.0803 4476  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:24:48.0833 4476  PNRPsvc - ok
22:24:48.0853 4476  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:24:48.0923 4476  PolicyAgent - ok
22:24:48.0963 4476  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:24:49.0023 4476  Power - ok
22:24:49.0073 4476  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:24:49.0153 4476  PptpMiniport - ok
22:24:49.0183 4476  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:24:49.0223 4476  Processor - ok
22:24:49.0253 4476  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:24:49.0303 4476  ProfSvc - ok
22:24:49.0323 4476  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:24:49.0343 4476  ProtectedStorage - ok
22:24:49.0393 4476  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:24:49.0463 4476  Psched - ok
22:24:49.0493 4476  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:24:49.0573 4476  ql2300 - ok
22:24:49.0583 4476  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:24:49.0603 4476  ql40xx - ok
22:24:49.0633 4476  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:24:49.0653 4476  QWAVE - ok
22:24:49.0663 4476  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:24:49.0713 4476  QWAVEdrv - ok
22:24:49.0723 4476  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:24:49.0783 4476  RasAcd - ok
22:24:49.0813 4476  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:24:49.0853 4476  RasAgileVpn - ok
22:24:49.0853 4476  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:24:49.0913 4476  RasAuto - ok
22:24:49.0953 4476  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:24:50.0023 4476  Rasl2tp - ok
22:24:50.0053 4476  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:24:50.0113 4476  RasMan - ok
22:24:50.0133 4476  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:24:50.0193 4476  RasPppoe - ok
22:24:50.0223 4476  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:24:50.0283 4476  RasSstp - ok
22:24:50.0323 4476  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:24:50.0393 4476  rdbss - ok
22:24:50.0423 4476  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:24:50.0433 4476  rdpbus - ok
22:24:50.0463 4476  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:24:50.0513 4476  RDPCDD - ok
22:24:50.0543 4476  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
22:24:50.0563 4476  RDPDR - ok
22:24:50.0583 4476  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:24:50.0643 4476  RDPENCDD - ok
22:24:50.0663 4476  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:24:50.0693 4476  RDPREFMP - ok
22:24:50.0733 4476  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:24:50.0773 4476  RDPWD - ok
22:24:50.0813 4476  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:24:50.0843 4476  rdyboost - ok
22:24:50.0873 4476  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:24:50.0943 4476  RemoteAccess - ok
22:24:50.0973 4476  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:24:51.0053 4476  RemoteRegistry - ok
22:24:51.0083 4476  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:24:51.0143 4476  RpcEptMapper - ok
22:24:51.0173 4476  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:24:51.0223 4476  RpcLocator - ok
22:24:51.0283 4476  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:24:51.0333 4476  RpcSs - ok
22:24:51.0363 4476  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:24:51.0443 4476  rspndr - ok
22:24:51.0493 4476  [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:24:51.0523 4476  RTL8167 - ok
22:24:51.0573 4476  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
22:24:51.0613 4476  s3cap - ok
22:24:51.0613 4476  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:24:51.0633 4476  SamSs - ok
22:24:51.0663 4476  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:24:51.0693 4476  sbp2port - ok
22:24:51.0723 4476  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:24:51.0813 4476  SCardSvr - ok
22:24:51.0853 4476  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:24:51.0913 4476  scfilter - ok
22:24:51.0963 4476  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:24:52.0093 4476  Schedule - ok
22:24:52.0123 4476  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:24:52.0163 4476  SCPolicySvc - ok
22:24:52.0193 4476  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:24:52.0243 4476  SDRSVC - ok
22:24:52.0273 4476  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:24:52.0343 4476  secdrv - ok
22:24:52.0363 4476  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:24:52.0433 4476  seclogon - ok
22:24:52.0453 4476  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:24:52.0503 4476  SENS - ok
22:24:52.0513 4476  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:24:52.0543 4476  SensrSvc - ok
22:24:52.0573 4476  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:24:52.0583 4476  Serenum - ok
22:24:52.0603 4476  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:24:52.0643 4476  Serial - ok
22:24:52.0693 4476  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:24:52.0723 4476  sermouse - ok
22:24:52.0773 4476  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:24:52.0833 4476  SessionEnv - ok
22:24:52.0863 4476  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:24:52.0913 4476  sffdisk - ok
22:24:52.0933 4476  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:24:52.0983 4476  sffp_mmc - ok
22:24:53.0003 4476  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:24:53.0053 4476  sffp_sd - ok
22:24:53.0073 4476  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:24:53.0093 4476  sfloppy - ok
22:24:53.0123 4476  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:24:53.0203 4476  SharedAccess - ok
22:24:53.0253 4476  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:24:53.0323 4476  ShellHWDetection - ok
22:24:53.0383 4476  [ 7799106FEE728B907A86D9C9751E02D5 ] silabenm        C:\Windows\system32\DRIVERS\silabenm.sys
22:24:53.0423 4476  silabenm - ok
22:24:53.0463 4476  [ 39A6F89D7EFF9B1B839570134170D859 ] silabser        C:\Windows\system32\DRIVERS\silabser.sys
22:24:53.0493 4476  silabser - ok
22:24:53.0523 4476  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:24:53.0543 4476  SiSRaid2 - ok
22:24:53.0553 4476  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:24:53.0573 4476  SiSRaid4 - ok
22:24:53.0593 4476  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:24:53.0663 4476  Smb - ok
22:24:53.0703 4476  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:24:53.0733 4476  SNMPTRAP - ok
22:24:53.0743 4476  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:24:53.0763 4476  spldr - ok
22:24:53.0803 4476  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:24:53.0863 4476  Spooler - ok
22:24:53.0953 4476  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:24:54.0083 4476  sppsvc - ok
22:24:54.0113 4476  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:24:54.0173 4476  sppuinotify - ok
22:24:54.0253 4476  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
22:24:54.0253 4476  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
22:24:54.0253 4476  sptd ( LockedFile.Multi.Generic ) - warning
22:24:54.0253 4476  sptd - detected LockedFile.Multi.Generic (1)
22:24:54.0293 4476  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:24:54.0363 4476  srv - ok
22:24:54.0383 4476  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:24:54.0423 4476  srv2 - ok
22:24:54.0433 4476  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:24:54.0473 4476  srvnet - ok
22:24:54.0493 4476  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:24:54.0553 4476  SSDPSRV - ok
22:24:54.0573 4476  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:24:54.0613 4476  SstpSvc - ok
22:24:54.0653 4476  Steam Client Service - ok
22:24:54.0673 4476  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:24:54.0703 4476  stexstor - ok
22:24:54.0753 4476  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:24:54.0793 4476  stisvc - ok
22:24:54.0823 4476  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
22:24:54.0833 4476  storflt - ok
22:24:54.0853 4476  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
22:24:54.0893 4476  StorSvc - ok
22:24:54.0953 4476  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
22:24:54.0983 4476  storvsc - ok
22:24:55.0013 4476  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:24:55.0033 4476  swenum - ok
22:24:55.0053 4476  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:24:55.0153 4476  swprv - ok
22:24:55.0223 4476  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:24:55.0313 4476  SysMain - ok
22:24:55.0343 4476  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:24:55.0363 4476  TabletInputService - ok
22:24:55.0383 4476  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:24:55.0453 4476  TapiSrv - ok
22:24:55.0463 4476  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:24:55.0513 4476  TBS - ok
22:24:55.0563 4476  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:24:55.0643 4476  Tcpip - ok
22:24:55.0673 4476  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:24:55.0703 4476  TCPIP6 - ok
22:24:55.0753 4476  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:24:55.0793 4476  tcpipreg - ok
22:24:55.0833 4476  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:24:55.0863 4476  TDPIPE - ok
22:24:55.0903 4476  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:24:55.0943 4476  TDTCP - ok
22:24:56.0013 4476  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:24:56.0093 4476  tdx - ok
22:24:56.0123 4476  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:24:56.0143 4476  TermDD - ok
22:24:56.0193 4476  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:24:56.0273 4476  TermService - ok
22:24:56.0293 4476  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:24:56.0333 4476  Themes - ok
22:24:56.0343 4476  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:24:56.0383 4476  THREADORDER - ok
22:24:56.0393 4476  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:24:56.0443 4476  TrkWks - ok
22:24:56.0503 4476  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:24:56.0593 4476  TrustedInstaller - ok
22:24:56.0643 4476  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:24:56.0683 4476  tssecsrv - ok
22:24:56.0743 4476  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:24:56.0783 4476  TsUsbFlt - ok
22:24:56.0843 4476  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:24:56.0893 4476  tunnel - ok
22:24:56.0913 4476  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:24:56.0933 4476  uagp35 - ok
22:24:56.0973 4476  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:24:57.0063 4476  udfs - ok
22:24:57.0093 4476  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:24:57.0143 4476  UI0Detect - ok
22:24:57.0173 4476  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:24:57.0203 4476  uliagpkx - ok
22:24:57.0243 4476  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
22:24:57.0283 4476  umbus - ok
22:24:57.0303 4476  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:24:57.0323 4476  UmPass - ok
22:24:57.0353 4476  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
22:24:57.0393 4476  UmRdpService - ok
22:24:57.0413 4476  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:24:57.0473 4476  upnphost - ok
22:24:57.0503 4476  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:24:57.0533 4476  usbccgp - ok
22:24:57.0553 4476  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:24:57.0583 4476  usbcir - ok
22:24:57.0623 4476  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:24:57.0653 4476  usbehci - ok
22:24:57.0703 4476  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:24:57.0763 4476  usbhub - ok
22:24:57.0803 4476  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:24:57.0843 4476  usbohci - ok
22:24:57.0873 4476  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:24:57.0913 4476  usbprint - ok
22:24:57.0943 4476  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:24:57.0973 4476  usbscan - ok
22:24:57.0983 4476  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:24:58.0003 4476  USBSTOR - ok
22:24:58.0043 4476  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:24:58.0073 4476  usbuhci - ok
22:24:58.0103 4476  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:24:58.0163 4476  UxSms - ok
22:24:58.0193 4476  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:24:58.0203 4476  VaultSvc - ok
22:24:58.0253 4476  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:24:58.0273 4476  vdrvroot - ok
22:24:58.0323 4476  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:24:58.0403 4476  vds - ok
22:24:58.0433 4476  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:24:58.0453 4476  vga - ok
22:24:58.0463 4476  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:24:58.0513 4476  VgaSave - ok
22:24:58.0543 4476  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:24:58.0563 4476  vhdmp - ok
22:24:58.0573 4476  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:24:58.0593 4476  viaide - ok
22:24:58.0633 4476  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
22:24:58.0663 4476  vmbus - ok
22:24:58.0703 4476  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
22:24:58.0733 4476  VMBusHID - ok
22:24:58.0753 4476  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:24:58.0773 4476  volmgr - ok
22:24:58.0813 4476  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:24:58.0843 4476  volmgrx - ok
22:24:58.0873 4476  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:24:58.0903 4476  volsnap - ok
22:24:58.0983 4476  [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
22:24:59.0013 4476  vpcbus - ok
22:24:59.0063 4476  [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
22:24:59.0123 4476  vpcnfltr - ok
22:24:59.0143 4476  [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
22:24:59.0163 4476  vpcusb - ok
22:24:59.0183 4476  [ 63F4E10873BEB4124028C6D1A66B0968 ] vpcuxd          C:\Windows\system32\drivers\vpcuxd.sys
22:24:59.0213 4476  vpcuxd - ok
22:24:59.0273 4476  [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
22:24:59.0303 4476  vpcvmm - ok
22:24:59.0333 4476  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:24:59.0353 4476  vsmraid - ok
22:24:59.0403 4476  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:24:59.0503 4476  VSS - ok
22:24:59.0523 4476  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:24:59.0553 4476  vwifibus - ok
22:24:59.0563 4476  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:24:59.0613 4476  vwififlt - ok
22:24:59.0633 4476  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:24:59.0653 4476  vwifimp - ok
22:24:59.0703 4476  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:24:59.0783 4476  W32Time - ok
22:24:59.0793 4476  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:24:59.0833 4476  WacomPen - ok
22:24:59.0883 4476  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:24:59.0973 4476  WANARP - ok
22:24:59.0993 4476  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:25:00.0023 4476  Wanarpv6 - ok
22:25:00.0103 4476  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:25:00.0193 4476  WatAdminSvc - ok
22:25:00.0263 4476  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:25:00.0333 4476  wbengine - ok
22:25:00.0353 4476  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:25:00.0383 4476  WbioSrvc - ok
22:25:00.0423 4476  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:25:00.0483 4476  wcncsvc - ok
22:25:00.0503 4476  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:25:00.0523 4476  WcsPlugInService - ok
22:25:00.0543 4476  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:25:00.0563 4476  Wd - ok
22:25:00.0603 4476  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:25:00.0683 4476  Wdf01000 - ok
22:25:00.0693 4476  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:25:00.0733 4476  WdiServiceHost - ok
22:25:00.0733 4476  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:25:00.0753 4476  WdiSystemHost - ok
22:25:00.0783 4476  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:25:00.0823 4476  WebClient - ok
22:25:00.0853 4476  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:25:00.0903 4476  Wecsvc - ok
22:25:00.0913 4476  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:25:00.0973 4476  wercplsupport - ok
22:25:00.0993 4476  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:25:01.0053 4476  WerSvc - ok
22:25:01.0073 4476  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:25:01.0113 4476  WfpLwf - ok
22:25:01.0123 4476  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:25:01.0133 4476  WIMMount - ok
22:25:01.0153 4476  WinDefend - ok
22:25:01.0153 4476  WinHttpAutoProxySvc - ok
22:25:01.0203 4476  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:25:01.0253 4476  Winmgmt - ok
22:25:01.0323 4476  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:25:01.0493 4476  WinRM - ok
22:25:01.0563 4476  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:25:01.0613 4476  WinUsb - ok
22:25:01.0653 4476  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:25:01.0703 4476  Wlansvc - ok
22:25:01.0733 4476  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:25:01.0743 4476  WmiAcpi - ok
22:25:01.0763 4476  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:25:01.0793 4476  wmiApSrv - ok
22:25:01.0833 4476  WMPNetworkSvc - ok
22:25:01.0853 4476  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:25:01.0863 4476  WPCSvc - ok
22:25:01.0903 4476  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:25:01.0933 4476  WPDBusEnum - ok
22:25:01.0953 4476  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:25:02.0023 4476  ws2ifsl - ok
22:25:02.0053 4476  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:25:02.0083 4476  wscsvc - ok
22:25:02.0093 4476  WSearch - ok
22:25:02.0173 4476  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:25:02.0283 4476  wuauserv - ok
22:25:02.0313 4476  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:25:02.0333 4476  WudfPf - ok
22:25:02.0353 4476  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:25:02.0383 4476  WUDFRd - ok
22:25:02.0423 4476  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:25:02.0463 4476  wudfsvc - ok
22:25:02.0493 4476  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:25:02.0543 4476  WwanSvc - ok
22:25:02.0583 4476  ================ Scan global ===============================
22:25:02.0603 4476  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:25:02.0653 4476  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:25:02.0683 4476  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:25:02.0713 4476  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:25:02.0743 4476  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:25:02.0763 4476  [Global] - ok
22:25:02.0763 4476  ================ Scan MBR ==================================
22:25:02.0773 4476  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:25:03.0043 4476  \Device\Harddisk0\DR0 - ok
22:25:03.0043 4476  ================ Scan VBR ==================================
22:25:03.0053 4476  [ A9B929C5B804C13865DC6B9CD8A7ECB5 ] \Device\Harddisk0\DR0\Partition1
22:25:03.0053 4476  \Device\Harddisk0\DR0\Partition1 - ok
22:25:03.0073 4476  [ F51D038F8CE3180C8CB62842C70F8693 ] \Device\Harddisk0\DR0\Partition2
22:25:03.0083 4476  \Device\Harddisk0\DR0\Partition2 - ok
22:25:03.0103 4476  [ 10CB206786123DB49E5354C8DC1AE4F5 ] \Device\Harddisk0\DR0\Partition3
22:25:03.0103 4476  \Device\Harddisk0\DR0\Partition3 - ok
22:25:03.0103 4476  ============================================================
22:25:03.0103 4476  Scan finished
22:25:03.0103 4476  ============================================================
22:25:03.0123 4064  Detected object count: 2
22:25:03.0123 4064  Actual detected object count: 2
22:25:13.0233 4064  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:25:13.0233 4064  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:25:13.0233 4064  sptd ( LockedFile.Multi.Generic ) - skipped by user
22:25:13.0233 4064  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
         
MfG, Tensid
__________________
Tensid...
kationisch, immer positiv geladen!

Alt 22.05.2013, 13:45   #10
t'john
/// Helfer-Team
 
Delta Search entfernen - Anfrage auf Überprüfung - Standard

Delta Search entfernen - Anfrage auf Überprüfung



Aktualisiere:

Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)

Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.




Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.



Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 13.09.2013, 16:59   #11
t'john
/// Helfer-Team
 
Delta Search entfernen - Anfrage auf Überprüfung - Standard

Delta Search entfernen - Anfrage auf Überprüfung



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Delta Search entfernen - Anfrage auf Überprüfung
.html, anderen, anfrage, delta, durchzusehen, entfernen, entschieden, erstellt, frage, funktionier, postings, pup.hacktool, rückmeldung, schritte, search, win32/adware.bho.njq, win32/adware.toolbar.eztracks.a, würde




Ähnliche Themen: Delta Search entfernen - Anfrage auf Überprüfung


  1. Delta Search entfernen!
    Log-Analyse und Auswertung - 25.06.2013 (16)
  2. Delta Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (8)
  3. Delta Search zu 100% entfernen!
    Plagegeister aller Art und deren Bekämpfung - 15.05.2013 (28)
  4. Delta Search mit Spybot entfernt; Delta Search taucht jedoch in neuen Tab trotzdem auf
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  5. Delta Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (30)
  6. delta search entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (12)
  7. Delta-Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 10.04.2013 (12)
  8. Delta Search entfernen
    Log-Analyse und Auswertung - 06.04.2013 (1)
  9. Delta Search entfernen fehlgeschlagen?
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (13)
  10. Delta Search entfernen!
    Log-Analyse und Auswertung - 25.03.2013 (12)
  11. Delta search entfernen!
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (11)
  12. Delta Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.03.2013 (1)
  13. Delta Search entfernen
    Log-Analyse und Auswertung - 11.03.2013 (20)
  14. Delta-Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (11)
  15. Delta Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (3)
  16. Delta Search entfernen!
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (10)
  17. spyhunter und delta-search entfernen
    Log-Analyse und Auswertung - 21.02.2013 (16)

Zum Thema Delta Search entfernen - Anfrage auf Überprüfung - Hallöchen. Ich bin auf der Suche nach einem Weg DeltaSearch zu entfernen in diesem Forum gelandet. Nach einigem Lesen, habe ich mich entschieden, die Schritte von ryder in den Postings - Delta Search entfernen - Anfrage auf Überprüfung...
Archiv
Du betrachtest: Delta Search entfernen - Anfrage auf Überprüfung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.