|
Plagegeister aller Art und deren Bekämpfung: Qtrax und Sposorship= Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
11.07.2013, 19:43 | #1 |
| Qtrax und Sposorship= Virus? Servus zusammen, da ich mich leider nicht so gut mit PC- Software auskenne und mir eure Seite sehr Seriös erscheint hoffe ich, dass Ihr mir bei meinem Problem helfen könnt. Zu meinem Problem es öffnet sich immer wieder mal sporadisch mein Browser (Opera) und öffnet dabei 2 Tabs zum einen sponsorship und Qtrax. Dies ist ziemlich nervig für mich da ich nicht weiß was da alles passiert. Z. b. ob mein PC ausspioniert wird. VG Chris |
11.07.2013, 19:43 | #2 |
/// Malware-holic | Qtrax und Sposorship= Virus? Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex netsvcs msconfig %SYSTEMDRIVE%\*. %PROGRAMFILES%\*.exe %LOCALAPPDATA%\*.exe %systemroot%\*. /mp /s C:\Windows\system32\*.tsp /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %USERPROFILE%\*.* %USERPROFILE%\Local Settings\Temp\*.exe %USERPROFILE%\Local Settings\Temp\*.dll %USERPROFILE%\Application Data\*.exe HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs CREATERESTOREPOINT
__________________ |
11.07.2013, 19:53 | #3 |
| Qtrax und Sposorship= Virus? Sorry aber irgendwie verläuft bei mir der OTL link ins nirgendwo
__________________ |
11.07.2013, 20:08 | #4 |
/// Malware-holic | Qtrax und Sposorship= Virus?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.07.2013, 20:32 | #5 |
| Qtrax und Sposorship= Virus? So habs jetz durchlaufen lassen.OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.07.2013 21:20:51 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,89 Gb Total Physical Memory | 5,20 Gb Available Physical Memory | 65,93% Memory free 15,77 Gb Paging File | 12,46 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 229,70 Gb Total Space | 97,44 Gb Free Space | 42,42% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 671,54 Gb Free Space | 72,09% Space Free | Partition Type: NTFS Drive F: | 7,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 2,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Processes (SafeList) ========== PRC - C:\Users\Christian\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Opera\15.0.1147.141\opera_crashreporter.exe () PRC - C:\Program Files (x86)\Opera\15.0.1147.141\opera.exe (Opera Software) PRC - C:\Users\Christian\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC) PRC - C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (WebCake LLC) PRC - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (DT Soft Ltd) PRC - C:\Users\Christian\temp\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe (ROCCAT GmbH) PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Programme\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware) PRC - C:\Programme\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware) PRC - C:\Programme\Alienware\Command Center\AlienFusionController.exe (Alienware) PRC - C:\Windows\SysWOW64\CtHdaSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\AlienRespawn\sftservice.EXE (SoftThinks SAS) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell) PRC - C:\Program Files (x86)\AlienRespawn\TOASTER.EXE (SoftThinks - Dell) PRC - C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE () PRC - C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Opera\15.0.1147.141\opera_crashreporter.exe () MOD - C:\Program Files (x86)\Opera\15.0.1147.141\libglesv2.dll () MOD - C:\Program Files (x86)\Opera\15.0.1147.141\libegl.dll () MOD - C:\Program Files (x86)\Opera\15.0.1147.141\ffmpegsumo.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\990123c5701a26f1d724150839811bce\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e698a866fd16973a24ca6697218028ad\System.ServiceModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1e8f7367eaa08c5057d78c093982f8f0\System.IdentityModel.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\54c496ff6d9d7e1c51cc343620fcc656\System.Data.DataSetExtensions.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6f120c76113dc5166d2a5a5d21900f39\System.Data.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll () MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () MOD - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\c300c8ca0910bbffb16a244b56be6d05\System.Numerics.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll () MOD - C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE () MOD - C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\de-DE\SBRcni.resources.dll () MOD - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (BrowserDefendert) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe () SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (TeamViewer6) -- C:\Users\Christian\temp\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Qualcomm Atheros Killer Service) -- C:\Programme\Qualcomm Atheros\Killer Network Manager\BFNService.exe () SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink) SRV - (AlienFusionService) -- C:\Programme\Alienware\Command Center\AlienFusionService.exe (Alienware) SRV - (CtHdaSvc) -- C:\Windows\SysWOW64\CtHdaSvc.exe (Creative Technology Ltd) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (SftService) -- C:\Program Files (x86)\AlienRespawn\sftservice.EXE (SoftThinks SAS) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- c:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (CTAudSvcService) -- c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (DokanMounter) -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (BfLwf) -- C:\Windows\SysNative\drivers\bflwfx64.sys (Qualcomm Atheros, Inc.) DRV:64bit: - (Ak27x64) -- C:\Windows\SysNative\drivers\Ak27x64.sys (Qualcomm Atheros, Inc.) DRV:64bit: - (cthda) -- C:\Windows\SysNative\drivers\CtHda.sys (Creative Technology Ltd) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ST_ACCEL) -- C:\Windows\SysNative\drivers\ST_ACCEL.sys (STMicroelectronics) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics) DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV:64bit: - (Dokan) -- C:\Windows\SysNative\drivers\dokan.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.) DRV:64bit: - (SNTUSB64) -- C:\Windows\SysNative\drivers\SNTUSB64.SYS (SafeNet, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (EMSC) -- C:\Windows\SysNative\drivers\EMSC.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (EMSC) -- C:\Windows\SysWOW64\drivers\EMSC.sys (Windows (R) Win 7 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=4C22689423D65289&affID=119357&tt=180613_ndtc&tsp=4921 IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.alienwarearena.com/welcome-de IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=4C22689423D65289&affID=119357&tt=180613_ndtc&tsp=4921 IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=4C22689423D65289&affID=119357&tt=180613_ndtc&tsp=4921 IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) [2013.06.22 16:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com) O2 - BHO: (DealPly) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Alienware) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe () O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Integrated Webcam Live! Central] C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [ROCCAT Savu Gaming Mouse] C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe (ROCCAT GmbH) O4 - HKLM..\Run: [Sound Blaster Recon3Di Control Panel] c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe (Creative Technology Ltd) O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000..\Run: [WebCake Desktop] C:\Users\Christian\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in ) O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in ) O15 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FB5C1C8-752A-40AA-821C-B75ED4C21FA8}: NameServer = 192.168.2.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{881965BF-D620-4A39-AD9D-9ECACA5C7F00}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found O18:64bit: - Protocol\Filter\ica - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.02.06 16:50:15 | 000,000,062 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2013.03.04 23:28:25 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{356754c2-4667-11e2-8e08-20689d6492d2}\Shell - "" = AutoRun O33 - MountPoints2\{356754c2-4667-11e2-8e08-20689d6492d2}\Shell\AutoRun\command - "" = F:\hmh-trseg.exe -- [2013.03.04 23:24:27 | 000,472,750 | R--- | M] ( ) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 60 Days ========== [2013.07.11 17:16:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6 [2013.07.09 21:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.07.09 21:45:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.07.03 19:19:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Opera Software [2013.07.03 19:19:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Opera Software [2013.07.02 21:27:33 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\AVG2013 [2013.07.02 21:27:07 | 000,000,000 | -H-D | C] -- C:\$AVG [2013.07.02 21:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2013.07.02 21:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2013.07.02 21:15:16 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\MFAData [2013.07.02 21:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013.07.02 21:15:16 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Avg2013 [2013.06.27 17:46:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.06.27 17:46:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.06.27 17:46:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.06.27 17:46:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.06.27 17:46:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.06.27 17:46:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.06.27 17:46:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.06.27 17:46:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.06.27 17:46:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.06.27 17:46:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.06.27 17:46:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.06.27 17:46:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.06.27 17:46:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.06.27 17:46:41 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.06.27 17:46:41 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.06.27 17:37:57 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.06.27 17:37:57 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.06.27 17:37:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.06.27 17:37:57 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.06.27 17:37:55 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.06.27 17:37:19 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.06.27 17:37:19 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.06.27 17:37:19 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.06.27 17:37:19 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.06.27 17:37:19 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.06.27 17:37:19 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013.06.27 17:37:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013.06.27 17:37:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013.06.27 17:37:02 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013.06.27 17:37:02 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013.06.27 17:36:21 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.06.27 17:36:21 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.06.27 17:36:20 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.06.27 17:36:20 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.06.27 17:36:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.06.22 16:06:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2013.06.22 16:06:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2013.06.22 16:06:14 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender [2013.06.22 16:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender [2013.06.22 16:05:51 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\BabSolution [2013.06.22 16:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.06.22 16:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta [2013.06.22 16:05:01 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\WebCake [2013.06.22 16:05:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake [2013.06.22 16:04:34 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Google [2013.06.22 16:04:34 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly [2013.06.22 16:04:34 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\DealPly [2013.06.22 16:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly [2013.06.22 16:04:30 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\DSite [2013.06.22 16:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2013.06.22 16:04:26 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Babylon [2013.06.21 19:29:14 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\iLivid [2013.05.25 14:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows ========== Files - Modified Within 60 Days ========== [2013.07.11 21:04:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\DSite.job [2013.07.11 20:14:44 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.11 20:14:44 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.11 20:14:44 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.11 20:14:44 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.11 20:14:44 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.11 18:04:04 | 000,000,005 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\WBPU-TTL.DAT [2013.07.11 18:04:04 | 000,000,005 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q5-TTL.DAT [2013.07.11 17:22:57 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.11 17:22:57 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.11 17:15:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.11 17:15:40 | 2054,926,335 | -HS- | M] () -- C:\hiberfil.sys [2013.07.09 23:04:32 | 000,000,005 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q4-TTL.DAT [2013.07.09 21:45:41 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.07.07 00:04:11 | 000,000,005 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q3-TTL.DAT [2013.07.02 23:01:36 | 000,004,677 | ---- | M] () -- C:\Users\Christian\Desktop\Wacker.odt [2013.06.29 14:23:59 | 000,000,005 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q2-TTL.DAT [2013.06.29 00:12:21 | 809,614,649 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.27 21:30:35 | 000,353,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.27 17:36:42 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2013.06.22 19:21:52 | 000,956,936 | ---- | M] () -- C:\Users\Christian\Desktop\Dok1.odt [2013.06.11 20:45:25 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Alienware Command Center.lnk [2013.05.28 15:26:56 | 000,868,092 | ---- | M] () -- C:\Users\Christian\Desktop\20130528_1521_germany-VK3601H_18_cliff.wotreplay [2013.05.17 05:09:56 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.17 05:01:13 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.17 05:00:22 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.17 04:56:09 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.17 04:56:00 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.17 04:55:59 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.17 04:54:09 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.17 04:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.17 04:46:31 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.17 00:27:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.17 00:26:07 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.17 00:21:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.17 00:21:34 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.17 00:17:21 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.17 00:12:55 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.13 07:51:00 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013.05.13 07:51:00 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013.05.13 07:50:40 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013.05.13 05:43:55 | 001,192,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013.05.13 05:08:10 | 000,903,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013.05.13 05:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll ========== Files Created - No Company Name ========== [2013.07.11 18:04:04 | 000,000,005 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q5-TTL.DAT [2013.07.09 23:04:32 | 000,000,005 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q4-TTL.DAT [2013.07.05 02:04:42 | 000,000,005 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q3-TTL.DAT [2013.07.03 19:19:54 | 000,001,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2013.07.03 19:14:49 | 000,001,258 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.07.02 23:01:36 | 000,004,677 | ---- | C] () -- C:\Users\Christian\Desktop\Wacker.odt [2013.07.02 21:27:18 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.06.23 00:04:26 | 000,000,005 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q2-TTL.DAT [2013.06.22 20:04:04 | 000,000,005 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\WBPU-TTL.DAT [2013.06.22 16:04:31 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\DSite.job [2013.06.11 20:45:10 | 000,662,518 | ---- | C] () -- C:\Users\Christian\Desktop\AW-CO4.jpg [2013.05.28 15:26:55 | 000,868,092 | ---- | C] () -- C:\Users\Christian\Desktop\20130528_1521_germany-VK3601H_18_cliff.wotreplay [2013.05.04 08:15:57 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE [2013.05.04 08:15:57 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\hdsuinst.exe [2013.05.04 08:15:57 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI [2013.02.16 20:03:23 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2013.02.16 13:45:40 | 000,007,618 | ---- | C] () -- C:\Users\Christian\AppData\Local\Resmon.ResmonCfg [2013.02.16 12:03:20 | 000,000,020 | ---- | C] () -- C:\Windows\Crocclip.INI [2012.12.22 00:26:12 | 000,280,600 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.12.22 00:26:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.12.08 02:08:37 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.12.08 02:08:36 | 000,557,476 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.12.08 02:08:33 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.08 02:08:31 | 012,978,688 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.12.08 02:08:28 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.12.08 02:08:28 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.12.08 02:08:27 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.12.08 00:30:59 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2012.12.08 00:30:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.06.16 00:13:58 | 000,022,384 | ---- | C] () -- C:\Windows\SysWow64\LightFX.dll [2012.03.07 22:54:30 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2012.03.07 22:54:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012.01.11 04:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.07.02 21:27:33 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\AVG2013 [2013.06.22 16:05:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\BabSolution [2013.06.22 16:04:26 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Babylon [2012.12.16 15:31:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite [2013.06.22 16:04:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DealPly [2013.06.22 16:04:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DSite [2013.02.25 23:59:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICAClient [2012.12.16 15:29:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenCandy [2013.07.03 19:14:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Opera [2013.07.03 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Opera Software [2013.06.09 19:26:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Origin [2012.12.19 20:25:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PCDr [2013.01.11 22:41:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TeamViewer [2013.07.11 21:15:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TS3Client [2013.07.02 21:27:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software [2013.01.03 16:48:45 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Wargaming.net [2013.06.22 16:05:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\WebCake [2013.07.09 21:45:41 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013.07.09 21:45:41 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.07.02 21:27:07 | 000,000,000 | -H-D | M] -- C:\$AVG [2013.06.25 23:46:15 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.12.08 00:35:57 | 000,000,000 | ---D | M] -- C:\Apps [2013.07.06 12:46:55 | 000,000,000 | ---D | M] -- C:\bnwin [2013.07.10 21:12:07 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2013.05.04 10:07:52 | 000,000,000 | ---D | M] -- C:\DdsCr [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.12.13 21:35:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.04.27 19:12:39 | 000,000,000 | ---D | M] -- C:\Games [2012.12.07 17:14:59 | 000,000,000 | ---D | M] -- C:\Intel [2013.01.02 20:57:14 | 000,000,000 | RH-D | M] -- C:\MSOCache [2013.06.25 18:29:54 | 000,000,000 | R--D | M] -- C:\Program Files [2013.07.06 11:47:24 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.07.06 08:00:33 | 000,000,000 | ---D | M] -- C:\ProgramData [2012.12.13 21:35:35 | 000,000,000 | -HSD | M] -- C:\Programme [2012.12.13 21:40:06 | 000,000,000 | -HSD | M] -- C:\System Recovery [2013.07.11 21:22:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.01.28 22:17:24 | 000,000,000 | ---D | M] -- C:\Temp [2012.12.13 21:35:37 | 000,000,000 | R--D | M] -- C:\Users [2013.06.29 00:12:21 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013.06.22 16:04:31 | 000,000,300 | ---- | C] () -- C:\Windows\Tasks\DSite.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2012.12.08 02:11:44 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2012.12.08 02:11:44 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2012.12.08 02:11:44 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2012.12.08 02:11:44 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2012.12.08 02:11:44 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2012.12.08 02:11:44 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011.12.29 06:14:04 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\drivers\iaStor.sys [2011.12.29 06:14:04 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_9c981fcb416c038e\iaStor.sys [2011.12.29 06:14:04 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_b6f2349de4a55e89\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2012.12.08 02:11:41 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2012.12.08 02:11:41 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2012.12.08 02:11:41 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2012.12.08 02:11:41 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2012.12.08 02:11:41 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2012.12.08 02:11:41 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2012.12.08 02:11:41 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2012.12.08 02:11:41 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.07.11 21:26:42 | 001,835,008 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT [2013.07.11 21:26:42 | 000,262,144 | -HS- | M] () -- C:\Users\Christian\ntuser.dat.LOG1 [2012.12.13 21:35:37 | 000,000,000 | -HS- | M] () -- C:\Users\Christian\ntuser.dat.LOG2 [2012.12.13 22:38:33 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.12.13 22:38:33 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.12.13 22:38:33 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.12.13 21:35:37 | 000,000,020 | -HS- | M] () -- C:\Users\Christian\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.07.2013 21:20:51 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,89 Gb Total Physical Memory | 5,20 Gb Available Physical Memory | 65,93% Memory free 15,77 Gb Paging File | 12,46 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 229,70 Gb Total Space | 97,44 Gb Free Space | 42,42% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 671,54 Gb Free Space | 72,09% Space Free | Partition Type: NTFS Drive F: | 7,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 2,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) [HKEY_USERS\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Classes\<extension>] .html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0012667F-85A4-46A8-9E38-4380256D5A6C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{05ABF955-AB0E-46D0-8100-67FF4C7CB10E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe | "{0993FF61-8F7B-4632-94D2-A975BDEFA6F0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{0A55795B-0C52-491F-AA6C-4CE99551051C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | "{22E5CC68-229C-45C9-A34A-B194CEAC21BA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{35F46485-17FD-4610-9F07-34B1CC045AEF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{36EBED36-9BC1-4ABF-A200-586D475419C5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | "{3A0A5119-57E2-41A9-82A0-591062F601E9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | "{417CB69D-EAC5-4C95-B63E-7200CCF6EBB5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{45CC82C1-8D54-4483-83E4-834008E6304C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{61C04A07-1C38-453F-A03D-63C57845D496}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | "{63DFCF91-999F-47F4-9B44-455431852BDB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{66532C9E-F412-4282-B0F4-ADE71AABFE31}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{66C7253D-F3D2-46B3-B60A-4B1CD9B660C0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | "{6EEACE16-3E1F-4618-B751-C1E759A22340}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | "{72C34376-5D32-460D-880A-1113A5E6C2E6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | "{77D3C8F8-9921-43F5-BE60-A085C634B0AF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | "{7BC311DE-73D5-4981-895C-85674549EEBF}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{8114CC27-85E5-4C3D-8B2D-9651F0EB5F85}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{83F7A8B4-ECEE-4023-8671-0DABA2C06A6A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | "{8AA3CC8F-E610-4BA2-88CB-DCC068A30D65}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{8FA5C6B4-CC8C-4906-ADB0-EF788B67B2F7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{92E004A0-6D7D-48F0-84C0-FC786A453B36}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | "{ABD20274-1483-4022-B594-8C469F4D1589}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | "{AD020905-60D6-475B-8B15-E7523FD96533}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{B04F80D7-079B-4351-A65A-4A8AD1758A49}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{B178FFA9-8D3B-4C44-9645-49D17B088D45}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{B1DA8C51-E6C3-4B15-983E-B7622C3670E5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | "{BFB9A66D-F2E9-4E73-9C8B-C0A84D0279B4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | "{C37A472C-852C-42E7-B0FA-57E610BD43EB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | "{C628EEA9-4F82-4373-AF93-740EAA0C51F5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{C65F5FBB-F96F-49BD-9DF2-C7D26E7C535C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{D16075EF-0652-4B17-B1EC-FFEBCF889BE4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | "{DDEB3411-DAE3-4FAA-81F3-D9056AE750D2}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{E3094945-A5C8-49E8-85DB-041440089431}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | "{F450A5E4-325B-48E9-8A40-5B0029ED3B5D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | "{FE7EA086-61E2-48E9-A812-CB8FE83D1D89}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe | "TCP Query User{0D9F9BA5-1988-43D8-8F88-39D30F4A7D0E}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "TCP Query User{3113153A-C0CC-452B-9541-E79885D7202D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{6BA78B6B-6748-47AC-B220-077096F99E33}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe | "TCP Query User{9DD745C4-DE2C-493B-B8BA-7E94BC63C8FC}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "TCP Query User{AB4E7A25-506D-47D7-9076-554DE7C62B0D}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "TCP Query User{D945E8C3-12B1-4FF5-AA91-A937CA599B64}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | "TCP Query User{E06DEAC3-C1FC-476C-8451-52E82495EBA2}C:\games\world_of_tanks - kopie\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks - kopie\worldoftanks.exe | "TCP Query User{F0A2CBE5-3050-4FD1-836F-C2FE6C4E0745}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | "UDP Query User{26A75F1B-D840-4276-A18A-4096E1F8DC1E}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe | "UDP Query User{371C5B42-7FC3-48E9-92F2-3177DD25E826}C:\games\world_of_tanks - kopie\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks - kopie\worldoftanks.exe | "UDP Query User{428BA9DE-DD6F-478A-B1AA-2591DB583B91}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | "UDP Query User{70508FC7-7E32-4385-AD6E-797695C75BDC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{7AD88413-C3CC-467B-9507-96FCB6A4C111}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | "UDP Query User{7E413ACE-6F22-4D3B-B39B-275B0297E6C4}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "UDP Query User{9C2C5600-B6B0-42EA-AE03-1D4A708A451A}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "UDP Query User{EEBD81A0-F961-45E0-B46F-59C320CB2ABB}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1951928B-0BA3-03EF-A6C3-AA1BA09386FF}" = ccc-utility64 "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client "{78B5B205-2F59-4D96-9D83-DEB94CD5229B}" = AVG 2013 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{993FE4D0-F7BB-F48A-9D70-E301142D282D}" = AMD Catalyst Install Manager "{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software "{AE7891D8-2340-4CD6-BA0A-6C8C01F7B4B4}" = AVG 2013 "{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00 "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}" = Alienware Command Center "AVG" = AVG 2013 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "PC-Doctor for Windows" = AlienAutopsy "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamSpeak 3 Client" = TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0049934D-30CA-8FC0-7C12-EE7184E96E7F}" = CCC Help Russian "{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender "{187C351F-6116-AAB7-903A-917D0A07596F}" = CCC Help Spanish "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1" = World of Tanks - Common Test "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{27521D03-28DE-CF65-E270-05F7F058EEC2}" = CCC Help Chinese Traditional "{29104819-77A7-FA53-1A47-DC336836E4B2}" = CCC Help Italian "{2C6ED207-F7D0-9489-26DD-6CEC59523219}" = Catalyst Control Center Localization All "{32A4F64A-3BBA-505A-6DCC-7245D23E1A4A}" = PX Profile Update "{3329A007-9AA2-C904-0CAC-CF47B7CBCA14}" = CCC Help Dutch "{3B591BD7-F4E7-B4AA-F22E-18188180F988}" = Catalyst Control Center "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{48379835-BF2E-4487-9CB1-D5E654502B53}" = Medal of Honor™ Warfighter "{4B7CAFE4-9ABA-85A9-8B80-9FB44E8177F9}" = CCC Help Japanese "{51FDC2DE-0917-46B7-EAEC-5377504701DE}" = PowerXpressHybrid "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6BF39FC4-586C-FABD-A962-AD1562A2FCDD}" = CCC Help English "{6F4B8EA6-4546-4160-A05F-0706F7DC1EFF}" = Savu Mouse "{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix Online Plug-in (DV) "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{77E945F2-BB8B-D2B1-4190-5774A0E8DE51}" = CCC Help Chinese Standard "{7AFAD3CC-CA62-E317-EE00-1BA2139E4C33}" = CCC Help Swedish "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{8F081FB1-6D7D-54B7-26BC-C562B644E1D1}" = CCC Help Finnish "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}" = ST Microelectronics 3 Axis Digital Accelerometer Solution "{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01 "{A5F2EBB1-41CD-4B2D-937E-1C63792FFC45}" = kwp-bnWin.net "{A62B243F-3A4D-4001-C55A-1B5E8AB05383}" = Catalyst Control Center InstallProxy "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6 "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI "{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix Online Plug-in (HDX) "{B1CBD9A4-D8E7-C1E5-7134-2D5DBCAC2943}" = CCC Help French "{C45E715E-442E-4D82-BD46-A08A0870957C}" = Sound Blaster Recon3Di Extras "{C4A6253A-9139-4A7F-E848-C9E0E4504E09}" = CCC Help German "{C65826F1-CFB4-4F0D-55D7-CB0FA1F69844}" = CCC Help Korean "{C8AAFCDC-CD3A-40AD-9FA9-07FB70F08224}" = Sound Blaster Recon3Di "{CFB89DE9-C8FD-4D33-986A-DBDEC5309378}" = Catalyst Control Center - Branding "{D308FCBE-FB4A-4F49-A24A-378F255098D8}" = DDS-CAD 7.2 "{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix Online Plug-in (USB) "{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando "{DFDE5A58-AA42-1446-DAD2-E611E4768CC7}" = CCC Help Portuguese "{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3 "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0CECD5B-17C6-9576-2B13-E92520912D97}" = CCC Help Norwegian "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix Online Plug-in (Web) "{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC "{FF86F3A1-FFEE-3037-659E-DC5AF48D06C3}" = CCC Help Danish "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web "DAEMON Tools Lite" = DAEMON Tools Lite "DealPly" = DealPly (remove only) "delta" = Delta toolbar "Delta Chrome Toolbar" = Delta Chrome Toolbar "DokanLibrary" = Dokan Library 0.6.0 "HASP HL Device Driver" = HASP HL Device Driver "InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6 "InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager "InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}" = Alienware Command Center "Integrated Webcam Live! Central" = Integrated Webcam Live! Central "Office14.SingleImage" = Microsoft Office Home and Student 2010 "Opera 15.0.1147.141" = Opera Stable 15.0.1147.141 "Origin" = Origin "Polysun 5.3.12.13149" = Polysun 5.3.12.13149 "PunkBusterSvc" = PunkBuster Services "Tabellenbuch Elektrotechnik 2.0" = Tabellenbuch Elektrotechnik 2.0 "Tomb Raider_is1" = Tomb Raider "Uplay" = Uplay "VDE-Anwendungsprogramm" = VDE-Anwendungsprogramm 8.1.1.42 "Worms Reloaded_is1" = Worms Reloaded ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DealPly" = DealPly "DSite" = Update for Zip Opener "SOE-C:/Users/Christian/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater "SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.05.2013 12:09:59 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\ATI\CIM\Bin64\SetACL64.exe". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 17.05.2013 10:48:42 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10 Description = Error - 17.05.2013 11:33:56 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\ATI\CIM\Bin64\SetACL64.exe". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.05.2013 01:53:37 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10 Description = Error - 18.05.2013 03:27:11 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\ATI\CIM\Bin64\SetACL64.exe". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.05.2013 09:35:58 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10 Description = Error - 18.05.2013 18:36:12 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\ATI\CIM\Bin64\SetACL64.exe". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 19.05.2013 05:44:56 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10 Description = Error - 19.05.2013 06:57:26 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10 Description = Error - 19.05.2013 18:30:15 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\ATI\CIM\Bin64\SetACL64.exe". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 25.04.2013 17:48:46 | Computer Name = Christian-PC | Source = DCOM | ID = 10010 Description = Error - 25.04.2013 17:48:47 | Computer Name = Christian-PC | Source = DCOM | ID = 10010 Description = Error - 26.04.2013 15:24:48 | Computer Name = Christian-PC | Source = DCOM | ID = 10010 Description = Error - 27.04.2013 13:11:53 | Computer Name = Christian-PC | Source = iaStor | ID = 262153 Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht geantwortet. Error - 27.04.2013 18:18:26 | Computer Name = Christian-PC | Source = DCOM | ID = 10010 Description = Error - 28.04.2013 16:35:38 | Computer Name = Christian-PC | Source = DCOM | ID = 10010 Description = Error - 29.04.2013 16:09:22 | Computer Name = Christian-PC | Source = DCOM | ID = 10010 Description = Error - 30.04.2013 17:24:41 | Computer Name = Christian-PC | Source = DCOM | ID = 10010 Description = Error - 30.04.2013 17:34:38 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Qualcomm Atheros Killer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 30.04.2013 18:15:48 | Computer Name = Christian-PC | Source = DCOM | ID = 10010 Description = < End of report > hoffe das passt so. |
11.07.2013, 20:47 | #6 |
/// Malware-holic | Qtrax und Sposorship= Virus? Hi, sieht eher ungefährlich aus, Adware. wir schaun aber erst mal weiter. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Qtrax und Sposorship= Virus? |
11.07.2013, 20:55 | #7 |
| Qtrax und Sposorship= Virus? Hi, hab alles so gemacht wie in der Anweisung 21:50:32.0582 12876 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 21:50:33.0035 12876 ============================================================ 21:50:33.0035 12876 Current date / time: 2013/07/11 21:50:33.0035 21:50:33.0035 12876 SystemInfo: 21:50:33.0035 12876 21:50:33.0035 12876 OS Version: 6.1.7601 ServicePack: 1.0 21:50:33.0035 12876 Product type: Workstation 21:50:33.0035 12876 ComputerName: CHRISTIAN-PC 21:50:33.0035 12876 UserName: Christian 21:50:33.0035 12876 Windows directory: C:\Windows 21:50:33.0035 12876 System windows directory: C:\Windows 21:50:33.0035 12876 Running under WOW64 21:50:33.0035 12876 Processor architecture: Intel x64 21:50:33.0035 12876 Number of processors: 8 21:50:33.0035 12876 Page size: 0x1000 21:50:33.0035 12876 Boot type: Normal boot 21:50:33.0035 12876 ============================================================ 21:50:33.0185 12876 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:50:33.0185 12876 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 21:50:33.0189 12876 ============================================================ 21:50:33.0189 12876 \Device\Harddisk0\DR0: 21:50:33.0189 12876 MBR partitions: 21:50:33.0189 12876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1178000 21:50:33.0189 12876 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x118C000, BlocksNum 0x1CB66000 21:50:33.0189 12876 \Device\Harddisk1\DR1: 21:50:33.0190 12876 MBR partitions: 21:50:33.0190 12876 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x2000, BlocksNum 0x74704000 21:50:33.0190 12876 ============================================================ 21:50:33.0191 12876 C: <-> \Device\Harddisk0\DR0\Partition2 21:50:33.0786 12876 D: <-> \Device\Harddisk1\DR1\Partition1 21:50:33.0786 12876 ============================================================ 21:50:33.0786 12876 Initialize success 21:50:33.0786 12876 ============================================================ 21:51:01.0973 11804 ============================================================ 21:51:01.0973 11804 Scan started 21:51:01.0973 11804 Mode: Manual; SigCheck; TDLFS; 21:51:01.0973 11804 ============================================================ 21:51:02.0116 11804 ================ Scan system memory ======================== 21:51:02.0116 11804 System memory - ok 21:51:02.0117 11804 ================ Scan services ============================= 21:51:02.0142 11804 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 21:51:02.0182 11804 1394ohci - ok 21:51:02.0187 11804 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 21:51:02.0198 11804 ACPI - ok 21:51:02.0200 11804 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 21:51:02.0218 11804 AcpiPmi - ok 21:51:02.0222 11804 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 21:51:02.0230 11804 AdobeARMservice - ok 21:51:02.0237 11804 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 21:51:02.0249 11804 adp94xx - ok 21:51:02.0254 11804 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 21:51:02.0265 11804 adpahci - ok 21:51:02.0269 11804 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 21:51:02.0278 11804 adpu320 - ok 21:51:02.0281 11804 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:51:02.0304 11804 AeLookupSvc - ok 21:51:02.0310 11804 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 21:51:02.0324 11804 AFD - ok 21:51:02.0326 11804 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 21:51:02.0334 11804 agp440 - ok 21:51:02.0360 11804 [ 3E675F96034C90A4A3DFFBDD714A22AE ] Ak27x64 C:\Windows\system32\DRIVERS\Ak27x64.sys 21:51:02.0404 11804 Ak27x64 - ok 21:51:02.0409 11804 [ BC569A6C209D94F6643EE35710AEC1F6 ] aksdf C:\Windows\system32\DRIVERS\aksdf.sys 21:51:02.0417 11804 aksdf - ok 21:51:02.0420 11804 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 21:51:02.0429 11804 ALG - ok 21:51:02.0433 11804 [ CE8A16A035F697D69DD2E6152DA05B8C ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe 21:51:02.0440 11804 AlienFusionService - ok 21:51:02.0442 11804 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 21:51:02.0449 11804 aliide - ok 21:51:02.0453 11804 [ A29A10AB5DB8A12576989AE348814805 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 21:51:02.0477 11804 AMD External Events Utility - ok 21:51:02.0480 11804 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 21:51:02.0487 11804 amdide - ok 21:51:02.0489 11804 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 21:51:02.0498 11804 AmdK8 - ok 21:51:02.0565 11804 [ 288EB089133CDE5349CC4AF02D5569BB ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 21:51:02.0661 11804 amdkmdag - ok 21:51:02.0667 11804 [ ED3524BF7EDB33CB06C44B7B7BED4E2E ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 21:51:02.0682 11804 amdkmdap - ok 21:51:02.0685 11804 [ 554FB0F28C411FB1EAFD4EA46A8CAAA4 ] amdkmpfd C:\Windows\system32\DRIVERS\amdkmpfd.sys 21:51:02.0691 11804 amdkmpfd - ok 21:51:02.0694 11804 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 21:51:02.0703 11804 AmdPPM - ok 21:51:02.0706 11804 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 21:51:02.0715 11804 amdsata - ok 21:51:02.0719 11804 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 21:51:02.0728 11804 amdsbs - ok 21:51:02.0729 11804 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 21:51:02.0737 11804 amdxata - ok 21:51:02.0740 11804 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 21:51:02.0767 11804 AppID - ok 21:51:02.0769 11804 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 21:51:02.0790 11804 AppIDSvc - ok 21:51:02.0793 11804 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 21:51:02.0802 11804 Appinfo - ok 21:51:02.0807 11804 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 21:51:02.0818 11804 AppMgmt - ok 21:51:02.0820 11804 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 21:51:02.0828 11804 arc - ok 21:51:02.0831 11804 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 21:51:02.0839 11804 arcsas - ok 21:51:02.0847 11804 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 21:51:02.0854 11804 aspnet_state - ok 21:51:02.0856 11804 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:51:02.0877 11804 AsyncMac - ok 21:51:02.0880 11804 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 21:51:02.0887 11804 atapi - ok 21:51:02.0897 11804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:51:02.0922 11804 AudioEndpointBuilder - ok 21:51:02.0928 11804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 21:51:02.0952 11804 AudioSrv - ok 21:51:02.0988 11804 [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe 21:51:03.0045 11804 AVGIDSAgent - ok 21:51:03.0050 11804 [ 139BD30C32BEE830D0CF39C5324D79DE ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys 21:51:03.0059 11804 AVGIDSDriver - ok 21:51:03.0061 11804 [ 2940FACB6EF92BD1936E4A1E2502468E ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys 21:51:03.0069 11804 AVGIDSHA - ok 21:51:03.0073 11804 [ 54B66C4AEEC6C4F742F3569EBA03EBB8 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 21:51:03.0081 11804 Avgldx64 - ok 21:51:03.0087 11804 [ 13667B5D6310228A9FEF2BA5FCD9081F ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys 21:51:03.0096 11804 Avgloga - ok 21:51:03.0099 11804 [ BE82F9A1F2CCF4CE746D0C645D94079E ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 21:51:03.0107 11804 Avgmfx64 - ok 21:51:03.0110 11804 [ 5D11620DEF66F9DC9468FEE385A8429B ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 21:51:03.0117 11804 Avgrkx64 - ok 21:51:03.0121 11804 [ 69BD90E337625F96C718CACE7A9C9E29 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys 21:51:03.0130 11804 Avgtdia - ok 21:51:03.0135 11804 [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe 21:51:03.0145 11804 avgwd - ok 21:51:03.0150 11804 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 21:51:03.0170 11804 AxInstSV - ok 21:51:03.0176 11804 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 21:51:03.0189 11804 b06bdrv - ok 21:51:03.0194 11804 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 21:51:03.0205 11804 b57nd60a - ok 21:51:03.0210 11804 [ BC88D56376CCFAF08BE25E33A7046D1F ] bcbtums C:\Windows\system32\drivers\bcbtums.sys 21:51:03.0218 11804 bcbtums - ok 21:51:03.0221 11804 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 21:51:03.0230 11804 BDESVC - ok 21:51:03.0233 11804 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 21:51:03.0254 11804 Beep - ok 21:51:03.0263 11804 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 21:51:03.0289 11804 BFE - ok 21:51:03.0293 11804 [ 92A1B95CFC9E931FDA4FFE75DF87D72B ] BfLwf C:\Windows\system32\DRIVERS\bflwfx64.sys 21:51:03.0300 11804 BfLwf - ok 21:51:03.0309 11804 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 21:51:03.0339 11804 BITS - ok 21:51:03.0341 11804 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 21:51:03.0350 11804 blbdrive - ok 21:51:03.0354 11804 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:51:03.0363 11804 bowser - ok 21:51:03.0365 11804 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 21:51:03.0376 11804 BrFiltLo - ok 21:51:03.0378 11804 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 21:51:03.0388 11804 BrFiltUp - ok 21:51:03.0392 11804 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 21:51:03.0403 11804 Browser - ok 21:51:03.0426 11804 [ 013A330F16B1CECBDE5CB6F921689523 ] BrowserDefendert C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe 21:51:03.0461 11804 BrowserDefendert - ok 21:51:03.0466 11804 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 21:51:03.0478 11804 Brserid - ok 21:51:03.0480 11804 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 21:51:03.0491 11804 BrSerWdm - ok 21:51:03.0493 11804 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 21:51:03.0502 11804 BrUsbMdm - ok 21:51:03.0504 11804 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 21:51:03.0512 11804 BrUsbSer - ok 21:51:03.0515 11804 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys 21:51:03.0524 11804 BthEnum - ok 21:51:03.0527 11804 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 21:51:03.0537 11804 BTHMODEM - ok 21:51:03.0539 11804 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 21:51:03.0550 11804 BthPan - ok 21:51:03.0557 11804 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 21:51:03.0569 11804 BTHPORT - ok 21:51:03.0572 11804 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 21:51:03.0593 11804 bthserv - ok 21:51:03.0596 11804 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 21:51:03.0606 11804 BTHUSB - ok 21:51:03.0614 11804 [ 30E157AB82EE7406F526ED80896D2431 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys 21:51:03.0626 11804 btwampfl - ok 21:51:03.0630 11804 [ 824E7A93F491414B6BF496D29CB14331 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 21:51:03.0638 11804 btwaudio - ok 21:51:03.0642 11804 [ 9C7A3858D87F3A2574C1D326CA6C1461 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys 21:51:03.0651 11804 btwavdt - ok 21:51:03.0662 11804 [ 23532AEB64352440B38C6923A0BFCB2B ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 21:51:03.0679 11804 btwdins - ok 21:51:03.0681 11804 [ B1ACFD00CDD13B48D86F46BFEC153BF9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 21:51:03.0688 11804 btwl2cap - ok 21:51:03.0690 11804 [ BB892C59D453E127797F8C5B203678DC ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 21:51:03.0697 11804 btwrchid - ok 21:51:03.0699 11804 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:51:03.0721 11804 cdfs - ok 21:51:03.0725 11804 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 21:51:03.0735 11804 cdrom - ok 21:51:03.0738 11804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 21:51:03.0759 11804 CertPropSvc - ok 21:51:03.0761 11804 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 21:51:03.0771 11804 circlass - ok 21:51:03.0776 11804 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 21:51:03.0787 11804 CLFS - ok 21:51:03.0794 11804 [ FC9946B9121978E38943C2D20F129377 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe 21:51:03.0803 11804 CLKMSVC10_9EC60124 - ok 21:51:03.0809 11804 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:51:03.0816 11804 clr_optimization_v2.0.50727_32 - ok 21:51:03.0820 11804 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:51:03.0828 11804 clr_optimization_v2.0.50727_64 - ok 21:51:03.0834 11804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:51:03.0841 11804 clr_optimization_v4.0.30319_32 - ok 21:51:03.0845 11804 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:51:03.0852 11804 clr_optimization_v4.0.30319_64 - ok 21:51:03.0855 11804 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:51:03.0863 11804 CmBatt - ok 21:51:03.0865 11804 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:51:03.0873 11804 cmdide - ok 21:51:03.0879 11804 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 21:51:03.0894 11804 CNG - ok 21:51:03.0897 11804 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 21:51:03.0905 11804 Compbatt - ok 21:51:03.0908 11804 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 21:51:03.0917 11804 CompositeBus - ok 21:51:03.0922 11804 COMSysApp - ok 21:51:03.0940 11804 [ F3D0368E158CFB62BE63BA7B4B7EC507 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe 21:51:03.0950 11804 cphs - ok 21:51:03.0952 11804 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 21:51:03.0960 11804 crcdisk - ok 21:51:03.0962 11804 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe 21:51:03.0965 11804 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning 21:51:03.0965 11804 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1) 21:51:03.0968 11804 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe 21:51:03.0971 11804 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning 21:51:03.0971 11804 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1) 21:51:03.0976 11804 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:51:03.0987 11804 CryptSvc - ok 21:51:03.0993 11804 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 21:51:04.0006 11804 CSC - ok 21:51:04.0015 11804 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 21:51:04.0029 11804 CscService - ok 21:51:04.0035 11804 [ EDBA1382E5D7D1E71442B43E170CF8D4 ] CTAudSvcService c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe 21:51:04.0041 11804 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning 21:51:04.0041 11804 CTAudSvcService - detected UnsignedFile.Multi.Generic (1) 21:51:04.0045 11804 [ DF214BFF646880D0EB31BDC86136B29B ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys 21:51:04.0055 11804 CtClsFlt - ok 21:51:04.0067 11804 [ 210486A236B236B0C5B159C6BC414776 ] cthda C:\Windows\system32\drivers\cthda.sys 21:51:04.0084 11804 cthda - ok 21:51:04.0088 11804 [ D494394738C8F44EB4E5765B797CC75B ] CtHdaSvc C:\Windows\sysWow64\CtHdaSvc.exe 21:51:04.0096 11804 CtHdaSvc - ok 21:51:04.0099 11804 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys 21:51:04.0107 11804 ctxusbm - ok 21:51:04.0114 11804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 21:51:04.0140 11804 DcomLaunch - ok 21:51:04.0145 11804 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 21:51:04.0169 11804 defragsvc - ok 21:51:04.0172 11804 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:51:04.0193 11804 DfsC - ok 21:51:04.0198 11804 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 21:51:04.0210 11804 Dhcp - ok 21:51:04.0212 11804 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 21:51:04.0234 11804 discache - ok 21:51:04.0236 11804 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 21:51:04.0245 11804 Disk - ok 21:51:04.0247 11804 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 21:51:04.0256 11804 dmvsc - ok 21:51:04.0260 11804 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:51:04.0270 11804 Dnscache - ok 21:51:04.0274 11804 [ FA122BC1451B1B35B7814FBE1ACF1924 ] Dokan C:\Windows\system32\drivers\dokan.sys 21:51:04.0283 11804 Dokan - ok 21:51:04.0286 11804 [ 8C856E531A1170F53AC6844E89CD0B5F ] DokanMounter C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe 21:51:04.0288 11804 DokanMounter ( UnsignedFile.Multi.Generic ) - warning 21:51:04.0288 11804 DokanMounter - detected UnsignedFile.Multi.Generic (1) 21:51:04.0292 11804 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 21:51:04.0314 11804 dot3svc - ok 21:51:04.0318 11804 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 21:51:04.0340 11804 DPS - ok 21:51:04.0342 11804 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:51:04.0352 11804 drmkaud - ok 21:51:04.0357 11804 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 21:51:04.0366 11804 dtsoftbus01 - ok 21:51:04.0377 11804 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:51:04.0395 11804 DXGKrnl - ok 21:51:04.0398 11804 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 21:51:04.0420 11804 EapHost - ok 21:51:04.0446 11804 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 21:51:04.0481 11804 ebdrv - ok 21:51:04.0484 11804 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 21:51:04.0493 11804 EFS - ok 21:51:04.0502 11804 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:51:04.0518 11804 ehRecvr - ok 21:51:04.0521 11804 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 21:51:04.0531 11804 ehSched - ok 21:51:04.0538 11804 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 21:51:04.0550 11804 elxstor - ok 21:51:04.0553 11804 [ E47D9D7E6E53892FC97282482F4AE307 ] EMSC C:\Windows\system32\DRIVERS\EMSC.SYS 21:51:04.0559 11804 EMSC - ok 21:51:04.0561 11804 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:51:04.0569 11804 ErrDev - ok 21:51:04.0576 11804 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 21:51:04.0601 11804 EventSystem - ok 21:51:04.0604 11804 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 21:51:04.0627 11804 exfat - ok 21:51:04.0631 11804 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:51:04.0654 11804 fastfat - ok 21:51:04.0663 11804 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 21:51:04.0678 11804 Fax - ok 21:51:04.0680 11804 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 21:51:04.0688 11804 fdc - ok 21:51:04.0691 11804 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 21:51:04.0712 11804 fdPHost - ok 21:51:04.0714 11804 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 21:51:04.0736 11804 FDResPub - ok 21:51:04.0739 11804 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:51:04.0747 11804 FileInfo - ok 21:51:04.0749 11804 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:51:04.0771 11804 Filetrace - ok 21:51:04.0773 11804 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 21:51:04.0782 11804 flpydisk - ok 21:51:04.0786 11804 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:51:04.0796 11804 FltMgr - ok 21:51:04.0808 11804 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll 21:51:04.0826 11804 FontCache - ok 21:51:04.0831 11804 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:51:04.0841 11804 FontCache3.0.0.0 - ok 21:51:04.0845 11804 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 21:51:04.0856 11804 FsDepends - ok 21:51:04.0865 11804 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:51:04.0874 11804 Fs_Rec - ok 21:51:04.0882 11804 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 21:51:04.0896 11804 fvevol - ok 21:51:04.0898 11804 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 21:51:04.0907 11804 gagp30kx - ok 21:51:04.0915 11804 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 21:51:04.0942 11804 gpsvc - ok 21:51:04.0948 11804 [ D8BF3C594BD17A37960362E6C6739B90 ] Hardlock C:\Windows\system32\drivers\hardlock.sys 21:51:04.0958 11804 Hardlock - ok 21:51:04.0960 11804 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 21:51:04.0969 11804 hcw85cir - ok 21:51:04.0974 11804 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:51:04.0987 11804 HdAudAddService - ok 21:51:04.0989 11804 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 21:51:04.0989 11804 HDAudBus - ok 21:51:04.0989 11804 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 21:51:05.0004 11804 HidBatt - ok 21:51:05.0004 11804 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 21:51:05.0020 11804 HidBth - ok 21:51:05.0020 11804 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 21:51:05.0036 11804 HidIr - ok 21:51:05.0036 11804 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 21:51:05.0051 11804 hidserv - ok 21:51:05.0051 11804 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:51:05.0067 11804 HidUsb - ok 21:51:05.0067 11804 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:51:05.0098 11804 hkmsvc - ok 21:51:05.0098 11804 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 21:51:05.0098 11804 HomeGroupListener - ok 21:51:05.0114 11804 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 21:51:05.0114 11804 HomeGroupProvider - ok 21:51:05.0129 11804 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 21:51:05.0129 11804 HpSAMD - ok 21:51:05.0145 11804 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:51:05.0160 11804 HTTP - ok 21:51:05.0160 11804 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 21:51:05.0176 11804 hwpolicy - ok 21:51:05.0176 11804 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 21:51:05.0192 11804 i8042prt - ok 21:51:05.0192 11804 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys 21:51:05.0207 11804 iaStor - ok 21:51:05.0207 11804 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 21:51:05.0223 11804 IAStorDataMgrSvc - ok 21:51:05.0223 11804 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 21:51:05.0238 11804 iaStorV - ok 21:51:05.0238 11804 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 21:51:05.0238 11804 IDriverT ( UnsignedFile.Multi.Generic ) - warning 21:51:05.0238 11804 IDriverT - detected UnsignedFile.Multi.Generic (1) 21:51:05.0254 11804 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:51:05.0270 11804 idsvc - ok 21:51:05.0363 11804 [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 21:51:05.0488 11804 igfx - ok 21:51:05.0504 11804 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 21:51:05.0504 11804 iirsp - ok 21:51:05.0519 11804 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 21:51:05.0535 11804 IKEEXT - ok 21:51:05.0550 11804 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 21:51:05.0566 11804 IntcDAud - ok 21:51:05.0566 11804 [ 7C76466F4E0F76CE259C6005D161E9E8 ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe 21:51:05.0582 11804 Intel(R) Capability Licensing Service Interface - ok 21:51:05.0582 11804 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 21:51:05.0597 11804 intelide - ok 21:51:05.0691 11804 [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys 21:51:05.0847 11804 intelkmd - ok 21:51:05.0847 11804 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:51:05.0847 11804 intelppm - ok 21:51:05.0862 11804 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:51:05.0878 11804 IPBusEnum - ok 21:51:05.0878 11804 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:51:05.0909 11804 IpFilterDriver - ok 21:51:05.0909 11804 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:51:05.0925 11804 iphlpsvc - ok 21:51:05.0925 11804 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 21:51:05.0940 11804 IPMIDRV - ok 21:51:05.0940 11804 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 21:51:05.0956 11804 IPNAT - ok 21:51:05.0956 11804 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:51:05.0972 11804 IRENUM - ok 21:51:05.0972 11804 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:51:05.0987 11804 isapnp - ok 21:51:05.0987 11804 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 21:51:06.0003 11804 iScsiPrt - ok 21:51:06.0003 11804 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys 21:51:06.0003 11804 iusb3hcs - ok 21:51:06.0018 11804 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys 21:51:06.0018 11804 iusb3hub - ok 21:51:06.0034 11804 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys 21:51:06.0050 11804 iusb3xhc - ok 21:51:06.0050 11804 [ D22982C269775BCBDDA8A0F82A9ADE9E ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 21:51:06.0065 11804 jhi_service - ok 21:51:06.0065 11804 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 21:51:06.0065 11804 kbdclass - ok 21:51:06.0065 11804 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 21:51:06.0081 11804 kbdhid - ok 21:51:06.0081 11804 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 21:51:06.0096 11804 KeyIso - ok 21:51:06.0096 11804 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:51:06.0096 11804 KSecDD - ok 21:51:06.0096 11804 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 21:51:06.0112 11804 KSecPkg - ok 21:51:06.0112 11804 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 21:51:06.0143 11804 ksthunk - ok 21:51:06.0143 11804 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 21:51:06.0174 11804 KtmRm - ok 21:51:06.0174 11804 [ FC010C7814DDAC17389A7D87EA2EBB39 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 21:51:06.0174 11804 L1C - ok 21:51:06.0174 11804 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 21:51:06.0206 11804 LanmanServer - ok 21:51:06.0206 11804 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:51:06.0237 11804 LanmanWorkstation - ok 21:51:06.0237 11804 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:51:06.0252 11804 lltdio - ok 21:51:06.0252 11804 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:51:06.0284 11804 lltdsvc - ok 21:51:06.0284 11804 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 21:51:06.0315 11804 lmhosts - ok 21:51:06.0315 11804 [ 5C08357C65F658E29B5DDC2EF18D575C ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 21:51:06.0315 11804 LMS - ok 21:51:06.0330 11804 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 21:51:06.0330 11804 LSI_FC - ok 21:51:06.0330 11804 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 21:51:06.0346 11804 LSI_SAS - ok 21:51:06.0346 11804 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 21:51:06.0362 11804 LSI_SAS2 - ok 21:51:06.0362 11804 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 21:51:06.0362 11804 LSI_SCSI - ok 21:51:06.0377 11804 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 21:51:06.0393 11804 luafv - ok 21:51:06.0393 11804 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:51:06.0408 11804 Mcx2Svc - ok 21:51:06.0408 11804 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 21:51:06.0408 11804 megasas - ok 21:51:06.0424 11804 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 21:51:06.0424 11804 MegaSR - ok 21:51:06.0440 11804 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 21:51:06.0440 11804 MEIx64 - ok 21:51:06.0440 11804 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 21:51:06.0471 11804 MMCSS - ok 21:51:06.0471 11804 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 21:51:06.0486 11804 Modem - ok 21:51:06.0486 11804 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:51:06.0502 11804 monitor - ok 21:51:06.0502 11804 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:51:06.0518 11804 mouclass - ok 21:51:06.0518 11804 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:51:06.0518 11804 mouhid - ok 21:51:06.0518 11804 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 21:51:06.0533 11804 mountmgr - ok 21:51:06.0533 11804 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 21:51:06.0549 11804 mpio - ok 21:51:06.0549 11804 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:51:06.0564 11804 mpsdrv - ok 21:51:06.0580 11804 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 21:51:06.0611 11804 MpsSvc - ok 21:51:06.0611 11804 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:51:06.0627 11804 MRxDAV - ok 21:51:06.0627 11804 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:51:06.0642 11804 mrxsmb - ok 21:51:06.0642 11804 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:51:06.0658 11804 mrxsmb10 - ok 21:51:06.0658 11804 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:51:06.0658 11804 mrxsmb20 - ok 21:51:06.0674 11804 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 21:51:06.0674 11804 msahci - ok 21:51:06.0674 11804 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:51:06.0689 11804 msdsm - ok 21:51:06.0689 11804 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 21:51:06.0705 11804 MSDTC - ok 21:51:06.0705 11804 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:51:06.0720 11804 Msfs - ok 21:51:06.0720 11804 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 21:51:06.0752 11804 mshidkmdf - ok 21:51:06.0752 11804 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:51:06.0752 11804 msisadrv - ok 21:51:06.0767 11804 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:51:06.0783 11804 MSiSCSI - ok 21:51:06.0783 11804 msiserver - ok 21:51:06.0783 11804 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:51:06.0814 11804 MSKSSRV - ok 21:51:06.0814 11804 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:51:06.0830 11804 MSPCLOCK - ok 21:51:06.0830 11804 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:51:06.0861 11804 MSPQM - ok 21:51:06.0861 11804 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:51:06.0876 11804 MsRPC - ok 21:51:06.0876 11804 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 21:51:06.0876 11804 mssmbios - ok 21:51:06.0892 11804 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:51:06.0908 11804 MSTEE - ok 21:51:06.0908 11804 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 21:51:06.0923 11804 MTConfig - ok 21:51:06.0923 11804 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 21:51:06.0923 11804 Mup - ok 21:51:06.0939 11804 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 21:51:06.0954 11804 napagent - ok 21:51:06.0970 11804 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:51:06.0970 11804 NativeWifiP - ok 21:51:06.0986 11804 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:51:07.0001 11804 NDIS - ok 21:51:07.0001 11804 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 21:51:07.0032 11804 NdisCap - ok 21:51:07.0032 11804 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:51:07.0048 11804 NdisTapi - ok 21:51:07.0064 11804 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:51:07.0079 11804 Ndisuio - ok 21:51:07.0079 11804 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:51:07.0095 11804 NdisWan - ok 21:51:07.0110 11804 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:51:07.0126 11804 NDProxy - ok 21:51:07.0126 11804 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:51:07.0142 11804 NetBIOS - ok 21:51:07.0157 11804 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 21:51:07.0173 11804 NetBT - ok 21:51:07.0173 11804 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 21:51:07.0188 11804 Netlogon - ok 21:51:07.0188 11804 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 21:51:07.0220 11804 Netman - ok 21:51:07.0220 11804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:51:07.0235 11804 NetMsmqActivator - ok 21:51:07.0235 11804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:51:07.0235 11804 NetPipeActivator - ok 21:51:07.0251 11804 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 21:51:07.0266 11804 netprofm - ok 21:51:07.0266 11804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:51:07.0282 11804 NetTcpActivator - ok 21:51:07.0282 11804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 21:51:07.0298 11804 NetTcpPortSharing - ok 21:51:07.0298 11804 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys 21:51:07.0298 11804 netvsc - ok 21:51:07.0313 11804 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 21:51:07.0313 11804 nfrd960 - ok 21:51:07.0313 11804 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 21:51:07.0329 11804 NlaSvc - ok 21:51:07.0329 11804 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:51:07.0360 11804 Npfs - ok 21:51:07.0360 11804 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 21:51:07.0376 11804 nsi - ok 21:51:07.0376 11804 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:51:07.0407 11804 nsiproxy - ok 21:51:07.0422 11804 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:51:07.0454 11804 Ntfs - ok 21:51:07.0454 11804 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 21:51:07.0469 11804 Null - ok 21:51:07.0469 11804 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:51:07.0485 11804 nvraid - ok 21:51:07.0485 11804 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:51:07.0500 11804 nvstor - ok 21:51:07.0500 11804 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:51:07.0500 11804 nv_agp - ok 21:51:07.0516 11804 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:51:07.0516 11804 ohci1394 - ok 21:51:07.0532 11804 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:51:07.0532 11804 ose - ok 21:51:07.0578 11804 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 21:51:07.0641 11804 osppsvc - ok 21:51:07.0641 11804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 21:51:07.0656 11804 p2pimsvc - ok 21:51:07.0656 11804 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 21:51:07.0672 11804 p2psvc - ok 21:51:07.0672 11804 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 21:51:07.0688 11804 Parport - ok 21:51:07.0688 11804 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:51:07.0688 11804 partmgr - ok 21:51:07.0703 11804 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 21:51:07.0703 11804 PcaSvc - ok 21:51:07.0719 11804 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 21:51:07.0719 11804 pci - ok 21:51:07.0719 11804 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 21:51:07.0734 11804 pciide - ok 21:51:07.0734 11804 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 21:51:07.0750 11804 pcmcia - ok 21:51:07.0750 11804 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 21:51:07.0750 11804 pcw - ok 21:51:07.0766 11804 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:51:07.0797 11804 PEAUTH - ok 21:51:07.0797 11804 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 21:51:07.0828 11804 PeerDistSvc - ok 21:51:07.0844 11804 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 21:51:07.0859 11804 PerfHost - ok 21:51:07.0875 11804 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 21:51:07.0906 11804 pla - ok 21:51:07.0906 11804 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:51:07.0922 11804 PlugPlay - ok 21:51:07.0922 11804 PnkBstrA - ok 21:51:07.0922 11804 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 21:51:07.0937 11804 PNRPAutoReg - ok 21:51:07.0937 11804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 21:51:07.0953 11804 PNRPsvc - ok 21:51:07.0953 11804 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:51:07.0984 11804 PolicyAgent - ok 21:51:07.0984 11804 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll 21:51:08.0000 11804 Power - ok 21:51:08.0000 11804 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:51:08.0015 11804 PptpMiniport - ok 21:51:08.0015 11804 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 21:51:08.0031 11804 Processor - ok 21:51:08.0031 11804 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 21:51:08.0046 11804 ProfSvc - ok 21:51:08.0046 11804 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 21:51:08.0062 11804 ProtectedStorage - ok 21:51:08.0062 11804 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 21:51:08.0078 11804 Psched - ok 21:51:08.0093 11804 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 21:51:08.0124 11804 ql2300 - ok 21:51:08.0124 11804 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 21:51:08.0124 11804 ql40xx - ok 21:51:08.0140 11804 [ 046850313F51513FF9E12B2822A9E097 ] Qualcomm Atheros Killer Service C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe 21:51:08.0140 11804 Qualcomm Atheros Killer Service ( UnsignedFile.Multi.Generic ) - warning 21:51:08.0140 11804 Qualcomm Atheros Killer Service - detected UnsignedFile.Multi.Generic (1) 21:51:08.0156 11804 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 21:51:08.0171 11804 QWAVE - ok 21:51:08.0171 11804 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:51:08.0171 11804 QWAVEdrv - ok 21:51:08.0187 11804 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:51:08.0202 11804 RasAcd - ok 21:51:08.0202 11804 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 21:51:08.0218 11804 RasAgileVpn - ok 21:51:08.0234 11804 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 21:51:08.0249 11804 RasAuto - ok 21:51:08.0249 11804 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:51:08.0280 11804 Rasl2tp - ok 21:51:08.0280 11804 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 21:51:08.0312 11804 RasMan - ok 21:51:08.0312 11804 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:51:08.0327 11804 RasPppoe - ok 21:51:08.0327 11804 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:51:08.0358 11804 RasSstp - ok 21:51:08.0358 11804 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:51:08.0374 11804 rdbss - ok 21:51:08.0390 11804 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 21:51:08.0390 11804 rdpbus - ok 21:51:08.0390 11804 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:51:08.0421 11804 RDPCDD - ok 21:51:08.0421 11804 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 21:51:08.0436 11804 RDPDR - ok 21:51:08.0436 11804 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:51:08.0452 11804 RDPENCDD - ok 21:51:08.0452 11804 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 21:51:08.0483 11804 RDPREFMP - ok 21:51:08.0483 11804 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:51:08.0499 11804 RDPWD - ok 21:51:08.0499 11804 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 21:51:08.0514 11804 rdyboost - ok 21:51:08.0514 11804 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 21:51:08.0530 11804 RemoteAccess - ok 21:51:08.0530 11804 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:51:08.0561 11804 RemoteRegistry - ok 21:51:08.0561 11804 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 21:51:08.0577 11804 RFCOMM - ok 21:51:08.0577 11804 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 21:51:08.0608 11804 RpcEptMapper - ok 21:51:08.0608 11804 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 21:51:08.0608 11804 RpcLocator - ok 21:51:08.0624 11804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 21:51:08.0639 11804 RpcSs - ok 21:51:08.0655 11804 [ 1EA2EDA2D6CD253CE3EC3387FEAA40AC ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys 21:51:08.0655 11804 RSPCIESTOR - ok 21:51:08.0655 11804 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:51:08.0686 11804 rspndr - ok 21:51:08.0686 11804 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 21:51:08.0702 11804 s3cap - ok 21:51:08.0702 11804 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 21:51:08.0702 11804 SamSs - ok 21:51:08.0702 11804 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:51:08.0717 11804 sbp2port - ok 21:51:08.0717 11804 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:51:08.0748 11804 SCardSvr - ok 21:51:08.0748 11804 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 21:51:08.0764 11804 scfilter - ok 21:51:08.0780 11804 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 21:51:08.0811 11804 Schedule - ok 21:51:08.0811 11804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 21:51:08.0826 11804 SCPolicySvc - ok 21:51:08.0842 11804 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:51:08.0842 11804 SDRSVC - ok 21:51:08.0842 11804 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:51:08.0873 11804 secdrv - ok 21:51:08.0873 11804 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 21:51:08.0889 11804 seclogon - ok 21:51:08.0889 11804 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 21:51:08.0920 11804 SENS - ok 21:51:08.0920 11804 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 21:51:08.0936 11804 SensrSvc - ok 21:51:08.0936 11804 [ 255476B54C82A89416EFDF09FD62F107 ] Sentinel64 C:\Windows\System32\Drivers\Sentinel64.sys 21:51:08.0936 11804 Sentinel64 - ok 21:51:08.0951 11804 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 21:51:08.0951 11804 Serenum - ok 21:51:08.0951 11804 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 21:51:08.0967 11804 Serial - ok 21:51:08.0967 11804 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 21:51:08.0982 11804 sermouse - ok 21:51:08.0982 11804 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 21:51:08.0998 11804 SessionEnv - ok 21:51:09.0014 11804 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:51:09.0014 11804 sffdisk - ok 21:51:09.0014 11804 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:51:09.0029 11804 sffp_mmc - ok 21:51:09.0029 11804 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:51:09.0045 11804 sffp_sd - ok 21:51:09.0045 11804 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 21:51:09.0045 11804 sfloppy - ok 21:51:09.0076 11804 [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService C:\Program Files (x86)\AlienRespawn\sftservice.EXE 21:51:09.0092 11804 SftService - ok 21:51:09.0107 11804 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:51:09.0123 11804 SharedAccess - ok 21:51:09.0123 11804 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:51:09.0154 11804 ShellHWDetection - ok 21:51:09.0154 11804 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 21:51:09.0170 11804 SiSRaid2 - ok 21:51:09.0170 11804 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 21:51:09.0170 11804 SiSRaid4 - ok 21:51:09.0185 11804 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 21:51:09.0185 11804 SkypeUpdate - ok 21:51:09.0185 11804 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:51:09.0216 11804 Smb - ok 21:51:09.0216 11804 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:51:09.0232 11804 SNMPTRAP - ok 21:51:09.0232 11804 [ 2D5576C01C8A34AA614870E745FE8F19 ] SNTUSB64 C:\Windows\system32\DRIVERS\SNTUSB64.SYS 21:51:09.0232 11804 SNTUSB64 - ok 21:51:09.0232 11804 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 21:51:09.0248 11804 spldr - ok 21:51:09.0248 11804 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 21:51:09.0263 11804 Spooler - ok 21:51:09.0294 11804 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 21:51:09.0341 11804 sppsvc - ok 21:51:09.0357 11804 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 21:51:09.0372 11804 sppuinotify - ok 21:51:09.0372 11804 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 21:51:09.0388 11804 srv - ok 21:51:09.0404 11804 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:51:09.0404 11804 srv2 - ok 21:51:09.0419 11804 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:51:09.0419 11804 srvnet - ok 21:51:09.0419 11804 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:51:09.0450 11804 SSDPSRV - ok 21:51:09.0450 11804 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:51:09.0482 11804 SstpSvc - ok 21:51:09.0482 11804 [ E4EA2412FB1B8AEE33667A9CC6D456A4 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys 21:51:09.0482 11804 stdcfltn - ok 21:51:09.0482 11804 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 21:51:09.0497 11804 stexstor - ok 21:51:09.0497 11804 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 21:51:09.0513 11804 stisvc - ok 21:51:09.0513 11804 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 21:51:09.0528 11804 StorSvc - ok 21:51:09.0528 11804 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 21:51:09.0544 11804 storvsc - ok 21:51:09.0544 11804 [ 10D69C83513B50F34032F7F96E40019D ] ST_ACCEL C:\Windows\system32\DRIVERS\ST_ACCEL.sys 21:51:09.0544 11804 ST_ACCEL - ok 21:51:09.0544 11804 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 21:51:09.0560 11804 swenum - ok 21:51:09.0560 11804 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 21:51:09.0591 11804 swprv - ok 21:51:09.0591 11804 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys 21:51:09.0606 11804 SynthVid - ok 21:51:09.0606 11804 [ 662D9B75D7769C810F76B0C116333607 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 21:51:09.0622 11804 SynTP - ok 21:51:09.0638 11804 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 21:51:09.0669 11804 SysMain - ok 21:51:09.0669 11804 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:51:09.0684 11804 TabletInputService - ok 21:51:09.0684 11804 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 21:51:09.0700 11804 TapiSrv - ok 21:51:09.0716 11804 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 21:51:09.0731 11804 TBS - ok 21:51:09.0747 11804 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:51:09.0778 11804 Tcpip - ok 21:51:09.0794 11804 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 21:51:09.0809 11804 TCPIP6 - ok 21:51:09.0825 11804 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:51:09.0825 11804 tcpipreg - ok 21:51:09.0825 11804 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:51:09.0840 11804 TDPIPE - ok 21:51:09.0840 11804 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:51:09.0856 11804 TDTCP - ok 21:51:09.0856 11804 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:51:09.0872 11804 tdx - ok 21:51:09.0903 11804 [ 81E136A30B7F0631E5A0867453852CF3 ] TeamViewer6 C:\Users\Christian\temp\TeamViewer\Version6\TeamViewer_Service.exe 21:51:09.0934 11804 TeamViewer6 - ok 21:51:09.0934 11804 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 21:51:09.0950 11804 TermDD - ok 21:51:09.0950 11804 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 21:51:09.0981 11804 TermService - ok 21:51:09.0981 11804 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 21:51:09.0996 11804 Themes - ok 21:51:09.0996 11804 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 21:51:10.0028 11804 THREADORDER - ok 21:51:10.0028 11804 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 21:51:10.0043 11804 TrkWks - ok 21:51:10.0059 11804 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:51:10.0074 11804 TrustedInstaller - ok 21:51:10.0074 11804 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:51:10.0106 11804 tssecsrv - ok 21:51:10.0106 11804 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 21:51:10.0106 11804 TsUsbFlt - ok 21:51:10.0106 11804 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 21:51:10.0121 11804 TsUsbGD - ok 21:51:10.0121 11804 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:51:10.0152 11804 tunnel - ok 21:51:10.0152 11804 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 21:51:10.0152 11804 uagp35 - ok 21:51:10.0168 11804 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:51:10.0184 11804 udfs - ok 21:51:10.0184 11804 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:51:10.0199 11804 UI0Detect - ok 21:51:10.0199 11804 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:51:10.0215 11804 uliagpkx - ok 21:51:10.0215 11804 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 21:51:10.0215 11804 umbus - ok 21:51:10.0230 11804 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 21:51:10.0230 11804 UmPass - ok 21:51:10.0230 11804 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 21:51:10.0246 11804 UmRdpService - ok 21:51:10.0262 11804 [ 0DFC9713D117B349E41A2A477448107A ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 21:51:10.0262 11804 UNS - ok 21:51:10.0277 11804 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 21:51:10.0293 11804 upnphost - ok 21:51:10.0293 11804 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:51:10.0308 11804 usbccgp - ok 21:51:10.0308 11804 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:51:10.0324 11804 usbcir - ok 21:51:10.0324 11804 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 21:51:10.0324 11804 usbehci - ok 21:51:10.0340 11804 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 21:51:10.0355 11804 usbhub - ok 21:51:10.0355 11804 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 21:51:10.0355 11804 usbohci - ok 21:51:10.0355 11804 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 21:51:10.0371 11804 usbprint - ok 21:51:10.0371 11804 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:51:10.0386 11804 USBSTOR - ok 21:51:10.0386 11804 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 21:51:10.0386 11804 usbuhci - ok 21:51:10.0402 11804 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 21:51:10.0402 11804 usbvideo - ok 21:51:10.0418 11804 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 21:51:10.0433 11804 UxSms - ok 21:51:10.0433 11804 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 21:51:10.0449 11804 VaultSvc - ok 21:51:10.0449 11804 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 21:51:10.0449 11804 vdrvroot - ok 21:51:10.0464 11804 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 21:51:10.0480 11804 vds - ok 21:51:10.0496 11804 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:51:10.0496 11804 vga - ok 21:51:10.0496 11804 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 21:51:10.0527 11804 VgaSave - ok 21:51:10.0527 11804 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 21:51:10.0542 11804 vhdmp - ok 21:51:10.0542 11804 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 21:51:10.0542 11804 viaide - ok 21:51:10.0542 11804 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 21:51:10.0558 11804 VMBusHID - ok 21:51:10.0558 11804 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:51:10.0574 11804 volmgr - ok 21:51:10.0574 11804 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:51:10.0589 11804 volmgrx - ok 21:51:10.0589 11804 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:51:10.0605 11804 volsnap - ok 21:51:10.0605 11804 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 21:51:10.0605 11804 vsmraid - ok 21:51:10.0620 11804 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 21:51:10.0667 11804 VSS - ok 21:51:10.0667 11804 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 21:51:10.0683 11804 vwifibus - ok 21:51:10.0683 11804 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 21:51:10.0698 11804 vwififlt - ok 21:51:10.0698 11804 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 21:51:10.0714 11804 W32Time - ok 21:51:10.0730 11804 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 21:51:10.0730 11804 WacomPen - ok 21:51:10.0730 11804 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 21:51:10.0761 11804 WANARP - ok 21:51:10.0761 11804 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:51:10.0776 11804 Wanarpv6 - ok 21:51:10.0792 11804 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 21:51:10.0823 11804 wbengine - ok 21:51:10.0823 11804 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 21:51:10.0839 11804 WbioSrvc - ok 21:51:10.0839 11804 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:51:10.0854 11804 wcncsvc - ok 21:51:10.0854 11804 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:51:10.0870 11804 WcsPlugInService - ok 21:51:10.0870 11804 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 21:51:10.0870 11804 Wd - ok 21:51:10.0886 11804 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:51:10.0901 11804 Wdf01000 - ok 21:51:10.0901 11804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:51:10.0917 11804 WdiServiceHost - ok 21:51:10.0917 11804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:51:10.0932 11804 WdiSystemHost - ok 21:51:10.0932 11804 [ E89D463AB373CFACCCBB0645E9AE8154 ] WebCake Desktop Updater C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe 21:51:10.0932 11804 WebCake Desktop Updater ( UnsignedFile.Multi.Generic ) - warning 21:51:10.0932 11804 WebCake Desktop Updater - detected UnsignedFile.Multi.Generic (1) 21:51:10.0948 11804 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 21:51:10.0964 11804 WebClient - ok 21:51:10.0964 11804 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:51:10.0979 11804 Wecsvc - ok 21:51:10.0995 11804 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:51:11.0010 11804 wercplsupport - ok 21:51:11.0010 11804 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 21:51:11.0042 11804 WerSvc - ok 21:51:11.0042 11804 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:51:11.0057 11804 WfpLwf - ok 21:51:11.0057 11804 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys 21:51:11.0073 11804 WimFltr - ok 21:51:11.0073 11804 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:51:11.0088 11804 WIMMount - ok 21:51:11.0088 11804 WinDefend - ok 21:51:11.0088 11804 WinHttpAutoProxySvc - ok 21:51:11.0088 11804 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:51:11.0120 11804 Winmgmt - ok 21:51:11.0135 11804 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 21:51:11.0166 11804 WinRM - ok 21:51:11.0182 11804 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 21:51:11.0182 11804 WinUsb - ok 21:51:11.0198 11804 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 21:51:11.0213 11804 Wlansvc - ok 21:51:11.0229 11804 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 21:51:11.0229 11804 WmiAcpi - ok 21:51:11.0229 11804 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:51:11.0244 11804 wmiApSrv - ok 21:51:11.0244 11804 WMPNetworkSvc - ok 21:51:11.0244 11804 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:51:11.0260 11804 WPCSvc - ok 21:51:11.0260 11804 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:51:11.0276 11804 WPDBusEnum - ok 21:51:11.0276 11804 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:51:11.0291 11804 ws2ifsl - ok 21:51:11.0307 11804 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 21:51:11.0322 11804 wscsvc - ok 21:51:11.0322 11804 WSearch - ok 21:51:11.0338 11804 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 21:51:11.0369 11804 wuauserv - ok 21:51:11.0369 11804 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:51:11.0385 11804 WudfPf - ok 21:51:11.0385 11804 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:51:11.0400 11804 WUDFRd - ok 21:51:11.0400 11804 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:51:11.0416 11804 wudfsvc - ok 21:51:11.0416 11804 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll 21:51:11.0432 11804 WwanSvc - ok 21:51:11.0432 11804 ================ Scan global =============================== 21:51:11.0432 11804 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 21:51:11.0432 11804 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 21:51:11.0447 11804 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 21:51:11.0447 11804 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 21:51:11.0447 11804 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 21:51:11.0463 11804 [Global] - ok 21:51:11.0463 11804 ================ Scan MBR ================================== 21:51:11.0463 11804 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 21:51:11.0572 11804 \Device\Harddisk0\DR0 - ok 21:51:11.0572 11804 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 21:51:11.0962 11804 \Device\Harddisk1\DR1 - ok 21:51:11.0962 11804 ================ Scan VBR ================================== 21:51:11.0962 11804 [ 482421A26DA8AE0667C657C694F1439A ] \Device\Harddisk0\DR0\Partition1 21:51:11.0962 11804 \Device\Harddisk0\DR0\Partition1 - ok 21:51:11.0962 11804 [ 245295A96FF9B0D89C204972484C7B8D ] \Device\Harddisk0\DR0\Partition2 21:51:11.0962 11804 \Device\Harddisk0\DR0\Partition2 - ok 21:51:11.0962 11804 [ 7BDEC79BEB2848A710F4A5497A2FB732 ] \Device\Harddisk1\DR1\Partition1 21:51:11.0962 11804 \Device\Harddisk1\DR1\Partition1 - ok 21:51:11.0962 11804 ============================================================ 21:51:11.0962 11804 Scan finished 21:51:11.0962 11804 ============================================================ 21:51:11.0978 9028 Detected object count: 7 21:51:11.0978 9028 Actual detected object count: 7 21:52:16.0496 9028 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 21:52:16.0496 9028 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:52:16.0496 9028 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 21:52:16.0496 9028 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:52:16.0497 9028 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user 21:52:16.0497 9028 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:52:16.0497 9028 DokanMounter ( UnsignedFile.Multi.Generic ) - skipped by user 21:52:16.0497 9028 DokanMounter ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:52:16.0498 9028 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 21:52:16.0498 9028 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:52:16.0499 9028 Qualcomm Atheros Killer Service ( UnsignedFile.Multi.Generic ) - skipped by user 21:52:16.0499 9028 Qualcomm Atheros Killer Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:52:16.0499 9028 WebCake Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user 21:52:16.0499 9028 WebCake Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip |
11.07.2013, 20:57 | #8 |
/// Malware-holic | Qtrax und Sposorship= Virus? Sehr gut. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.07.2013, 21:17 | #9 |
| Qtrax und Sposorship= Virus? So hab alles so gemacht wie du es gesagt hasd Combofix Logfile: Code:
ATTFilter ComboFix 13-07-11.03 - Christian 11.07.2013 22:07:06.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8074.5692 [GMT 2:00] ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\DealPly c:\program files (x86)\DealPly\DealPly.crx c:\program files (x86)\DealPly\DealPly.xpi c:\program files (x86)\DealPly\DealPlyIE.dll c:\program files (x86)\DealPly\DealPlyIE64.dll c:\program files (x86)\DealPly\DealPlyUpdate.exe c:\program files (x86)\DealPly\DealPlyUpdate.log c:\program files (x86)\DealPly\DealPlyUpdateRun.exe c:\program files (x86)\DealPly\DealPlyUpdateVer.exe c:\program files (x86)\DealPly\icon.ico c:\program files (x86)\DealPly\uninst.exe c:\programdata\PCDr\6261\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll c:\programdata\PCDr\6261\AddOnDownloaded\31274d4c-b2a5-4954-874c-18abd8e795fc.dll c:\programdata\PCDr\6261\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll c:\programdata\PCDr\6261\AddOnDownloaded\f80f957a-a781-4825-977a-a4ab79468916.dll c:\windows\SysWow64\UNWISE.EXE . . ((((((((((((((((((((((((((((((((((((((( Treiber/Dienste ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_BrowserDefendert . . ((((((((((((((((((((((( Dateien erstellt von 2013-06-11 bis 2013-07-11 )))))))))))))))))))))))))))))) . . 2013-07-09 19:45 . 2013-07-09 19:45 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2013-07-03 17:19 . 2013-07-03 17:19 -------- d-----w- c:\users\Christian\AppData\Roaming\Opera Software 2013-07-03 17:19 . 2013-07-03 17:19 -------- d-----w- c:\users\Christian\AppData\Local\Opera Software 2013-07-02 19:27 . 2013-07-02 19:27 -------- d-----w- c:\users\Christian\AppData\Roaming\AVG2013 2013-07-02 19:27 . 2013-07-02 19:27 -------- d-----w- C:\$AVG 2013-07-02 19:27 . 2013-07-02 19:27 -------- d-----w- c:\programdata\AVG2013 2013-07-02 19:26 . 2013-07-02 19:26 -------- d-----w- c:\program files (x86)\AVG 2013-07-02 19:15 . 2013-07-11 16:43 -------- d-----w- c:\programdata\MFAData 2013-07-02 19:15 . 2013-07-02 19:33 -------- d-----w- c:\users\Christian\AppData\Local\Avg2013 2013-07-02 19:15 . 2013-07-02 19:15 -------- d-----w- c:\users\Christian\AppData\Local\MFAData 2013-06-27 15:44 . 2013-06-02 15:11 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-06-27 15:36 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-06-27 15:36 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-27 15:36 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll 2013-06-27 15:36 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-06-27 15:36 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-06-27 15:36 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-06-27 15:36 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-06-27 15:36 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-06-27 15:36 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-06-22 14:06 . 2013-06-22 14:06 -------- d-----w- c:\windows\SysWow64\searchplugins 2013-06-22 14:06 . 2013-06-22 14:06 -------- d-----w- c:\windows\SysWow64\Extensions 2013-06-22 14:06 . 2013-06-22 14:06 -------- d-----w- c:\programdata\BrowserDefender 2013-06-22 14:05 . 2013-06-22 14:05 -------- d-----w- c:\users\Christian\AppData\Roaming\BabSolution 2013-06-22 14:05 . 2013-06-22 14:05 -------- d-----w- c:\program files (x86)\Delta 2013-06-22 14:05 . 2013-06-22 14:05 -------- d-----w- c:\users\Christian\AppData\Roaming\WebCake 2013-06-22 14:05 . 2013-06-22 14:05 -------- d-----w- c:\program files (x86)\WebCake 2013-06-22 14:04 . 2013-06-22 14:04 -------- d-----w- c:\users\Christian\AppData\Roaming\DealPly 2013-06-22 14:04 . 2013-06-22 14:04 -------- d-----w- c:\users\Christian\AppData\Local\Google 2013-06-22 14:04 . 2013-06-22 14:04 -------- d-----w- c:\users\Christian\AppData\Roaming\DSite 2013-06-22 14:04 . 2013-06-22 14:05 -------- d-----w- c:\programdata\Tarma Installer 2013-06-22 14:04 . 2013-06-22 14:04 -------- d-----w- c:\users\Christian\AppData\Roaming\Babylon 2013-06-21 17:29 . 2013-06-21 17:29 -------- d-----w- c:\users\Christian\AppData\Local\iLivid . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-13 05:49 . 2013-06-27 15:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-06-27 15:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-06-27 15:37 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-06-27 15:37 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-06-27 15:37 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-06-27 15:37 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}] 2013-06-07 20:55 197912 ----a-w- c:\program files (x86)\WebCake\WebCakeIEClient.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}] 2013-05-20 10:02 295832 ----a-w- c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll" [2013-05-20 284056] . [HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}] [HKEY_CLASSES_ROOT\delta.deltadskBnd.1] [HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}] [HKEY_CLASSES_ROOT\delta.deltadskBnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-06-04 3456080] "WebCake Desktop"="c:\users\Christian\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-06-07 47896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-07 343168] "AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-12-02 1636208] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "Sound Blaster Recon3Di Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" [2011-12-22 880640] "Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2012-03-06 577024] "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336] "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472] "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2012-06-26 76872] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "ROCCAT Savu Gaming Mouse"="c:\program files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe" [2012-09-10 872048] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-22 1380128] Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2012-7-23 553984] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~3\BROWSE~1\261339~1.144\{C16C1~1\BrowserDefender.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll . R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x] R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/12/07 16:35;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x] R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS;c:\windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS [x] R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x] S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x] S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS;c:\windows\SYSNATIVE\DRIVERS\EMSC.SYS [x] S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x] S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys;c:\windows\SYSNATIVE\DRIVERS\aksdf.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x] S2 CtHdaSvc;Sound Core3D Service;c:\windows\sysWow64\CtHdaSvc.exe;c:\windows\sysWow64\CtHdaSvc.exe [x] S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x] S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x] S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE;c:\program files (x86)\AlienRespawn\sftservice.EXE [x] S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] S2 TeamViewer6;TeamViewer 6;c:\users\Christian\temp\TeamViewer\Version6\TeamViewer_Service.exe;c:\users\Christian\temp\TeamViewer\Version6\TeamViewer_Service.exe [x] S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe [x] S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys;c:\windows\SYSNATIVE\DRIVERS\Ak27x64.sys [x] S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x] S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x] S3 cthda;Sound Core3D(CtHda.sys);c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x] S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x] S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x] . . --- Andere Dienste/Treiber im Speicher --- . *Deregistered* - CLKMDRV10_9EC60124 . Inhalt des "geplante Tasks" Ordners . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2012-06-15 12656] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-06 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-06 398104] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-06 440600] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=4C22689423D65289&affID=119357&tt=180613_ndtc&tsp=4921 mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\BfLLR.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: Interfaces\{4FB5C1C8-752A-40AA-821C-B75ED4C21FA8}: NameServer = 192.168.2.2 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . BHO-{EF7BD87A-8024-11E2-F316-F3E56188709B} - c:\program files (x86)\DealPly\DealPlyIE.dll Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe AddRemove-HASP HL Device Driver - c:\windows\System32\UNWISE.EXE AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1 - c:\games\World_of_Tanks_CT\unins000.exe AddRemove-PlanetSide 2 PSG - c:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 PSG\Uninstaller.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe c:\windows\SysWOW64\RunDll32.exe . ************************************************************************** . Zeit der Fertigstellung: 2013-07-11 22:13:20 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2013-07-11 20:13 . Vor Suchlauf: 12 Verzeichnis(se), 104.271.949.824 Bytes frei Nach Suchlauf: 17 Verzeichnis(se), 109.358.346.240 Bytes frei . - - End Of File - - 76336E6C7CF4E8E54BC850312307714B D41D8CD98F00B204E9800998ECF8427E |
11.07.2013, 21:20 | #10 |
/// Malware-holic | Qtrax und Sposorship= Virus? Hi, es sind 2 Logs zu erstellen, poste diese bitte möglichst gleichzeitig. 1. malwarebytes: Downloade Dir bitte Malwarebytes
Neustarten bitte. 2. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.07.2013, 22:12 | #11 |
| Qtrax und Sposorship= Virus? so hab jetz alles so gemacht. Malwarebytes Anti-Malware (Test) 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.07.11.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Christian :: CHRISTIAN-PC [Administrator] Schutz: Aktiviert 11.07.2013 22:28:25 mbam-log-2013-07-11 (22-28-25).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 377405 Laufzeit: 15 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 2 C:\Users\Christian\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> 4624 -> Löschen bei Neustart. C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (PUP.WebCake) -> 1640 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\WebCakeIEClient.Api (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\WebCakeIEClient.Api.1 (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebCake Desktop (PUP.WebCake) -> Daten: "C:\Users\Christian\AppData\Roaming\WebCake\WebCakeDesktop.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 9 C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPlyIE.dll.vir (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Christian\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> Löschen bei Neustart. C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (PUP.WebCake) -> Löschen bei Neustart. (Ende) Ich hab alles was ich nicht wusste zb. bei den ganzen Windows sachen unbekannt dahinter gesetzt. Bei Windows Silverlight weiß ich nicht was das ist. 7-Zip 9.20 (x64 edition) Igor Pavlov 10.02.2013 4,53MB 9.20.00.0 nötig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.12.2012 6,00MB 11.3.300.265 unbekannt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.01.2013 6,00MB 11.5.502.146 unbekannt Adobe Reader X (10.1.7) MUI Adobe Systems Incorporated 27.06.2013 480MB 10.1.7 nötig Advanced Audio FX Engine Creative Technology Ltd 08.12.2012 1.12.05 nötig AlienAutopsy PC-Doctor, Inc. 25.05.2013 128MB 3.3.6261.27 nötig AlienRespawn Alienware 07.12.2012 9.4.67 nötig AlienRespawn - Support Software Alienware 07.12.2012 9.4.67 nötig Alienware Command Center Alienware Corp. 07.12.2012 58,2MB 2.8.8.0 nötig Alienware On-Screen Display 07.12.2012 2,49MB 0.32.0.2C nötig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 07.12.2012 26,2MB 3.0.859.0 nötig applicationupdater Sony Online Entertainment 16.12.2012 unbekannt Assassin's Creed III 1.01 Ubisoft 22.12.2012 1.01 nötig AVG 2013 AVG Technologies 09.07.2013 2013.0.3349 nötig BrowserDefender Bit89 Inc 22.06.2013 unbekannt CCleaner Piriform 19.06.2013 4.03 nötig Citrix Online Plug-in - Web Citrix Systems, Inc. 25.02.2013 12.1.44.1 nötig CyberLink PowerDVD 9.6 CyberLink Corp. 07.12.2012 9.6.1.5425 nötig DAEMON Tools Lite DT Soft Ltd 16.12.2012 4.46.1.0327 nötig DDS-CAD 7.2 Data Design System GmbH 04.05.2013 7.2 nötig DealPly 22.06.2013 unbekannt DealPly (remove only) DealPly Technologies Ltd. 22.06.2013 1,20MB 4.8.6.1 unbekannt Delta Chrome Toolbar Visual Tools 22.06.2013 unbekannt Delta toolbar Delta 22.06.2013 1.8.21.5 unbekannt Dokan Library 0.6.0 10.02.2013 unbekannt Far Cry 3 Ubisoft 24.12.2012 1.04 nötig HASP HL Device Driver 04.05.2013 unbekannt Integrated Webcam Live! Central Creative Technology Ltd 08.12.2012 2.01.15 nötig Intel(R) Control Center Intel Corporation 08.12.2012 1.2.1.1007 nötig Intel(R) Display Audio Driver Intel Corporation 08.12.2012 6.14.00.3090 nötig Intel(R) Management Engine Components Intel Corporation 08.12.2012 8.0.1.1399 nötig Intel(R) Rapid Storage Technology Intel Corporation 08.12.2012 11.0.0.1032 nötig Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 08.12.2012 1.0.3.214 nötig Intel® Trusted Connect Service Client Intel Corporation 07.12.2012 10,6MB 1.23.219.2 nötig kwp-bnWin.net KWP Informationssysteme GmbH 04.05.2013 1,03GB 7.0.00 nötig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 11.07.2013 19,2MB 1.75.0.1300 nötig Medal of Honor™ Warfighter Electronic Arts 22.12.2012 16,0GB 1.0.0.0 nötig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.02.2011 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Extended Microsoft Corporation 11.02.2011 51,9MB 4.0.30319 unbekannt Microsoft Office Home and Student 2010 Microsoft Corporation 02.01.2013 14.0.6029.1000 unbekannt Microsoft Silverlight Microsoft Corporation 22.06.2013 50,6MB 5.1.20125.0 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 07.12.2012 428KB 8.0.56336 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 07.12.2012 788KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 07.12.2012 598KB 9.0.30729 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 07.12.2012 13,6MB 10.0.30319 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 14.12.2012 11,1MB 10.0.40219 unbekannt Opera Stable 15.0.1147.141 Opera Software ASA 11.07.2013 15.0.1147.141 nötig Origin Electronic Arts, Inc. 22.12.2012 9.0.13.2135 nötig Polysun 5.3.12.13149 Vela Solaris AG 04.05.2013 unbekannt PunkBuster Services Even Balance, Inc. 24.12.2012 0.993 unbekannt Qualcomm Atheros Killer Network Manager Qualcomm Atheros 11.01.2013 68,6MB 6.1.0.395 nötig Savu Mouse ROCCAT GmbH 21.12.2012 1.1.9 nötig Skype™ 5.8 Skype Technologies S.A. 07.12.2012 19,0MB 5.8.158 nötig Sound Blaster Recon3Di Creative Technology Limited 07.12.2012 69,7MB 1.00.08 nötig Sound Blaster Recon3Di Extras Creative Technology Limited 08.12.2012 1.0 nötig ST Microelectronics 3 Axis Digital Accelerometer Solution ST Microelectronics 07.12.2012 4.12.0018 unbekannt Star Wars Republic Commando 14.12.2012 1.0 unnötig Synaptics Pointing Device Driver Synaptics Incorporated 08.12.2012 46,4MB 16.0.4.0 unbekannt Tabellenbuch Elektrotechnik 2.0 Verlag Europa-Lehrmittel 16.02.2013 2.0 nötig TeamSpeak 3 Client TeamSpeak Systems GmbH 09.04.2013 3.0.10.1 nötig Tomb Raider 14.03.2013 nötig Update for Zip Opener 22.06.2013 nötig Uplay Ubisoft 22.12.2012 2.0 nötig VDE-Anwendungsprogramm 8.1.1.42 VDE Verlag GmbH 22.06.2013 8.1.1.42 nötig Visual Studio 2010 x64 Redistributables AVG Technologies 02.07.2013 12,4MB 13.0.0.1 unbekannt WebCake 3.00 WebCake LLC 22.06.2013 1,21MB 3.00 unbekannt WIDCOMM Bluetooth Software Broadcom Corporation 07.12.2012 287MB 6.5.1.2410 unbekannt World of Tanks Wargaming.net 02.01.2013 16,5MB nötig World of Tanks - Common Test Wargaming.net 04.04.2013 16,3MB unnötig Worms Reloaded 16.12.2012 2,02GB unnötig |
11.07.2013, 22:25 | #12 |
/// Malware-holic | Qtrax und Sposorship= Virus? Hi, beachte für die Zukunft: Wenn du Programme lädst, lies die AGB's bzw Lizenzverträge, toolbars die Werbung einblenden werden immer häufiger werden, und solche erkennst du bereits häufig da. Instaliere Programme immer, wenn möglich nutzerdefiniert, so erkennt man häufig Drittanbietersoftware. BZW informiere dich via Google suche. es sind wieder 2 Logs zu erstellen, poste sie gleichzeitig. 1. falls deinstalationen nicht klappen, nutze Rewo: Revo Uninstaller - Download - Filepony 2. deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: BrowserDefender DealPly : beide Delta : beide Star Wars WebCake Worms Öffne CCleaner, analysieren, starten, PC neustarten. 3. Downloade Dir bitte AdwCleaner auf deinen Desktop.
neustarten. 4. HitmanPro - Download - Filepony Lade Hitmanpro, doppelklicken, Scan klicken. Nichts löschen, weiter klicken. Log speichern und posten, bzw als XML exportieren, packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
11.07.2013, 22:41 | #13 |
| Qtrax und Sposorship= Virus? Mit dem CCleaner kann ich die 2. Dealply datei und Webcake nicht deinstallieren und bei dem Revo uninstaller werden die beide nicht angezeigt Hey, hier die Logdateien von adwcleaner.AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.305 - Datei am 12/07/2013 um 00:00:42 erstellt # Aktualisiert am 11/07/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzer : Christian - CHRISTIAN-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Christian\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\Program Files (x86)\WebCake Ordner Gelöscht : C:\ProgramData\Tarma Installer Ordner Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma Ordner Gelöscht : C:\Users\Christian\AppData\Local\Ilivid Ordner Gelöscht : C:\Users\Christian\AppData\LocalLow\delta Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\BabSolution Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\DealPly Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\DSite Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\OpenCandy Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\WebCake ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\BabSolution Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar Schlüssel Gelöscht : HKCU\Software\DealPly Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\Software\DataMngr Schlüssel Gelöscht : HKLM\Software\DealPly Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5f55dcdbe669ec42 Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16490 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=4C22689423D65289&affID=119357&tt=180613_ndtc&tsp=4921 --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com ************************* AdwCleaner[S1].txt - [7108 octets] - [12/07/2013 00:00:42] ########## EOF - C:\AdwCleaner[S1].txt - [7168 octets] ########## Bei Hitmanpro bringt das programm die Meldung das es keine zulässige Win32 anwendung sei. |
11.07.2013, 23:36 | #14 |
/// Malware-holic | Qtrax und Sposorship= Virus? hmm starte mal neu, verlinkt hab ich eig die 64 bit variannte die du benötigst.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
12.07.2013, 07:50 | #15 |
| Qtrax und Sposorship= Virus? es steht zwar HitmanPro_x64.exe da aber es kommt nach wie vor die Fehlermeldung das dies keine zulässige Win32-Anwendung ist. |
Themen zu Qtrax und Sposorship= Virus? |
ausspioniert, browser, chris, erschein, erscheint, hoffe, immer wieder, nervig, opera, problem, qtrax, seite, seriös, servus, software, sponsorship, sporadisch, virus, virus?, ziemlich, zusammen, öffnet |