| |
| |||||||
Log-Analyse und Auswertung: Adware reste OTL LOG auswertenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.03.2015, 16:24
| #1 |
 |  Adware reste OTL LOG auswerten Hi ich bin neu hier und habe gleich mal eine Frage zu einen Programm OTL nennt sich das und damit wollte ich einen scan machen weil ich mir gestern abend einen Adware Software installiert habe da ich nicht sicher bin wie ich diesen log auswerten soll wollte ich euch fragen ob ihr mir dabei helfen könntet Hier der LogOTL Logfile: Code:
ATTFilter OTL logfile created on: 16.03.2015 16:10:02 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\ 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17690) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,90 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 82,16% Memory free 8,09 Gb Paging File | 6,61 Gb Available in Paging File | 81,65% Paging File free Paging file location(s): c:\pagefile.sys 200 1024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,79 Gb Total Space | 16,43 Gb Free Space | 14,70% Space Free | Partition Type: NTFS Drive D: | 465,66 Gb Total Space | 450,55 Gb Free Space | 96,75% Space Free | Partition Type: NTFS Computer Name: NECRO | User Name: MC-Necro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (BlueStack Systems, Inc.) PRC - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) PRC - C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET) PRC - C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.) PRC - C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Stardock Software, Inc) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll () ========== Services (SafeList) ========== SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe () SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (MsKeyboardFilter) -- C:\Windows\SysNative\KeyboardFilterSvc.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BthHFSrv) -- C:\Windows\SysNative\BthHFSrv.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation) SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation) SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation) SRV:64bit: - (igfxCUIService1.0.0.0) -- C:\Windows\SysNative\igfxCUIService.exe (Intel Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (Origin Client Service) -- C:\Program Files (x86)\Origin\OriginClientService.exe (Electronic Arts) SRV - (Disc Soft Lite Bus Service) -- C:\Programme\DAEMON Tools Lite\DiscSoftBusService.exe (Disc Soft Ltd) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe (AVG Technologies) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation) SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation) SRV - (Service KMSELDI) -- C:\Programme\KMSpico\Service_KMS.exe (@ByELDI) SRV - (BstHdUpdaterSvc) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (BlueStack Systems, Inc.) SRV - (BstHdLogRotatorSvc) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) SRV - (BstHdAndroidSvc) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (ekrn) -- C:\Programme\ESET\ESET Smart Security\x86\ekrn.exe (ESET) SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (Start8) -- C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe (Stardock Software, Inc) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (ADExchange) -- C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe (ArcSoft, Inc.) SRV - (Launch TotalMedia Theatre 6 Driver) -- C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TMTLaunchDriverServer.exe (ArcSoft, Inc.) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation) DRV:64bit: - (dtlitescsibus) -- C:\Windows\SysNative\drivers\dtlitescsibus.sys (Disc Soft Ltd) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdWB6.sys (Advanced Micro Devices) DRV:64bit: - (Hamachi) -- C:\Windows\SysNative\drivers\Hamdrv.sys (LogMeIn Inc.) DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation) DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (ReFS) -- C:\Windows\SysNative\drivers\refs.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET) DRV:64bit: - (edevmon) -- C:\Windows\SysNative\drivers\edevmon.sys (ESET) DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET) DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET) DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET) DRV:64bit: - (EpfwLWF) -- C:\Windows\SysNative\drivers\EpfwLWF.sys (ESET) DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation) DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (kbldfltr) -- C:\Windows\SysNative\drivers\kbldfltr.sys (Microsoft Corporation) DRV:64bit: - (Vid) -- C:\Windows\SysNative\drivers\Vid.sys (Microsoft Corporation) DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\drivers\vmbusr.sys (Microsoft Corporation) DRV:64bit: - (storvsp) -- C:\Windows\SysNative\drivers\storvsp.sys (Microsoft Corporation) DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\drivers\vpcivsp.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (Wof) -- C:\Windows\SysNative\drivers\wof.sys (Microsoft Corporation) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ArcCtrl) -- C:\Windows\SysNative\drivers\ArcCtrl.sys () DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation) DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation) DRV:64bit: - (t_mouse.sys) -- C:\Windows\SysNative\drivers\t_mouse.sys () DRV:64bit: - (amdkmafd) -- C:\Windows\SysNative\drivers\amdkmafd.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group) DRV:64bit: - (RecFltr) -- C:\Windows\SysNative\drivers\RecFltr.sys () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (HWiNFO32) -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS (REALiX(tm)) DRV - (BstHdDrv) -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStack Systems) DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gfe_rd=cr&ei=q_cFVfHuJMuK-Qa2qIGIBw&gws_rd=ssl IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\..\SearchScopes\{2B525A53-40D1-437E-AF4F-FE66323C7910}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.6.2: C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2015.03.08 18:20:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions O1 HOSTS File: ([2013.08.22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MouseDriver] C:\Windows\SysNative\TiltWheelMouse.exe (Pixart Imaging Inc) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-3114231556-3272972307-1787784662-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.161 83.169.185.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E887280-384E-4E94-85D5-23EDDD707C66}: DhcpNameServer = 83.169.185.161 83.169.185.225 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\bf4.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\bf4_x86.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\bfh.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\crysis3.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\origin.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\originer.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\tm server.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\ulaunchtmt6.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27:64bit: - HKLM IFEO\utotalmediatheatre6.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\bf4.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\bf4_x86.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\bfh.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\crysis3.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\origin.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\originer.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\tm server.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\ulaunchtmt6.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O27 - HKLM IFEO\utotalmediatheatre6.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG Technologies) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2015.03.15 21:44:21 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{789ce035-c4aa-11e4-82cc-74d435bb1459}\Shell - "" = AutoRun O33 - MountPoints2\{789ce035-c4aa-11e4-82cc-74d435bb1459}\Shell\AutoRun\command - "" = "G:\Setup.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.03.16 15:56:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2015.03.16 15:16:36 | 000,129,752 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2015.03.16 15:16:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2015.03.16 15:16:25 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2015.03.16 15:16:25 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2015.03.16 15:16:25 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2015.03.16 15:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2015.03.16 15:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2015.03.15 23:10:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar [2015.03.15 23:10:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Sidebar [2015.03.15 23:10:40 | 000,041,784 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\TURegOpt.exe [2015.03.15 23:10:40 | 000,030,520 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\authuitu.dll [2015.03.15 23:10:40 | 000,025,912 | ---- | C] (AVG Technologies) -- C:\Windows\SysWow64\authuitu.dll [2015.03.15 23:10:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG [2015.03.15 22:25:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2015.03.15 21:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2015.03.15 21:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2015.03.15 20:47:42 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009 [2015.03.15 20:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\atjs [2015.03.15 20:45:44 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\lz5X1XA [2015.03.15 20:45:44 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\7eTwD7u [2015.03.15 20:45:43 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\oVy5zhI [2015.03.12 19:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2015.03.12 19:35:25 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2015.03.12 19:34:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2015.03.11 13:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater [2015.03.11 12:54:46 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\calc.exe [2015.03.11 12:54:45 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\calc.exe [2015.03.11 12:54:42 | 000,264,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys [2015.03.11 12:54:42 | 000,114,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdNisDrv.sys [2015.03.11 12:54:42 | 000,044,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys [2015.03.11 12:54:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winshfhc.dll [2015.03.11 12:54:40 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winshfhc.dll [2015.03.11 12:54:14 | 000,723,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SHCore.dll [2015.03.11 12:54:14 | 000,560,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SHCore.dll [2015.03.11 12:54:10 | 003,097,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msftedit.dll [2015.03.11 12:54:10 | 002,484,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msftedit.dll [2015.03.11 12:54:10 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2015.03.11 12:54:10 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\photowiz.dll [2015.03.11 12:54:10 | 000,301,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2015.03.11 12:54:10 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\photowiz.dll [2015.03.11 12:54:10 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2015.03.11 12:54:10 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2015.03.11 12:54:09 | 002,257,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dwmcore.dll [2015.03.11 12:54:09 | 001,943,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dwmcore.dll [2015.03.11 12:54:09 | 001,091,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll [2015.03.11 12:54:09 | 000,864,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2015.03.11 12:54:08 | 004,298,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_47.dll [2015.03.11 12:54:08 | 003,551,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_47.dll [2015.03.11 12:54:08 | 001,488,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2015.03.11 12:54:08 | 001,464,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2015.03.11 12:54:08 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2015.03.11 12:54:08 | 001,204,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2015.03.11 12:54:08 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atlthunk.dll [2015.03.11 12:54:07 | 002,773,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2015.03.11 12:54:07 | 002,459,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2015.03.11 12:54:07 | 000,971,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSShared.dll [2015.03.11 12:54:07 | 000,811,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll [2015.03.11 12:54:07 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll [2015.03.11 12:54:07 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll [2015.03.11 12:54:07 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StorageContextHandler.dll [2015.03.11 12:54:07 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\StorageContextHandler.dll [2015.03.11 12:54:06 | 007,472,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2015.03.11 12:54:06 | 001,733,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2015.03.11 12:54:01 | 003,547,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2015.03.11 12:54:01 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappcfg.dll [2015.03.11 12:54:01 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapphost.dll [2015.03.11 12:54:01 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eapp3hst.dll [2015.03.11 12:54:01 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappcfg.dll [2015.03.11 12:54:01 | 000,266,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapphost.dll [2015.03.11 12:54:01 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eapp3hst.dll [2015.03.11 12:54:01 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll [2015.03.11 12:54:01 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2015.03.11 12:54:01 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\eappgnui.dll [2015.03.11 12:54:01 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\eappgnui.dll [2015.03.11 12:53:50 | 006,035,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2015.03.11 12:53:49 | 002,865,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2015.03.11 12:53:49 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2015.03.11 12:53:49 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2015.03.11 12:53:49 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2015.03.11 12:53:49 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2015.03.11 12:53:49 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2015.03.11 12:53:49 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2015.03.11 12:53:49 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2015.03.11 12:53:49 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2015.03.11 12:53:49 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2015.03.11 12:53:49 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2015.03.11 12:53:49 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2015.03.11 12:53:49 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2015.03.11 12:53:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2015.03.11 12:53:49 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2015.03.11 12:53:49 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2015.03.11 12:53:49 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2015.03.11 12:53:47 | 002,501,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2015.03.11 12:53:47 | 002,207,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2015.03.11 12:53:47 | 001,763,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2015.03.11 12:53:47 | 001,090,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MrmCoreR.dll [2015.03.11 12:53:47 | 000,791,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MrmCoreR.dll [2015.03.11 12:53:47 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2015.03.11 12:53:47 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2015.03.11 12:53:47 | 000,046,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\LockScreenContentServer.exe [2015.03.11 12:53:43 | 001,384,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll [2015.03.09 16:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity [2015.03.09 16:25:47 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\Audacity [2015.03.09 16:25:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2015.03.09 13:56:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Medieval Software [2015.03.09 13:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Medieval Software [2015.03.08 18:18:41 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\DVDVideoSoft [2015.03.07 11:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam [2015.03.07 11:50:41 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\Documents\My Games [2015.03.07 11:47:54 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black_Box [2015.03.07 11:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BioShock Infinite [2015.03.07 10:39:03 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\vlc [2015.03.07 10:32:09 | 000,030,352 | ---- | C] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtlitescsibus.sys [2015.03.07 10:32:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2015.03.07 10:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2015.03.07 10:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2015.03.04 21:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirusTotalUploader2 [2015.03.04 21:44:49 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2 [2015.03.04 21:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2 [2015.02.28 17:23:32 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Local\Stardock_Corporation [2015.02.28 16:45:52 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Local\Stardock [2015.02.28 16:45:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock [2015.02.28 16:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock [2015.02.28 16:45:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock [2015.02.28 16:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock [2015.02.28 15:49:44 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\App Launcher Gadget [2015.02.28 15:46:33 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Local\Clipboarder [2015.02.28 13:10:05 | 000,080,488 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysNative\MMCEDT6.exe [2015.02.28 13:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 6 [2015.02.28 13:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft [2015.02.27 19:39:41 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\XMedia Recode [2015.02.27 19:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID [2015.02.27 19:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID [2015.02.27 18:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode [2015.02.27 18:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMedia Recode [2015.02.21 20:44:24 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDesign.dll [2015.02.21 20:44:24 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudFile.dll [2015.02.21 20:44:24 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioInfos.dll [2015.02.21 20:44:24 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioVisu.dll [2015.02.21 20:44:24 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudPlayer.dll [2015.02.21 20:44:24 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudioRecord.dll [2015.02.21 20:44:24 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\AudDisplay.dll [2015.02.21 20:44:24 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\WMAFile.dll [2015.02.21 20:44:24 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTL32.OCX [2015.02.21 20:44:24 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMCT232.OCX [2015.02.21 20:44:24 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL [2015.02.21 20:44:24 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.OCX [2015.02.21 20:44:24 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL [2015.02.21 20:44:24 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetfr.DLL [2015.02.21 20:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack [2015.02.21 20:44:23 | 001,081,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mscomctl.ocx [2015.02.21 20:44:23 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll [2015.02.21 20:44:23 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX [2015.02.21 20:44:23 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll [2015.02.21 20:44:23 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX [2015.02.21 20:44:23 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL [2015.02.21 20:44:23 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mscc2fr.dll [2015.02.21 20:44:23 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL [2015.02.21 20:44:23 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TABCTFR.DLL [2015.02.21 20:44:23 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\FreeAudioPack [2015.02.21 20:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free mp3 Wma Converter [2015.02.21 10:38:07 | 000,000,000 | ---D | C] -- C:\Users\MC-Necro\AppData\Roaming\Rename Expert [2015.02.21 10:37:40 | 006,441,984 | ---- | C] (Debenu Pty Ltd) -- C:\Windows\SysWow64\DebenuPDFLibraryLite1011.dll [2015.02.21 10:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rename Expert [2015.02.21 10:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rename Expert [2015.02.14 21:22:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015.03.16 16:06:09 | 001,780,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2015.03.16 16:06:09 | 000,765,378 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2015.03.16 16:06:09 | 000,723,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015.03.16 16:06:09 | 000,159,696 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2015.03.16 16:06:09 | 000,135,930 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2015.03.16 16:02:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015.03.16 16:00:13 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2015.03.16 16:00:08 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys [2015.03.16 15:18:38 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015.03.16 15:16:27 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2015.03.15 21:44:21 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2015.03.15 20:53:42 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\029B560A371F4E00AB32838EBC01B9E7 [2015.03.15 20:45:48 | 000,000,080 | ---- | M] () -- C:\Users\MC-Necro\AppData\Local\recently-fix.db [2015.03.15 16:51:53 | 000,226,680 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2015.03.15 16:51:47 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2015.03.13 12:57:27 | 000,338,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015.03.12 19:35:04 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2015.03.09 22:30:14 | 000,005,487 | ---- | M] () -- C:\Users\MC-Necro\AppData\Roaming\XRNF [2015.03.09 22:30:14 | 000,005,487 | ---- | M] () -- C:\Users\MC-Necro\AppData\Roaming\DNDQ [2015.03.09 15:19:05 | 000,271,256 | ---- | M] () -- C:\Users\MC-Necro\Desktop\Hübsch.jpg [2015.03.07 11:47:54 | 000,001,508 | ---- | M] () -- C:\Users\MC-Necro\Desktop\BioShock Infinite.lnk [2015.03.07 10:32:09 | 000,030,352 | ---- | M] (Disc Soft Ltd) -- C:\Windows\SysNative\drivers\dtlitescsibus.sys [2015.03.04 22:24:42 | 000,792,032 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2015.03.04 22:24:42 | 000,178,144 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2015.02.28 15:55:53 | 000,000,119 | ---- | M] () -- C:\Users\MC-Necro\AppData\Roaming\System Monitor II_UptimeRecord.ini [2015.02.28 14:17:34 | 000,000,460 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2015.02.28 13:10:05 | 000,002,426 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk [2015.02.27 19:03:20 | 000,007,597 | ---- | M] () -- C:\Users\MC-Necro\AppData\Local\Resmon.ResmonCfg [2015.02.25 09:25:02 | 000,041,784 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\TURegOpt.exe [2015.02.25 09:24:52 | 000,030,520 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\authuitu.dll [2015.02.25 09:24:52 | 000,025,912 | ---- | M] (AVG Technologies) -- C:\Windows\SysWow64\authuitu.dll [2015.02.21 01:27:45 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2015.02.21 00:58:53 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2015.02.21 00:32:48 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2015.02.20 04:03:49 | 000,358,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2015.02.20 03:58:26 | 000,044,032 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2015.02.20 03:49:19 | 000,584,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2015.02.20 03:47:56 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2015.02.20 03:35:01 | 000,816,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2015.02.20 03:34:24 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2015.02.20 03:32:34 | 006,035,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2015.02.20 03:20:15 | 000,301,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2015.02.20 03:15:32 | 000,035,840 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2015.02.20 03:07:24 | 000,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2015.02.20 03:06:44 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2015.02.20 03:05:05 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2015.02.20 02:56:47 | 000,664,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2015.02.20 02:49:28 | 000,801,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2015.02.20 02:46:45 | 002,125,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2015.02.20 02:29:00 | 002,865,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2015.02.20 02:24:21 | 002,052,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2015.02.20 02:03:34 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2015.02.20 01:55:38 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2015.03.16 15:16:27 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2015.03.15 23:10:39 | 000,002,249 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk [2015.03.15 21:44:21 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2015.03.15 20:53:42 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\029B560A371F4E00AB32838EBC01B9E7 [2015.03.15 20:45:48 | 000,000,080 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\recently-fix.db [2015.03.11 12:54:15 | 000,396,419 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2015.03.09 22:30:14 | 000,005,487 | ---- | C] () -- C:\Users\MC-Necro\AppData\Roaming\XRNF [2015.03.09 22:30:14 | 000,005,487 | ---- | C] () -- C:\Users\MC-Necro\AppData\Roaming\DNDQ [2015.03.09 16:25:45 | 000,001,051 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2015.03.09 15:19:05 | 000,271,256 | ---- | C] () -- C:\Users\MC-Necro\Desktop\Hübsch.jpg [2015.03.08 12:00:38 | 000,338,160 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015.03.07 11:47:54 | 000,001,508 | ---- | C] () -- C:\Users\MC-Necro\Desktop\BioShock Infinite.lnk [2015.02.28 15:55:53 | 000,000,119 | ---- | C] () -- C:\Users\MC-Necro\AppData\Roaming\System Monitor II_UptimeRecord.ini [2015.02.28 14:17:34 | 000,000,460 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2015.02.28 13:10:30 | 016,777,216 | -HS- | C] () -- C:\swapfile.sys [2015.02.28 13:10:06 | 000,002,158 | ---- | C] () -- C:\Windows\SysNative\drivers\win81Logo.inf [2015.02.28 13:10:05 | 003,315,392 | ---- | C] () -- C:\Windows\SysNative\drivers\ArcCtrl.sys [2015.02.28 13:10:05 | 000,009,883 | ---- | C] () -- C:\Windows\SysNative\drivers\win81_64logo.cat [2015.02.28 13:10:05 | 000,002,426 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk [2015.02.21 20:44:24 | 000,116,296 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx [2015.02.21 20:44:23 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2015.02.13 16:40:42 | 000,000,290 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\4C9D2FA9_stp.CIS.part [2015.02.13 16:40:41 | 000,118,724 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\4C9D2FA9_stp.CIS [2015.02.13 16:40:34 | 000,000,234 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\024F379A_stp.CIS.part [2015.02.13 16:40:33 | 000,197,360 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\024F379A_stp.CIS [2015.01.25 17:12:14 | 000,001,248 | ---- | C] () -- C:\Users\MC-Necro\AppData\Roaming\CZWL [2015.01.10 11:14:41 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2015.01.10 11:14:38 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2015.01.09 20:34:58 | 000,226,680 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2015.01.09 20:34:57 | 000,076,152 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2015.01.09 18:17:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2015.01.09 18:07:25 | 001,804,472 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2015.01.09 18:06:26 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2015.01.09 18:00:29 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe [2015.01.09 18:00:29 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2015.01.09 17:55:41 | 000,004,608 | ---- | C] () -- C:\Windows\SECOH-QAD.exe [2015.01.09 17:55:41 | 000,003,584 | ---- | C] () -- C:\Windows\SECOH-QAD.dll [2015.01.09 12:48:16 | 000,007,597 | ---- | C] () -- C:\Users\MC-Necro\AppData\Local\Resmon.ResmonCfg [2014.11.21 03:25:30 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\amdhdl32.dll [2014.11.20 21:35:00 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2014.10.03 17:36:30 | 000,186,368 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2014.10.03 17:36:28 | 016,810,624 | ---- | C] () -- C:\Windows\SysWow64\igd11dxva32.dll [2014.07.21 22:04:58 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2014.07.21 22:04:58 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2014.07.21 22:04:46 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2014.07.21 22:04:04 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2014.07.21 22:04:04 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2014.03.18 11:13:02 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini [2013.08.22 16:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2013.08.22 16:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2013.08.22 15:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2013.08.22 08:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2013.08.22 00:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2013.08.22 00:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2015.01.09 18:30:32 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015.02.12 18:40:58 | 022,291,584 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015.02.12 18:34:06 | 019,731,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014.10.29 02:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2014.10.29 01:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014.10.29 02:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2015.03.15 20:47:42 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\03D40274-1426448862-05BB-1406-590700080009 [2015.03.15 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\7eTwD7u [2015.01.09 19:38:22 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\Abelssoft [2015.01.10 10:45:56 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\AMD [2015.02.28 15:52:56 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\App Launcher Gadget [2015.03.14 21:16:24 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\Audacity [2015.01.09 19:42:12 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\AVG [2015.03.07 11:22:15 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\DAEMON Tools Lite [2015.03.14 21:00:16 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\DVDVideoSoft [2015.01.09 19:10:39 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\ESET [2015.02.21 20:44:23 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\FreeAudioPack [2015.02.04 16:11:53 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\ImgBurn [2015.01.09 18:23:27 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\IObit [2015.03.15 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\lz5X1XA [2015.01.08 21:03:37 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\Origin [2015.03.15 21:16:21 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\oVy5zhI [2015.02.21 10:38:07 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\Rename Expert [2015.01.09 18:57:09 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\Samsung [2015.02.27 19:39:41 | 000,000,000 | ---D | M] -- C:\Users\MC-Necro\AppData\Roaming\XMedia Recode ========== Purity Check ========== < End of report > ExtrasOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.03.2015 16:10:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17690)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,90 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 82,16% Memory free
8,09 Gb Paging File | 6,61 Gb Available in Paging File | 81,65% Paging File free
Paging file location(s): c:\pagefile.sys 200 1024 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 16,43 Gb Free Space | 14,70% Space Free | Partition Type: NTFS
Drive D: | 465,66 Gb Total Space | 450,55 Gb Free Space | 96,75% Space Free | Partition Type: NTFS
Computer Name: NECRO | User Name: MC-Necro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3114231556-3272972307-1787784662-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0277605E-AED8-46AA-85A3-70C79C5676B3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{161E68B2-2457-45F8-A8A1-345AF9067847}" = rport=27000 | protocol=6 | dir=out | name=theforestunlockport |
"{28CEC358-F766-43AA-B626-A3670029F13C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3C57BF24-1173-4033-8CB7-AFB24A8EFAAE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FDD967D-2C8F-47D1-B37F-C58B26A0D071}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{6659D1ED-AA31-4471-9ADE-00E6089F43CB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6D3F5BA9-981A-4DFF-BF7A-8CE810EC3B79}" = lport=1688 | protocol=6 | dir=in | name=kms emulator port |
"{7710C7D8-76FA-4715-9216-3CD2466F28E2}" = lport=27015 | protocol=6 | dir=in | name=garrysmodunlockedport |
"{7ACCF0A4-EB9E-4478-9D7B-E3E12958C75C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7EA61F90-7620-440C-8E06-04F64171A4EB}" = rport=27015 | protocol=6 | dir=out | name=garrysmodunlockedport |
"{86DB5451-14AA-47F3-AA5F-65E321C9C56D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{878074FC-6C68-42ED-839D-27AAF264E82C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C16F00C7-7DE3-403F-A94E-F689A64567BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F38B6BE5-5A00-49EE-AD11-EDD3C30D8B4E}" = lport=27000 | protocol=6 | dir=in | name=theforestunlockport |
"{FDDCCC72-0F38-4D57-B59A-243E5C4F76D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088B47AB-5503-497C-922D-7A5900E5E3D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1024AA11-C11A-4AF2-93FE-C2A06D5E4939}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{111CA0A9-31A0-4DBB-BBFA-55BEBC6C49A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1290B03A-08F8-4BEC-B78E-74871B23FAF8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{12B01FB9-7833-4A3D-BCEF-E9DA2440602C}" = dir=out | name=@{microsoft.bingnews_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{136EBEB1-1452-4A08-B4BF-7DB97E579980}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1ACC5C54-53D4-42AB-BE3A-EFE9B7D2D241}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B7B4B6A-6B15-43BD-A787-AC2213573BA4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C06427B-3322-42B8-920F-FC5591F658D4}" = dir=out | name=@{microsoft.zunemusic_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{22BD07E5-86C9-45F5-ADC3-0A0FFB5F71D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{252C53DA-F233-46D3-B947-012EBC8AF49D}" = dir=out | name=windows_ie_ac_001 |
"{294E46EC-C695-45D3-9214-D6BC71B2A612}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{2F4B92DF-D3C3-4B69-A308-5A8EF322F1B8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{361F6240-A103-4813-A178-47BEA4B5647F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{36895411-55D3-4766-89E3-256AAEF61942}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{381C11D7-F975-4CE2-9785-3F3C2A8C6D25}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{38E74A3E-B785-458A-8BD8-4F5267EB38BA}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{3C2D4BF0-86D6-434D-B250-B8D0D3CE7744}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{3C83B618-E566-4EAA-8002-97828F793DF4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{3D80B395-4A61-4E3F-894F-C5BE17297F3E}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{409B5FB6-D455-4F3C-AC9C-88DB330462E7}" = dir=out | name=@{microsoft.bingsports_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{41E40A22-0D84-4DD5-9878-BBA934F249BD}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{53FF68D6-C598-46F8-86B1-8CF03E55C7E4}" = protocol=6 | dir=out | app=system |
"{5438D2DB-CCEF-4D21-B235-C0CAD63C4567}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{54E90E93-5503-4826-A69D-472BA44026BA}" = dir=out | name=@{microsoft.bingtravel_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{55E1B5A1-7E51-44DF-A578-8698E813E138}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{58D90B63-0115-4C3D-AC14-6C2D14619E14}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5A26885D-E389-414C-8138-AFE98FB85617}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{5A851E45-49C2-4444-8D1A-3D54CA17C89C}" = dir=out | name=@{microsoft.bingfinance_3.0.2.234_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{63DA6731-D415-4DBD-9805-F653B5E818CE}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{65B4F8AC-4945-4C82-A622-EDBA406AD40B}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{67BA14E5-123E-4400-9BE2-05902F81DD15}" = dir=in | name=onenote |
"{74F9C710-3A3E-43D4-AF80-009BD1B3118F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{754A93B5-2DAE-4CDF-B0C4-04E8CC0EEAC3}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{758EA4A8-F53F-48F5-870C-A0E9D08C8DD9}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{7C841C5F-F8E9-45C7-8851-D58D28C25750}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{7EBCE277-2E46-4940-81B2-60F28D3563A0}" = dir=out | name=onenote |
"{82E40E86-443A-4A02-B3C5-75B8362760EF}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{8BC8C3C6-0FD6-4A1A-B091-21325E2C12C3}" = dir=out | name=@{microsoft.bingweather_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{95CAA85C-DD55-4C22-9573-65105B8A155B}" = protocol=17 | dir=in | app=c:\program files\kmspico\service_kms.exe |
"{96AF78DF-816E-4E36-AFD8-92BD4E489019}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9D203CB9-54FF-459D-9A41-F886862029C6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9D624963-25E0-41AF-AE03-D8C8A8AE1083}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A5DF2E30-EB6D-45AF-806C-838E716845CF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AA4CAF7E-47F7-424D-949B-138E43807DD4}" = protocol=6 | dir=in | app=c:\program files\kmspico\service_kms.exe |
"{ABE2A200-6C43-4A5B-A487-9CE316CF684D}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{B437196D-1EEC-4AE8-92A9-9D2140B6D12B}" = dir=out | name=skype |
"{BCA5388C-EBAC-4B83-A7F1-90955214035D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C4A194E8-80D1-407C-9028-565DD823AEEC}" = dir=out | name=windows_ie_ac_001 |
"{CA42EF05-B6CB-4993-BF94-F4304AA822D5}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{CC646C2A-A530-43F3-B19D-DBE90C682560}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{D5ECB9A6-CAD5-4C81-A4A9-F3B51BE39998}" = protocol=58 | dir=in | app=system |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D6B57275-7717-4321-BE9C-6B3F074D6F3D}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{D76EB107-C16A-4E68-BC7A-F1382F08FE0C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D85CA9A3-62D9-45B3-B368-370AC1D89A2C}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DDCA365C-1321-4E14-B6CA-A4BA0E883506}" = dir=in | name=skype |
"{DF3973E2-CFB5-4A1A-8398-B685BA9E6196}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E403890D-1355-4394-9120-61BC860C410E}" = dir=out | name=@{microsoft.zunevideo_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{EF6BD61D-A00A-4575-B6FE-1F400F1988CF}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F78A42BF-FD4A-472B-957A-CFB62721C4AB}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{F833EF53-2F1F-4ED6-8991-A4586097FEC7}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.229_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{FC5C4028-1630-47B8-93BA-77F8436A9F46}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{99EFA947-C485-43D3-922C-C8A6B8499A77}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{87B80F33-F8FD-419B-A925-EED3D08469F2}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1CEAC85D-2590-4760-800F-8DE5E91F3700}" = Intel(R) Management Engine Components
"{1D1CB210-D05E-5BF4-F998-2B1903EE4323}" = AMD Accelerated Video Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86418031F0}" = Java 8 Update 31 (64-bit)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{3DE97849-544D-4D68-9255-11DF6F9F10D8}" = Intel® Trusted Connect Service Client
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology
"{4B3EF5E6-9A2C-0A1B-C61C-B1FD444B84BC}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.1.2
"{75F06437-40F4-4A65-BC65-FC194D6B7EBA}" = ESET Smart Security
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1" = KMSpico
"{B7CC660E-F31D-490C-BD2A-2CB2EC5A5E3A}" = Intel(R) Chipset Device Software
"{B9C27F57-AB84-425F-9D00-E18C5D65C18D}" = Intel(R) Rapid Storage Technology
"{D4FC649C-0247-4873-930D-D9E6904DCAF5}" = Intel(R) Management Engine Components
"{E1CBE9A2-1323-488E-9F3B-736DF6399F38}" = Intel(R) Management Engine Components
"{E7ACB435-E0B4-4770-77DE-ED38887CD133}" = AMD Fuel
"{F2A7CE36-57BF-5C86-952D-90DBF3746D82}" = AMD Catalyst Install Manager
"DAEMON Tools Lite" = DAEMON Tools Lite
"jdownloader2" = JDownloader 2
"Start8_is1" = Stardock Start8
"Unlocker" = Unlocker 1.9.2
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{070232F8-068B-1FF6-B5C4-F8F38E09C7E1}" = CCC Help Turkish
"{089F13E8-FE1E-9E10-8394-59EB3144C5EA}" = Catalyst Control Center Graphics Previews Common
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{104DE091-6C4F-C5A9-F619-5D6C965A0296}" = CCC Help Chinese Traditional
"{11087D24-567D-7D88-69C6-D7A08B5F4C47}" = Catalyst Control Center - Branding
"{16D24066-E53C-9C3E-21BB-8E16BF0BF1B2}" = CCC Help Dutch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{24784631-F22D-9570-2C7D-C893CFA0815E}" = CCC Help Swedish
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0
"{25A3B953-1423-3F15-640E-B620DD0F419A}" = Catalyst Control Center - Branding
"{26A24AE4-039D-4CA4-87B4-2F83218040F0}" = Java 8 Update 40
"{285C9F30-3BF8-697B-BD1D-353435E94B78}" = CCC Help Hungarian
"{29967A7C-6E18-91CD-BBE4-9C09F401E950}" = CCC Help Italian
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung Magician
"{2B656071-B4F5-5EED-1CEA-8357D5D89756}" = CCC Help Thai
"{2F82B501-6358-476E-A9AC-A6DABD2E52F9}" = BioShock Infinite
"{316F6900-121C-EAE3-06B5-6D033DAD6B46}" = CCC Help Hungarian
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3D312F2B-705E-4367-0E43-637742582226}" = CCC Help Chinese Traditional
"{40AF58D5-D86D-8D3C-5D39-882C8ABB6249}" = CCC Help Japanese
"{47B9191A-C6F9-463F-7651-8C915A56CCA7}" = CCC Help Norwegian
"{491B10A8-E797-6E1A-E8F0-CC5ED4A697BF}" = CCC Help Czech
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F34C608-AC66-DBD9-02B3-07F2A3714AB0}" = CCC Help Danish
"{5232358C-7C23-4319-8271-E43F924196AC}" = ArcSoft TotalMedia Theatre 6
"{523885CC-D186-A675-CE46-C02D13CD285A}" = CCC Help German
"{54D05374-2428-7BE0-58CD-CE8031163DE6}" = CCC Help Russian
"{5993537E-0B1C-2656-DE59-3B52AACCA4C8}" = CCC Help French
"{5C6AFE98-08BF-086A-300D-18F77D284966}" = CCC Help Swedish
"{5C757800-27E8-2AE3-889A-8B959AE689F8}" = CCC Help Japanese
"{5D2B5E19-C333-4519-3D32-AAB8EEE9ACA4}" = AMD Catalyst Control Center
"{5D3EC645-B957-36A1-068A-FE8450963669}" = CCC Help Spanish
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61B90A4D-8CC9-2FED-2495-AC8C9467C984}" = CCC Help Norwegian
"{6BC24106-5BED-9E52-E484-1CD9CB444DD0}" = CCC Help English
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7410FDD9-8CFF-04DB-E8DC-66BA97935C0C}" = CCC Help Polish
"{78BE8723-7889-33EB-46C5-E068E4A9A754}" = CCC Help Russian
"{7C5B13DA-6A68-86C7-ED29-610CA0F49555}" = CCC Help French
"{80680785-2EE1-053F-9CD3-4B2C904596EE}" = Catalyst Control Center InstallProxy
"{85FC260B-5951-4278-95BF-E8F40802E49E}" = AVG PC TuneUp 2015 (de-DE)
"{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"{8DCCC556-265B-478A-8B32-C12DA988BA74}" = BlueStacks Notification Center
"{95B8F519-8C35-9010-A63C-51B3E0EE8D4E}" = CCC Help Dutch
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC1BBD7-B625-7B3F-DC5B-519A17E5A509}" = CCC Help Greek
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A3806AB7-AB46-7672-A825-F9AE0DE6910A}" = CCC Help Finnish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A996C182-3724-4DF1-A4BC-66154FE57DFE}" = AVG PC TuneUp 2015
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Deutsch
"{B079957C-3276-4B9F-DB08-D1CA8C090D9E}" = CCC Help Greek
"{B12BE177-DC00-5746-3AB9-91CD090AF555}" = Catalyst Control Center Localization All
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BE862892-0337-B30D-A2A3-9296BA9E2B4D}" = Catalyst Control Center Localization All
"{BF5509A0-250A-25EA-0C19-61505E9EBA13}" = CCC Help Chinese Standard
"{C4401B9F-F462-44F3-B96E-390AF4DC0EE6}_is1" = Rename Expert 5.6.0
"{C4EE2BA3-EEA5-9650-86E0-0405ECA5C22C}" = CCC Help Thai
"{C69EA753-0D3F-E48B-8C98-7F6310DC29B8}" = CCC Help German
"{D0E4CC40-2731-4737-F184-E422D113EE1D}" = CCC Help Italian
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.2.1.7
"{E1E6EEEA-F7CF-1AD4-F404-7EFA1E5E8365}" = CCC Help Portuguese
"{e48a2f61-851a-4155-82f9-af1b04db8c3b}" = Intel® Chipsatz-Gerätesoftware
"{E70BF0B0-1AD5-E7B7-6448-B66F20E76701}" = CCC Help Korean
"{EB766D4A-C56C-946D-F74D-43C78FE4521E}" = CCC Help Korean
"{EBE23E56-BA76-02E9-1C6A-8D9043C7E887}" = CCC Help Finnish
"{ED0D7699-1943-0C29-7465-6530F8DE2DA2}" = CCC Help Polish
"{EDA5BB56-AAF4-6889-AD8E-E25A17BD140B}" = CCC Help Czech
"{EE6909C4-C751-7C0D-B295-90CD93E68817}" = CCC Help Turkish
"{EEF14371-2D24-5A2D-0EF2-22010DB4CFA6}" = CCC Help Danish
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F3CB7B-2F62-F6EF-07EA-81143A463B31}" = CCC Help Chinese Standard
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F825EA58-D723-06A1-4F5F-620934DA66AB}" = CCC Help Spanish
"{FDD69799-37B2-9ACE-F70C-ABD1F96FD04C}" = CCC Help Portuguese
"{FDF2FE33-426D-45C2-4E70-76C162F1B790}" = CCC Help English
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Shockwave Player" = Adobe Shockwave Player 12.1
"AIDA64 Extreme_is1" = AIDA64 Extreme v5.00
"Audacity_is1" = Audacity 2.0.6
"AVG PC TuneUp" = AVG PC TuneUp 2015
"Battlelog Web Plugins" = Battlelog Web Plugins
"BlueStacks App Player" = BlueStacks App Player
"CHIP Updater_is1" = CHIP Updater
"Driver Booster_is1" = Driver Booster 2.1
"ESN Sonar-0.70.4" = ESN Sonar
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"InstallShield_{5232358C-7C23-4319-8271-E43F924196AC}" = ArcSoft TotalMedia Theatre 6
"InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.4.1028
"Origin" = Origin
"RTSS" = RivaTuner Statistics Server 6.3.0
"VTUploader" = VirusTotal Uploader 2.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3114231556-3272972307-1787784662-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.03.2015 18:06:38 | Computer Name = Necro | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert
.
Error - 15.03.2015 18:07:15 | Computer Name = Necro | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert
.
Error - 15.03.2015 18:10:02 | Computer Name = Necro | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
Microsoft-Verbindungsschichterkennungsprotokoll. System Error: Zugriff verweigert
.
Error - 15.03.2015 18:15:45 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
Zeitstempel: 0x54299ab0 Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
6.15.10.3960, Zeitstempel: 0x54299ab0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017719
ID
des fehlerhaften Prozesses: 0x20c Startzeit der fehlerhaften Anwendung: 0x01d05f6d927984c2
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\igfxCUIService.exe Berichtskennung: d2c183c4-cb60-11e4-82de-74d435bb1459
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.03.2015 10:11:51 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
Zeitstempel: 0x54299ab0 Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
6.15.10.3960, Zeitstempel: 0x54299ab0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017719
ID
des fehlerhaften Prozesses: 0x210 Startzeit der fehlerhaften Anwendung: 0x01d05ff322b00179
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\igfxCUIService.exe Berichtskennung: 63be54ae-cbe6-11e4-82df-74d435bb1459
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.03.2015 10:22:00 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
Zeitstempel: 0x54299ab0 Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
6.15.10.3960, Zeitstempel: 0x54299ab0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017719
ID
des fehlerhaften Prozesses: 0x214 Startzeit der fehlerhaften Anwendung: 0x01d05ff48c4c921c
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\igfxCUIService.exe Berichtskennung: cee82fd0-cbe7-11e4-82e0-74d435bb1459
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.03.2015 10:24:35 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
Zeitstempel: 0x54299ab0 Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
6.15.10.3960, Zeitstempel: 0x54299ab0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017719
ID
des fehlerhaften Prozesses: 0x1c4 Startzeit der fehlerhaften Anwendung: 0x01d05ff4e8b83ee7
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\igfxCUIService.exe Berichtskennung: 2b0f9217-cbe8-11e4-82e1-74d435bb1459
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.03.2015 10:47:52 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
Zeitstempel: 0x54299ab0 Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
6.15.10.3960, Zeitstempel: 0x54299ab0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017719
ID
des fehlerhaften Prozesses: 0x214 Startzeit der fehlerhaften Anwendung: 0x01d05ff829f9c65c
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\igfxCUIService.exe Berichtskennung: 6b95f0e4-cbeb-11e4-82e3-74d435bb1459
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
Error - 16.03.2015 11:00:12 | Computer Name = Necro | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args) bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
state)
Error - 16.03.2015 11:00:14 | Computer Name = Necro | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: igfxCUIService.exe, Version: 6.15.10.3960,
Zeitstempel: 0x54299ab0 Name des fehlerhaften Moduls: igfxCUIService.exe, Version:
6.15.10.3960, Zeitstempel: 0x54299ab0 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000017719
ID
des fehlerhaften Prozesses: 0x214 Startzeit der fehlerhaften Anwendung: 0x01d05ff9e5732db8
Pfad
der fehlerhaften Anwendung: C:\Windows\system32\igfxCUIService.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\igfxCUIService.exe Berichtskennung: 25e87a21-cbed-11e4-82e4-74d435bb1459
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist:
[ System Events ]
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMScheduler" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "MBAMService" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "AVG PC TuneUp Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "BlueStacks Android Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0"
wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 16.03.2015 10:59:31 | Computer Name = Necro | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) Dynamic Application Loader Host Interface Service"
wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 16.03.2015 11:00:12 | Computer Name = Necro | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
beendet: %%1064
Error - 16.03.2015 11:00:13 | Computer Name = Necro | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Intel(R) HD Graphics Control Panel Service" wurde mit
folgendem Fehler beendet: %%2147500037
< End of report >
|
| Themen zu Adware reste OTL LOG auswerten |
| abend, adware, auswerten, bluestacks, driver booster, frage, fragen, gestern, install.exe, installier, installiert, kmspico, könntet, launch, log, log auswerten, nennt, neu, nicht sicher, otl log, programm, refresh, reste, revo uninstaller, scan, software |
Baum-Darstellung