Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Delta Search

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.02.2013, 16:32   #1
xreason
 
Delta Search - Standard

Delta Search



Hallo Zusammen,

Ich bin neu hier auf dem Forum neu und weiß auch nicht so genau wie das hier alles geht, habe aber trotzdem folgendes Problem:

Normalerweise habe ich bei meinem Browser (Chrome) wenn ich einen neuen Tab öffne mehrere Optionen um schnell zu bestimmten häufig benutzten Internetseiten zu gelangen. Aber seit geraumer Zeit öffnet sich dann eine Seite, welche sich "delta-search" nennt. Daraufhin habe ich den begriff gegoogelt und bin dadurch auf diese Seite gelangt. In einem Beitrag hier auf der Seite habe ich dann gesehen, dass es tatsächlich eine Bedrohung ist und nicht nur eine falsche Einstellung (wenn ich das nicht falsch verstanden habe ).

Da ich wenig Ahnung von sowas habe kann ich auch nur wenige Informationen geben.
Ich hab Windows 7
der Link der sich in dem neuen Tab öffnet ist folgender:
hxxp://www.delta-search.com/?affID=119370&tt=060411_def&babsrc=NT_ss&mntrId=d0c9404b000000000000bcaec51fc960

Kann mir vielleicht jemand sagen ob das gefährlich ist und wenn ja wie ich es loswerde(auch wenn nein -.-)?

Alt 17.02.2013, 17:28   #2
markusg
/// Malware-holic
 
Delta Search - Standard

Delta Search



hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 17.02.2013, 18:44   #3
xreason
 
Delta Search - Standard

Delta Search



Extra.txt :OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.02.2013 18:20:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,32% Memory free
8,36 Gb Paging File | 6,18 Gb Available in Paging File | 73,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 14,04 Gb Free Space | 7,19% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 245,18 Gb Free Space | 62,77% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 778,81 Gb Free Space | 83,61% Space Free | Partition Type: NTFS
Drive I: | 7,26 Gb Total Space | 0,12 Gb Free Space | 1,68% Space Free | Partition Type: FAT32
 
Computer Name: TIMO-PC | User Name: Timo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0004D1D4-7C1D-439A-9AC2-73BADBF4BABE}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | 
"{02EC4184-1D8D-4721-B107-84BCEED9E38D}" = lport=6883 | protocol=17 | dir=in | name=league of legends launcher | 
"{0F9C5222-A2CB-45CE-A81A-6F347A4AC8C3}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{101716D3-F6E2-4451-ACDB-AC6F538A4D96}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{13AD776D-FF48-407E-9BCB-16A2B0811D41}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | 
"{1A3A62F1-75BE-4E40-8D0B-D874DEB4DD3F}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | 
"{1BF2F4DD-D86A-4B66-B947-C41EA1857679}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{1D494022-49A7-43D9-90C9-8B07562F5726}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1D6AE5F7-FBF6-487B-8FBB-8B36032E715C}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{1DB4B824-1C3E-4CFC-84FA-83675FD0B896}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | 
"{211E6D07-3E65-4F57-9CA6-1EB2A808D35A}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | 
"{269A2751-ABC6-4F73-9F3F-1571FF843172}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{3389899B-924D-4462-AB99-9840098CB0F1}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{39EE4BF7-CEC0-4544-ACA4-E2CCD2EE00CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{402BD922-BCD0-432B-9457-54D7674073DF}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | 
"{403C6378-3526-421C-9A58-87985E6C5F36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{42F97396-329F-4396-9BB5-7B4D336FA343}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4356454A-562F-489C-9B94-9EB6F5F6E802}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A77A798-8E0B-49C9-9032-E0BBC70C65B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4F0E567E-10F9-4817-8A5F-01D2915D92DE}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | 
"{4F913FBF-70E4-438B-8798-55D6E03E5844}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{55C15EF0-B7C4-40D9-AB55-CEC1524261AE}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | 
"{565302E7-50B5-47A0-B958-78C962BC6B4A}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{5BB57A53-C30D-4A42-950F-072CC8E36515}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5E671F99-7A67-44E5-92B7-47DEB0043494}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{5EE1EE5F-F15C-47A2-B1D8-B9345E570AD9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5FC4901E-3E89-43E3-9447-48328B157119}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface | 
"{6AF57DE6-BEB0-404C-ABCF-4FF9ADF10766}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6B4162F7-9FDA-4756-B403-C51CCCBD6102}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{6EAB66C3-9236-4B86-BF37-C95E56AC9B2A}" = lport=6883 | protocol=6 | dir=in | name=league of legends launcher | 
"{72EC5A5F-1734-49BC-9A5C-339D864413CE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{73468179-96AC-4FE4-8529-80DFF9EDF8CB}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{77A83711-2A5F-4881-8612-0AE6DD66A55B}" = lport=6945 | protocol=6 | dir=in | name=league of legends launcher | 
"{828AE39E-73B1-45D9-BA00-F13AECE909EF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{844BE3CC-131E-4390-BACD-DDA785B1277C}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{85BE460C-EE1D-4E63-AF47-85EA91191709}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{8D2E9C12-417E-4803-8848-33A742E568BB}" = lport=6891 | protocol=17 | dir=in | name=league of legends launcher | 
"{8DA38AB9-C7FF-4E1E-B320-108ED6F72F06}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | 
"{8F72FE1E-C1B0-4D63-AF84-C48D656EE208}" = rport=139 | protocol=6 | dir=out | app=system | 
"{92276009-1EDC-4208-9625-312EF3106E70}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{94490359-077B-45D2-93CB-1FC0FFDAF1CE}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | 
"{99E15819-2E57-44E2-91BD-FD422B13431C}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{9F8FCA73-C74A-4B77-B807-4F64634658C9}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{A70200DA-CBDC-4D01-9EA9-FE26692B2254}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{A723A777-6730-4EC7-A270-476F0A337794}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A9DA389D-E390-4D60-9A52-A2ACAC0A14CC}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{AB4E21BE-ADC7-4084-8972-88AEB87227F7}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{B81A208B-7E52-4C40-B6A5-9F98CC77A777}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BCBF06F4-3B83-4345-90E9-31E97D4819DD}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{C19FA696-06B4-4E67-AE79-B739B552CAE2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C247F239-EE02-4BE9-9DDD-3ED2F4238D53}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{C29E5065-C628-43CC-9BA6-D5787355FB1C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C60F6142-3146-4DAD-A7FA-B0A827356E1C}" = lport=12346 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{CB53453D-9A69-42EC-8A73-E3F5477AEA4D}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | 
"{D0050D77-1CDD-44DC-887A-E76CDC913423}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | 
"{D0B29A25-9ED4-4AA8-9813-79B3A627ADCF}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{D51EF82A-AC47-4379-8256-02FB222E137D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D93A9DD6-DBAA-42ED-980F-B23D45275136}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{DA59523C-DE3E-4158-9B17-34530DF699C6}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | 
"{DE1DC2E5-7BD5-4B96-8C30-5D1EB9554553}" = lport=6945 | protocol=17 | dir=in | name=league of legends launcher | 
"{DE517CF6-DC49-4A66-85B1-BCD40511EF22}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E0EEA43C-9E6E-46B1-9856-EA03C55ED970}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E7251563-B0BE-4380-B774-2F7A90CBC080}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E88827D8-A6DE-4645-A31C-12308E3CBE01}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | 
"{E88A4404-0D01-4DA1-A840-4E57B9F8D157}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EA5DDB95-A75F-4C61-9356-528B7AED3AA9}" = lport=19375 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlanwlancfg\dlanwlancfg.exe | 
"{EC937532-23CB-40C8-ADD3-ED4596CBC9D4}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{EE7D1491-1032-433A-B1FD-2640F5EB648D}" = lport=6891 | protocol=6 | dir=in | name=league of legends launcher | 
"{F05CB8C4-DC42-4E06-AC72-420F5F933059}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\informer\devinf.exe | 
"{F19AA354-9BDA-49FB-9B77-DA79D05A311D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F2E703D7-CB72-42E9-A4D1-7B555225AD87}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F5B52E19-E1D4-43EE-9D81-0824B9BF153D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FB4C8005-FA4B-4084-A149-9CE1BD7CB5D8}" = lport=12345 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\easyshare\easyshare.exe | 
"{FD98167C-5751-4784-AD3C-16F5E9BDCB4D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002E230E-9F97-41FF-B43B-9D7CB5EC0C79}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{01BD3913-61EF-4E58-8E44-585B6641DA6E}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{07623436-2967-4A9C-9353-860640B4D2C8}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{092655B3-5159-4DD2-ABA9-5776845783FF}" = protocol=17 | dir=in | app=d:\game\league of legends.exe | 
"{0B7C7E2C-A8C7-4409-AB51-4F25CE096FA1}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{0C3694CD-3F02-40F0-818C-8A3D22C8CA28}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{0F9DC20A-BCCE-48EA-A3C6-11C05573539B}" = protocol=6 | dir=in | app=h:\farcry 3\bin\farcry3.exe | 
"{12FDC3AD-E32E-41CE-8260-D1802C24D03F}" = protocol=6 | dir=in | app=h:\farcry 3\bin\fc3updater.exe | 
"{16BBEC4E-B174-4E8A-BB3E-DCB81EA55CEF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{1A93A7E6-B7D9-4063-BEE1-1147BC45B6C2}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{1B40CE28-F164-419A-93A5-1884FD309BD6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1BC10F23-CB84-4D6D-B005-67DEEE8262A1}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{1C3905D5-B65A-49B1-B5E9-3578BF4814BF}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"{1D5A4EC0-3125-4F15-8848-110E00BDD09C}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{1E4CA50A-7488-4CBC-9589-24C33785A288}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{1F8539C1-3EB1-4FD3-B335-311EA68B285B}" = protocol=17 | dir=in | app=h:\farcry 3\bin\fc3updater.exe | 
"{2073E85E-564B-4BB6-AB22-2D9B80B4AD2B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{239AFFEB-533B-430A-9C12-A1B220F861D9}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2794F90A-8322-4052-8B05-052E417BE332}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{29719B45-904A-4A0C-96CE-BD567B84A50A}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\dota 2 beta\dota.exe | 
"{29F85232-5526-4552-AFB6-D82EC03BD7F2}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty world at war\codwawmp.exe | 
"{2B5CDDBD-8C70-42A5-AAB9-7A7981CFC8DD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_launcher.exe | 
"{2BC269E3-6B05-4879-9974-D56B9C6E8945}" = protocol=6 | dir=in | app=c:\users\timo\appdata\local\akamai\netsession_win.exe | 
"{2C111A5D-DD65-4754-BBB3-B84E57E04A30}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\age of empires 3\bin\age3y.exe | 
"{37E331AA-41B9-4B22-9665-56B87813C7E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{39ACF639-8871-43DB-8BB2-61DBE6AEC45D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{3A2753E1-F029-4300-ACE6-B41F3A7697A2}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{3B789C75-8743-444D-BA36-9CBF5A5988BC}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | 
"{3D040046-9A57-4835-8A18-151810ECBE09}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\age of empires 3\bin\age3y.exe | 
"{3D853FA6-5498-4BB0-B908-D387798E617D}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{3E7DF919-47C4-4749-9646-2EC06934F484}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty world at war\codwaw.exe | 
"{40769E4C-B275-4877-ADF1-0B95F176A77C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\thestriker1997\counter-strike source\hl2.exe | 
"{40D0165B-1D2D-4692-8F03-E080524B471D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{410BEEFB-EF12-4B55-8CB2-74A76146F87B}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{442B7058-2FF0-4468-93C5-A2B4E3554D02}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | 
"{476972F8-E735-468F-9B6A-85E945F02E89}" = protocol=17 | dir=in | app=h:\farcry 3\bin\fc3editor.exe | 
"{49EC5A3E-D083-4957-AB58-DD420C1538C6}" = protocol=6 | dir=in | app=c:\program files (x86)\slysoft\game jackal v4\commandcenter.exe | 
"{4B5586F1-2E50-4F4A-B24C-D5B7915760C4}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{4BA5D6D8-7E09-40DC-A77C-57C337C70759}" = protocol=17 | dir=in | app=c:\program files (x86)\slysoft\game jackal v4\commandcenter.exe | 
"{50018CC4-C3DC-40D4-9438-68D55DF2B23E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{524C8A17-EA50-44A8-B75C-34720B05F352}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe | 
"{530EDF21-4F2D-4BF1-BAAD-CBFB09762E58}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{539634BA-D093-4D41-94FF-858AEEFCC8F4}" = protocol=17 | dir=in | app=c:\users\timo\appdata\local\akamai\netsession_win.exe | 
"{544552D9-32E0-400D-985C-7F38E088D587}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{5619D2D6-C260-4D69-B237-0C7E0280E5AE}" = protocol=6 | dir=out | app=system | 
"{578C7233-C89F-4CE1-88BA-FCD39C490B50}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty 4\iw3mp.exe | 
"{58A6CA9B-8C0B-456E-BA99-3D1E1E73BC1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{5A3FE028-00DA-43F6-BBE1-A5F179C482F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{5A4931F4-4AC5-413C-8AC6-A1ACE0EA3249}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{5A537A8E-EE75-4175-920A-39FFB9DC9A0F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{5C246CE8-C4BD-4637-BDD6-E2710ECF3B3E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{5C947677-9EEB-4233-BF3D-40ACC2F93C17}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\the binding of isaac\isaac.exe | 
"{5E2A7ED8-3513-4E51-9F25-82C857B7862E}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{5E3D637B-38B6-4495-8BF8-E022C59DCBB6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5F3372B9-0BAB-474A-88D8-14F9D69A4D5F}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\dota 2 beta\dota.exe | 
"{5F4D6E9B-FB63-42B7-8CF1-A5838B4455AC}" = dir=in | app=c:\brickforce\brickforce.exe | 
"{5F9B5734-1B54-4F05-AA07-11AC18E4DAE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{6072C6E7-EFCD-43F6-B8BD-93A152B9D2F9}" = protocol=6 | dir=in | app=h:\farcry 3\bin\fc3editor.exe | 
"{60838268-C4D3-4B60-B87B-93986FA7804D}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty 4\iw3sp.exe | 
"{61D4B963-B7B2-41A1-8874-8B9B975F0871}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{62FDF750-73E8-4E49-B0C7-7A225853FB49}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{63F58072-2D93-468F-977C-AD6530977BA2}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty world at war\codwaw.exe | 
"{64554E4A-52C6-4A7E-AB00-BF9C0E26798B}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{64825BEB-FE3A-4DDC-A945-237E197E400E}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | 
"{6567E03E-48D3-4089-8646-7CD453C7740C}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{67DD1B56-FEF1-459F-8AF9-B5E714FA11F4}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{6806AC9E-3948-4E37-98AE-DB50FA96D155}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\portal 2\portal2.exe | 
"{68446B68-F901-40F5-A2CB-BA646EEC5DDE}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{68EAF1DC-C73C-4E99-AC3F-00E1586B4BAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6967B7B3-678D-4A4E-BA78-B5B139E484F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{69EE826F-C7BB-45AE-9F47-755B11AE7136}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\age of empires 3\bin\age3.exe | 
"{6B8ED52B-4256-40F9-A1F7-94EE0F00CCF8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6FF930D1-5AAB-4E6E-9DB7-260E7DE57826}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | 
"{71DEFA50-3FD9-42D5-A14C-94D13D92BD6A}" = protocol=17 | dir=in | app=h:\farcry 3\bin\farcry3_d3d11.exe | 
"{72807F1E-C848-451F-819A-066C6A41DB38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{76627BB7-1506-4569-9C31-86B0A23A32EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{774D9322-BA59-43E6-A77A-4F65569FB87A}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{78800C86-7CB9-4628-A0FC-BF512C6FC699}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{7BFC45E7-ACFD-46DB-93AB-C5F68AC6A7F3}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{7D3F0EB3-6AC6-4030-9D46-04873452CF52}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe | 
"{7E6B2EA6-C78F-4717-B431-D62399EE3CD7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{7EB06DF8-7DA9-479B-91A0-4D95814D1DF0}" = protocol=6 | dir=in | app=d:\game\league of legends.exe | 
"{8076BB8F-F01F-471E-95A4-CA64F48D6C32}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{810DAC34-8984-4E2A-95B1-FF2DA105DBDE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{813ED54C-512B-4D79-8CF0-CF8787AB0192}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{820C40BD-A7CB-45D8-A92B-1E1BA02F42AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\thestriker1997\counter-strike source\hl2.exe | 
"{82D840D7-2F80-4242-A32D-7FEFE4A068BD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8346F1CB-254C-4ECE-8B71-0A1C0D2B970B}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe | 
"{848CE9FB-8D98-43D1-8C5B-52301B3D7419}" = dir=in | app=c:\brickforce\bflauncher.exe | 
"{8A2AF7E2-D715-4E09-9DA1-DCBEF95EC1FF}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{8A39F2FF-3672-4DA8-8EEB-D7A0851DB953}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty 4\iw3mp.exe | 
"{8A913AEA-6D91-4023-A793-E1F1A110B3D9}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{8F10CF53-3C3E-4343-8359-83A82901E42B}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{8F3353F0-D5E9-4C5A-9EDE-4AAD40C99470}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\age of empires 3\bin\age3x.exe | 
"{9115D582-F1CF-4C45-9064-F07DC80CB3AF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{93E7B15A-43B0-4CE4-B96A-DD93FA033E6B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{94918DDD-6672-48D6-ACAE-7588D3DF9AD7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{95AA44A8-33B0-4106-AFDE-78DD2ECBFCA2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{98F792E9-3199-45F4-94A9-4D5531D02B98}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{99987E01-C4AD-43DC-9E49-9A56EAD6D855}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\skyrim\skyrimlauncher.exe | 
"{9B657894-5C5D-4CE8-9DF2-E10935BF9695}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\magicka\magicka.exe | 
"{9E7847A7-8949-4B26-B639-28C45EA2EFB5}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty world at war\codwawmp.exe | 
"{A2FF97BA-347F-4EED-AE8E-EE2BDDE9DF9B}" = dir=in | app=c:\program files\eslwire\wire.exe | 
"{A3ADDEC6-1451-4C35-AC28-D492B30100E6}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{A448823B-8A3E-4EE2-ACAD-323B97D72C58}" = protocol=6 | dir=in | app=h:\steam2\steam.exe | 
"{A762AFDD-12BD-4C97-A027-F71AA409E454}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | 
"{A81EAA5B-D076-4167-A58A-B4CC2BD0497E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A9D93C0B-9298-493E-BADD-BB85FFB797D2}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\rayman origins.exe | 
"{AF0D3397-EFB9-4FF8-AAB7-1D6E8A7D7BBF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | 
"{AF73930B-7E78-4676-B403-37B0248C2999}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\dustforce\dustforce.exe | 
"{B0778CE6-72C8-4563-A330-9A191F841D32}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B0951123-08EB-4E92-8051-EDBC98C8FEB9}" = protocol=17 | dir=in | app=d:\air\lolclient.exe | 
"{B12E7812-F963-4967-8079-35F5D5C94E18}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | 
"{B1F5F16C-ECC9-44F2-959C-729B9589A323}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\max payne 3\playmaxpayne3.exe | 
"{B4EB7B6A-C576-4946-BB4B-B2AEE6B62233}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{B5608B40-8832-44F0-9855-D510A4C9147C}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\dragonage2launcher.exe | 
"{B63E5109-3F9B-443D-8EBD-58CE45533CC9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B88E59D7-AAFA-4947-BD42-1291706814A1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B8A3276B-CA35-4276-831A-CC840E025FDA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{BC617229-D0DC-4D65-85F9-5E5B16B2FEFD}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\portal 2\portal2.exe | 
"{BD57D1FA-3583-4F5A-95B3-5605A3A2A311}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BD86C6F2-3B42-4608-9AF1-24C4EA04C886}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{BDAADDAE-2599-43A2-A4A6-0D8DBD951F50}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{BE0754A4-8169-43D5-8E9C-BC85F7288451}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BF006B58-96DF-4C85-AC5F-41A1D8BFE618}" = dir=out | app=c:\program files\eslwire\wire.exe | 
"{BFF6D32E-A789-402C-8C2C-D132CE3B4467}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\magicka\magicka.exe | 
"{BFFB676F-1A03-4B15-BBD0-106C31AE98AD}" = protocol=6 | dir=in | app=d:\air\lolclient.exe | 
"{C200A738-2BE5-4594-A605-3EEAC7CC3620}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\skyrim\skyrimlauncher.exe | 
"{C5F6F5CF-3742-448B-9A65-5F809E7878B0}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\dustforce\dustforce.exe | 
"{C6BC24BC-158D-4E77-A63D-115BA0624F6E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{C7A375CF-72CA-4E9F-B9CA-A4118EE94791}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\batman2\runlauncher.bat | 
"{C8437489-7E2D-485A-A242-C8E74463518E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C8CD0971-DE01-4E57-99B5-BCF1B9641982}" = protocol=6 | dir=in | app=h:\farcry 3\bin\farcry3_d3d11.exe | 
"{C95486CC-1703-427F-960A-3A2E9E1D81ED}" = protocol=17 | dir=in | app=h:\steam2\steam.exe | 
"{CA1FC3BD-4485-4186-AE1F-A43D436DD12B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe | 
"{CAECC075-FDBB-48B9-AB89-9485A58723C9}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{CC6D5C51-9210-43B1-B2ED-426B06082DE0}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{CDA1A1C9-E6AA-4562-B711-0CE5D26106F5}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\batman2\runlauncher.bat | 
"{CE49F1E1-4326-4455-B9ED-E063C18C2666}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\batman2\binaries\win32\batmanac.exe | 
"{CEE0EF52-0C4A-409F-A9C1-D2EF27D6BCF7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CFFF4F33-86D6-405D-A8C2-42B314125F2B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D0013C59-25C7-40DE-A9AC-DD5A1762DACA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx9.exe | 
"{D063651B-EFB6-46C5-88EA-7E35C1DB6D02}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2\bin_ship\dragonage2.exe | 
"{D125FBDE-4548-423E-ACD8-7E77BC3BB0C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D1BFE911-D760-4D0C-9996-519050FD8E8D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D58033CE-3FD9-4323-9B7B-44EC2074B810}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{D608CBD2-78FD-439D-B718-BCD9795A0DD6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DAE24800-C4C3-4B51-85BE-3B8DBA7F833C}" = protocol=17 | dir=in | app=h:\farcry 3\bin\farcry3.exe | 
"{DCC57CAA-AE07-49F2-9DE7-294F41F4C060}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\the binding of isaac\isaac.exe | 
"{DDA228EA-167D-4080-BE75-D51C35CE63D4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DE45F69D-3287-467C-ABDC-A75BECDED052}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DE806A31-ADB8-47FF-A2F6-FA09617CA349}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{DFB654C5-4A52-41CD-ABAD-729674B383CB}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\age of empires 3\bin\age3.exe | 
"{DFD14552-1A3C-42C5-BA0D-304BF9469CD0}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\toolbar\dtuser.exe | 
"{DFD59F54-D1A6-4331-B25F-7236520CBCEC}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\call of duty 4\iw3sp.exe | 
"{E0F4DC0D-6DFF-4522-84CC-3BB0A171B169}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{E31689B6-31D0-4584-826A-3709B8A8937A}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | 
"{E6F8DFE2-85CA-4CF0-A647-FE373FFB9144}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 
"{E79826AC-12BC-4947-B488-1B0FCBAD5C2A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E8D6C0CB-621C-49D8-AD07-86202B0724B6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2launcher.exe | 
"{EDACF077-CFDA-4BF0-9A13-BBB8111B4040}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F2D0C6F6-4B34-44AF-9874-EE912F83F73A}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\serious sam hd the first encounter\bin\samhd_demo.exe | 
"{F3AB6CEE-413A-4C89-B668-3D631BB4C644}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed\assassinscreed_dx10.exe | 
"{F3E49DAC-DC36-4CB2-83A1-2B3FADCA8BE1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F5B765E1-49A5-4655-96AD-A5DFD8185D2A}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe | 
"{F9F35AD3-575A-45F8-B2B7-B0108C803977}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{FA3C3030-0FA5-4DB9-B0B5-D3A18F7864AF}" = protocol=17 | dir=in | app=h:\steam2\steamapps\common\age of empires 3\bin\age3x.exe | 
"{FB5C57A7-C87C-4B0C-A4BE-5334BB018250}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\rayman origins\gu.exe | 
"{FD20FF76-9F44-4666-A781-FB0745AE7F7D}" = protocol=6 | dir=in | app=h:\steam2\steamapps\common\batman2\binaries\win32\batmanac.exe | 
"TCP Query User{0469A7CB-6C31-4D50-A4FA-10B3C198A93B}D:\spiele\lol\lol.launcher.exe" = protocol=6 | dir=in | app=d:\spiele\lol\lol.launcher.exe | 
"TCP Query User{119DCA6D-6BB6-4832-B1F3-631ED61D4ABA}C:\program files (x86)\duty calls\binaries\win32\dutycalls.exe" = protocol=6 | dir=in | app=c:\program files (x86)\duty calls\binaries\win32\dutycalls.exe | 
"TCP Query User{11FF2CE5-3F11-4EDE-A4CA-C3C62A652BF0}D:\spiele\d3e\b-dead2\deadspace2.exe" = protocol=6 | dir=in | app=d:\spiele\d3e\b-dead2\deadspace2.exe | 
"TCP Query User{1D0D9C34-1E31-4E31-A8E3-611D433F4A89}C:\microvoltsdownloader\mvdownloader.exe" = protocol=6 | dir=in | app=c:\microvoltsdownloader\mvdownloader.exe | 
"TCP Query User{224FC3EB-146D-47AA-94D8-D16D15D2014B}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{2E94C670-8BF8-41D8-AFA0-77E4632F65FD}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe | 
"TCP Query User{36DEE5DD-1294-429C-A8AF-4394824C31C3}D:\1\spiele\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\1\spiele\borderlands\binaries\borderlands.exe | 
"TCP Query User{39794D68-BE59-4277-AB5A-81CC38401CB0}H:\alice.exe" = protocol=6 | dir=in | app=h:\alice.exe | 
"TCP Query User{3EC44F44-5CA2-4C04-AE96-7B935BD9E240}D:\lol.launcher.exe" = protocol=6 | dir=in | app=d:\lol.launcher.exe | 
"TCP Query User{3FB6DEF0-1DF0-4B46-AC6A-220A64F73A74}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{46226058-1645-4523-BCC8-F55175672CD5}D:\aiw-client\iw4mpold.exe" = protocol=6 | dir=in | app=d:\aiw-client\iw4mpold.exe | 
"TCP Query User{666F118D-106F-4350-AECE-07FD275088A5}C:\program files (x86)\steam\steamapps\common\altitude\altitude.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\altitude\altitude.exe | 
"TCP Query User{7A543912-4E9C-4307-9FB0-4F5736315957}C:\program files (x86)\steam\steamapps\xxxreasonlpxxx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\xxxreasonlpxxx\team fortress 2\hl2.exe | 
"TCP Query User{844C3F7F-3BC9-43F8-86A0-7556E6C2F6EC}C:\users\timo\desktop\deadspace.exe" = protocol=6 | dir=in | app=c:\users\timo\desktop\deadspace.exe | 
"TCP Query User{A1C28200-3104-46AF-BF49-99B7DDFD7964}D:\lol\lol.launcher.exe" = protocol=6 | dir=in | app=d:\lol\lol.launcher.exe | 
"TCP Query User{AD85BE19-A06A-46B1-8155-18AED0D7E6B1}C:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe | 
"TCP Query User{B20CB7AA-7548-45DA-9CF4-1D851E61BC1E}D:\unbrauchbar\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe" = protocol=6 | dir=in | app=d:\unbrauchbar\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe | 
"TCP Query User{B76458D6-0195-4FAC-BB0A-09A84E71B002}F:\crack\deadspace.exe" = protocol=6 | dir=in | app=f:\crack\deadspace.exe | 
"TCP Query User{BABCEA7F-09C6-4A04-AB11-579C5B4D853B}D:\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe" = protocol=6 | dir=in | app=d:\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe | 
"TCP Query User{BB64D108-78AF-4F48-A37C-84C36F45F536}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"TCP Query User{BEBC485C-EE41-4ED1-B5DD-FE73D3E57C40}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{CB1BF9D8-1EBF-454F-B766-7C8A1D315D71}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{E5AD9F0A-B09E-4EEF-A62C-0B98AA84BADD}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{E7C5EBE4-8CB7-46A5-B095-FF78C2A60849}D:\spiele\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\spiele\borderlands\binaries\borderlands.exe | 
"TCP Query User{F4EAA273-7629-4BE2-B43D-8D25E1E2EEDF}D:\aiw-client\iw4mp.exe" = protocol=6 | dir=in | app=d:\aiw-client\iw4mp.exe | 
"TCP Query User{FDC45A61-25A4-44B5-970E-964BB1516D7C}C:\users\timo\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\timo\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{06AED980-5E26-446A-877B-FA2B7BD06E59}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{12150096-EBD5-485A-8488-75A9E9358422}D:\lol\lol.launcher.exe" = protocol=17 | dir=in | app=d:\lol\lol.launcher.exe | 
"UDP Query User{2DF4F790-BEBF-4DF0-AC19-F2DF1A33E83C}D:\aiw-client\iw4mp.exe" = protocol=17 | dir=in | app=d:\aiw-client\iw4mp.exe | 
"UDP Query User{2E95D81F-09A6-4E77-AA88-4A0C93CC28C3}C:\microvoltsdownloader\mvdownloader.exe" = protocol=17 | dir=in | app=c:\microvoltsdownloader\mvdownloader.exe | 
"UDP Query User{37A7BD79-D873-43DF-BEC8-46698323B188}D:\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe" = protocol=17 | dir=in | app=d:\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe | 
"UDP Query User{3EE04D07-7ADA-4D9E-A37D-429365B8065C}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{41A360E7-4D1D-4477-B208-C723D925FD2B}D:\spiele\d3e\b-dead2\deadspace2.exe" = protocol=17 | dir=in | app=d:\spiele\d3e\b-dead2\deadspace2.exe | 
"UDP Query User{49110932-5619-43A1-961C-E9D614C0E402}C:\program files (x86)\steam\steamapps\common\altitude\altitude.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\altitude\altitude.exe | 
"UDP Query User{5ADA6E11-F3E9-4EC7-AF02-BB9BF71B808B}C:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{6007D1D0-7BBC-4D43-8DE1-3E4F20A326DE}C:\users\timo\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\timo\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{7712E02E-09D8-4042-B14C-FCE8E2B7C814}D:\lol.launcher.exe" = protocol=17 | dir=in | app=d:\lol.launcher.exe | 
"UDP Query User{77ECBC81-046A-4983-A156-0B7EFE956B32}C:\users\timo\desktop\deadspace.exe" = protocol=17 | dir=in | app=c:\users\timo\desktop\deadspace.exe | 
"UDP Query User{7F8705AB-9A9D-4B80-AA98-258BCA379693}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"UDP Query User{87216C76-9199-4AC9-95E1-7DBCA5CCE36D}C:\program files (x86)\electronic arts\dead space\dead space.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\dead space\dead space.exe | 
"UDP Query User{940E10F9-8101-4B29-9242-3CFE7448F2D6}D:\spiele\lol\lol.launcher.exe" = protocol=17 | dir=in | app=d:\spiele\lol\lol.launcher.exe | 
"UDP Query User{9B0DE7C9-E0F7-499C-9ADF-9CAAE5A57AC0}F:\crack\deadspace.exe" = protocol=17 | dir=in | app=f:\crack\deadspace.exe | 
"UDP Query User{9EE2D42F-0CE9-43F0-BFAC-17F648B9D818}C:\program files (x86)\duty calls\binaries\win32\dutycalls.exe" = protocol=17 | dir=in | app=c:\program files (x86)\duty calls\binaries\win32\dutycalls.exe | 
"UDP Query User{A7E2AA05-E895-431F-9A01-D6507CB01847}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{B07F51A0-EA97-4BB2-B36F-3FD7EFE57A20}C:\program files (x86)\steam\steamapps\xxxreasonlpxxx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\xxxreasonlpxxx\team fortress 2\hl2.exe | 
"UDP Query User{B8AAEA36-EA0C-4A9E-A465-41AED212B89B}C:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2 demo\bin32\crysis2demo.exe | 
"UDP Query User{C4A79896-0316-410E-A61B-C9874D81B929}H:\alice.exe" = protocol=17 | dir=in | app=h:\alice.exe | 
"UDP Query User{CCF99016-E259-4DE4-923A-E5DD39FFEA71}D:\1\spiele\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\1\spiele\borderlands\binaries\borderlands.exe | 
"UDP Query User{CF9D88B0-AD56-4873-9C1E-5AACE5574E99}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{D5914569-8A5D-4606-8F6D-423862F5036F}D:\unbrauchbar\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe" = protocol=17 | dir=in | app=d:\unbrauchbar\aiw-client\modern warfare 2 - multiplayer\iw4mp.exe | 
"UDP Query User{D90750AA-0334-41C8-803E-8DFE7AA4D97D}D:\aiw-client\iw4mpold.exe" = protocol=17 | dir=in | app=d:\aiw-client\iw4mpold.exe | 
"UDP Query User{D931C4D5-9C2D-46DF-910C-6E9A1035B903}D:\spiele\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\spiele\borderlands\binaries\borderlands.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86416025FF}" = Java(TM) 6 Update 25 (64-bit)
"{2BF35D84-6377-4F70-9F39-97CF67E67FFF}" = Microsoft IntelliPoint 8.0
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{64555D45-1F57-BF1D-1A5E-BFD4C8C0ADB4}" = ATI Catalyst Install Manager
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6F29F195-B11C-3EAD-B883-997BB29DFA17}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.12.02
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}" = Paint.NET v3.5.8
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{ECDF0939-A653-44D0-8B8E-597B890F45EC}" = Logitech Gaming Software 5.02
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"ESL Wire_is1" = ESL Wire 1.14.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C065AD-FF57-4422-AB5F-4B6B000B7696}" = S4 League_EU
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{177586E7-E42E-4F38-83D1-D15B4AF5B714}" = Delta Chrome Toolbar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2649AD59-23CF-4862-93F1-3AAE27F646A7}" = S4 League_EU
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01]
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{577F714E-6F8C-4257-B936-58D0CF85F314}" = Green Line 4 Sprachtrainer
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7172F1-66F1-603F-7E54-35EBB9F6E2EC}" = dLAN Cockpit
"{9C2AC00C-0C06-4B7E-97A4-A833808D54D6}" = EPU
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7B243AA-6D4C-4575-A873-6F01A1EFC5E2}}_is1" = Drakonia Configurator
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C6A0FD8A-F107-44CA-AA1B-49341936F76A}" = Canyon USB2.0 PC Camera(0050.2009.1224.3006)
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{CF9041ED-60C9-36ED-9DB9-F55AAD993865}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DE491AB9-1D47-4FED-A8F5-4D4325B2EB4B}" = Rayman Origins
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7382773-CBE8-33A9-862E-C2337CD0F359}" = Visual C++ 9.0 ATL (x86) WinSXS MSM
"{EB3C9064-9140-4279-9E51-965119402151}" = Plantronics® GameCom 780 Software for Dolby® Headphone
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"BitTorrent" = BitTorrent
"BittorrentBar_DE Toolbar" = BittorrentBar_DE Toolbar
"BrickForce" = BrickForce 1.9.87
"CloneDVD2" = CloneDVD2
"Combat Arms EU" = Combat Arms EU
"conduitEngine" = Conduit Engine
"delta" = Delta toolbar  
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"dlancockpit" = devolo dLAN Cockpit
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dlanwlancfg" = devolo dLAN Wireless extender Konfiguration
"dslmon" = devolo Informer
"DUMeter3_is1" = DU Meter
"easyclean" = devolo EasyClean
"easyshare" = devolo EasyShare
"Fraps" = Fraps (remove only)
"FreeArc" = FreeArc 0.666
"FreeFileViewer_is1" = Free File Viewer 2011
"Game Jackal Command Center v4_is1" = Game Jackal Command Center v4.1.1.2
"Google Chrome" = Google Chrome
"Gorky17" = Gorky17
"iLivid" = iLivid
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Notepad++" = Notepad++
"Origin" = Origin
"PriceGong" = PriceGong 2.1.0
"PunkBusterSvc" = PunkBuster Services
"Registry Mechanic_is1" = Registry Mechanic 10.0
"Resident Evil 4_is1" = Resident Evil 4 1.10
"Rockstar Games Social Club" = Rockstar Games Social Club
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"ShoppingReport2" = ShopperReports
"ShotOnline" = ShotOnline
"Steam App 10090" = Call of Duty: World at War
"Steam App 105450" = Age of Empires® III: Complete Collection
"Steam App 113200" = The Binding Of Isaac
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 218" = Source SDK Base 2007
"Steam App 40800" = Super Meat Boy
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42910" = Magicka
"Steam App 48000" = LIMBO
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 57400" = Batman: Arkham City™
"Steam App 620" = Portal 2
"Steam App 65300" = Dustforce
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Sudden Strike II" = Sudden Strike II
"Surf Canyon" = Surf Canyon Search Engine Assistant
"Trusted Software Assistant_is1" = File Type Assistant
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Uplay" = Uplay
"VirtualCloneDrive" = VirtualCloneDrive
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR
"WolfTeam-DE" = WolfTeam-DE
"Worms Reloaded Full-Rip" = Worms Reloaded Full-Rip 1.0
"Worms Reloaded_is1" = Worms Reloaded
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Akamai" = Akamai NetSession Interface
"FoxTab PDF Creator" = FoxTab PDF Creator
"Game Organizer" = EasyBits GO
"NetAssistant" = Freeze.com NetAssistant
"soe-PlanetSide 2" = PlanetSide 2
"soe-PlanetSide 2 PSG" = PlanetSide 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2013 11:28:13 | Computer Name = Timo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.02.2013 13:30:30 | Computer Name = Timo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PlanetSide2.exe, Version: 0.0.0.0,
 Zeitstempel: 0x511b3a1d  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6f435c61  ID des fehlerhaften
 Prozesses: 0x114c  Startzeit der fehlerhaften Anwendung: 0x01ce0a068f446c9c  Pfad der
 fehlerhaften Anwendung: H:\planetside2\PlanetSide2.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 0f7424e1-7603-11e2-bc3e-bcaec51fc960
 
Error - 13.02.2013 15:09:42 | Computer Name = Timo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PlanetSide2.exe, Version: 0.0.0.0,
 Zeitstempel: 0x511b3a1d  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6f435c61  ID des fehlerhaften
 Prozesses: 0x1bec  Startzeit der fehlerhaften Anwendung: 0x01ce0a19b0e8f5d7  Pfad der
 fehlerhaften Anwendung: H:\planetside2\PlanetSide2.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: eb83e588-7610-11e2-bc3e-bcaec51fc960
 
Error - 14.02.2013 07:52:56 | Computer Name = Timo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.02.2013 08:38:44 | Computer Name = Timo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PlanetSide2.exe, Version: 0.0.0.0,
 Zeitstempel: 0x511bfeca  Name des fehlerhaften Moduls: PlanetSide2.exe, Version: 
0.0.0.0, Zeitstempel: 0x511bfeca  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00a2caaa
ID
 des fehlerhaften Prozesses: 0x1c54  Startzeit der fehlerhaften Anwendung: 0x01ce0aacf09186c9
Pfad
 der fehlerhaften Anwendung: H:\planetside2\PlanetSide2.exe  Pfad des fehlerhaften
 Moduls: H:\planetside2\PlanetSide2.exe  Berichtskennung: 778425aa-76a3-11e2-9891-bcaec51fc960
 
Error - 14.02.2013 14:14:44 | Computer Name = Timo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PlanetSide2.exe, Version: 0.0.0.0,
 Zeitstempel: 0x511bfeca  Name des fehlerhaften Moduls: PlanetSide2.exe, Version: 
0.0.0.0, Zeitstempel: 0x511bfeca  Ausnahmecode: 0xc0000005  Fehleroffset: 0x007ed9f0
ID
 des fehlerhaften Prozesses: 0x1960  Startzeit der fehlerhaften Anwendung: 0x01ce0ad098bce369
Pfad
 der fehlerhaften Anwendung: H:\planetside2\PlanetSide2.exe  Pfad des fehlerhaften
 Moduls: H:\planetside2\PlanetSide2.exe  Berichtskennung: 683bebcb-76d2-11e2-9891-bcaec51fc960
 
Error - 15.02.2013 06:42:23 | Computer Name = Timo-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Die
 abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 15.02.2013 10:56:50 | Computer Name = Timo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PlanetSide2.exe, Version: 0.0.0.0,
 Zeitstempel: 0x511bfeca  Name des fehlerhaften Moduls: PlanetSide2.exe, Version: 
0.0.0.0, Zeitstempel: 0x511bfeca  Ausnahmecode: 0xc0000005  Fehleroffset: 0x007ed9f0
ID
 des fehlerhaften Prozesses: 0x1074  Startzeit der fehlerhaften Anwendung: 0x01ce0b7c5a527fb4
Pfad
 der fehlerhaften Anwendung: H:\planetside2\PlanetSide2.exe  Pfad des fehlerhaften
 Moduls: H:\planetside2\PlanetSide2.exe  Berichtskennung: ed0b0919-777f-11e2-98ec-bcaec51fc960
 
Error - 16.02.2013 08:40:18 | Computer Name = Timo-PC | Source = Application Hang | ID = 1002
Description = Programm PlanetSide2.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1c20    Startzeit:
 01ce0c3ee6343a9e    Endzeit: 444    Anwendungspfad: H:\planetside2\PlanetSide2.exe    Berichts-ID:
   
 
Error - 16.02.2013 11:34:59 | Computer Name = Timo-PC | Source = Application Hang | ID = 1002
Description = Programm PlanetSide2.exe, Version 0.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 2d8    Startzeit: 
01ce0c4c573b1f4e    Endzeit: 4827    Anwendungspfad: H:\planetside2\PlanetSide2.exe    Berichts-ID:
   
 
Error - 17.02.2013 13:19:40 | Computer Name = Timo-PC | Source = Application Hang | ID = 1002
Description = Programm Skype.exe, Version 6.1.0.129 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 10f0    Startzeit:
 01ce0b6927861f76    Endzeit: 448    Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe

Berichts-ID:
   
 
[ NetLimiter 3 Events ]
Error - 20.04.2011 16:48:33 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = 
 
Error - 22.04.2011 08:22:28 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = 
 
Error - 26.04.2011 09:01:16 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = 
 
Error - 27.04.2011 04:26:07 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = 
 
Error - 27.04.2011 17:52:33 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = 
 
Error - 28.04.2011 04:52:28 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = 
 
Error - 28.04.2011 14:20:32 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = 
 
Error - 29.04.2011 05:15:18 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = 
 
Error - 30.04.2011 06:41:35 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = 
 
Error - 30.04.2011 07:38:00 | Computer Name = Timo-PC | Source = NetLimiter 3 Service | ID = 1000
Description = 
 
[ System Events ]
Error - 13.02.2013 11:43:33 | Computer Name = Timo-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 14.02.2013 07:52:46 | Computer Name = Timo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?13.?02.?2013 um 22:22:21 unerwartet heruntergefahren.
 
Error - 14.02.2013 07:52:48 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NetLimiter 3 Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 14.02.2013 07:52:48 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   nltdi
 
Error - 15.02.2013 06:42:04 | Computer Name = Timo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?02.?2013 um 22:01:48 unerwartet heruntergefahren.
 
Error - 15.02.2013 06:42:06 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NetLimiter 3 Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%2
 
Error - 15.02.2013 06:42:06 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   nltdi
 
Error - 15.02.2013 06:47:01 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 15.02.2013 06:47:01 | Computer Name = Timo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 15.02.2013 12:36:27 | Computer Name = Timo-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
         
--- --- ---
__________________

Alt 17.02.2013, 18:46   #4
xreason
 
Delta Search - Standard

Delta Search



OTL.txt :OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.02.2013 18:20:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,32% Memory free
8,36 Gb Paging File | 6,18 Gb Available in Paging File | 73,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 14,04 Gb Free Space | 7,19% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 245,18 Gb Free Space | 62,77% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 778,81 Gb Free Space | 83,61% Space Free | Partition Type: NTFS
Drive I: | 7,26 Gb Total Space | 0,12 Gb Free Space | 1,68% Space Free | Partition Type: FAT32
 
Computer Name: TIMO-PC | User Name: Timo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.17 18:16:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.12.15 13:03:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.10.30 16:34:33 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012.10.16 14:49:36 | 002,051,552 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Timo\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.07 10:24:54 | 000,246,784 | ---- | M] () -- H:\Drakonia Configurator\hid.exe
PRC - [2011.12.01 20:15:42 | 000,777,448 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\GameCom780.exe
PRC - [2011.06.01 21:44:15 | 001,546,640 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.01.21 15:19:38 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010.11.15 16:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010.10.01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
PRC - [2010.07.15 18:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010.07.07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010.06.24 07:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.06.09 09:53:20 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\PACTray.exe
PRC - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007.12.10 14:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\GUCI_AVS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.07 10:24:54 | 000,246,784 | ---- | M] () -- H:\Drakonia Configurator\hid.exe
MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.12.01 20:16:00 | 000,150,760 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\VMixPLGC.dll
MOD - [2011.12.01 20:15:42 | 000,777,448 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\GameCom780.exe
MOD - [2011.11.22 14:18:58 | 000,061,440 | ---- | M] () -- H:\Drakonia Configurator\HidDevice.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011.01.21 15:19:38 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Uniblue\RegistryBooster\cache.dll
MOD - [2010.06.01 10:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2010.06.01 10:38:40 | 000,061,440 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\flashobj.dll
MOD - [2010.02.08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010.01.08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
MOD - [2010.01.08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009.09.30 04:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
MOD - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV - [2013.02.14 03:14:02 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.08 13:54:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.15 13:03:13 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.12 19:59:39 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012.10.30 16:34:33 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012.10.16 14:49:36 | 002,051,552 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2012.09.04 12:16:08 | 000,678,416 | ---- | M] () [Auto | Running] -- C:\Programme\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.10.01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2010.06.24 07:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.06.07 11:22:00 | 003,549,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV:64bit: - [2012.10.30 16:35:13 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.09.04 12:16:00 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.05 01:47:58 | 001,327,104 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PLTGC.sys -- (PlantronicsGC)
DRV:64bit: - [2011.07.28 17:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.01.07 16:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.12 00:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.08.30 14:38:38 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2010.08.30 14:38:38 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2010.04.27 02:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 02:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.03.02 12:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.01.01 18:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.12.30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.11.06 12:13:20 | 000,597,504 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.07 11:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.07 11:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.01.24 23:08:34 | 000,057,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2008.01.24 23:08:24 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2008.01.24 23:08:04 | 000,032,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2008.01.24 23:07:54 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2012.10.16 14:49:40 | 000,020,528 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\DU Meter\DUMETR64.SYS -- (DUMeterDrv)
DRV - [2010.06.10 13:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=bfus&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{09848B84-7179-4142-8006-A5461C05B662}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=bfus&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&tt=060411_def&babsrc=SP_ss&mntrId=d0c9404b000000000000bcaec51fc960
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKCU\..\SearchScopes\{A525F025-4323-4742-AAE4-85E933F66EAF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\..\SearchScopes\{E1D79936-9933-4091-BF99-6C1BEF6C298F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files (x86)\HBLite\bin\11.0.349.0\firefox\extensions [2011.04.07 15:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.25 09:39:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.30 16:35:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.30 16:35:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.30 16:35:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF [2011.02.07 11:41:16 | 000,000,000 | ---D | M]
 
[2013.02.16 22:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.02.27 19:47:38 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
 
========== Chrome  ==========
 
CHR - homepage: Delta Search
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=102&systemid=406&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: Delta Search
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Delta Toolbar = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Skype Click to Call = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Yontoo = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Google Mail = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Java Runtime) - {279384DD-3D1B-4086-8679-AA5EC7268BE1} - C:\Users\Timo\AppData\Roaming\JavaRun\IE\JavaRun.dll (Oracle Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll㴀幯 佃䑎䥕ㅾ䐮䱌 File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - c:\progra~2\wi3c8a~1\datamngr\iebho.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll File not found
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll File not found
O4:64bit: - HKLM..\Run: [GamecomSound] C:\Programme\Plantronics\GameCom780\GameCom780.exe ()
O4:64bit: - HKLM..\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PACTray] C:\Windows\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GamingMouse] H:\Drakonia Configurator\hid.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime File not found
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Timo\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray File not found
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [Steam] H:\steam2\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D7181A0-39E5-445E-AAAD-3647C489EF4A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\datamngr.dll) - c:\progra~2\wi3c8a~1\datamngr\datamngr.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\Shell - "" = AutoRun
O33 - MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.17 18:15:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
[2013.02.16 22:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013.02.16 22:12:16 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Delta
[2013.02.16 22:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013.02.16 22:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.02.16 22:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.02.16 22:11:13 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Babylon
[2013.02.12 11:22:50 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\SCE
[2013.02.09 16:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.02.07 16:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.07 16:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.28 19:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.17 18:16:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
[2013.02.17 17:52:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.17 17:40:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.17 16:55:03 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2013.02.16 22:14:06 | 000,000,706 | ---- | M] () -- C:\Users\Timo\Desktop\JDownloader.lnk
[2013.02.16 21:40:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.16 19:00:00 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2013.02.15 11:49:13 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 11:49:13 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 11:42:18 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2013.02.15 11:42:06 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.02.15 11:42:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.15 11:41:45 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.12 11:28:16 | 000,000,628 | ---- | M] () -- C:\Users\Timo\Desktop\PlanetSide 2 PSG.lnk
[2013.02.09 16:13:00 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.09 16:13:00 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.02.07 16:19:24 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.06 16:30:15 | 001,790,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.06 16:30:15 | 000,767,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.06 16:30:15 | 000,710,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.06 16:30:15 | 000,172,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.06 16:30:15 | 000,141,010 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.31 16:55:04 | 000,000,200 | ---- | M] () -- C:\Users\Timo\Desktop\Dota 2.url
[2013.01.25 14:05:49 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.01.25 14:05:49 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.16 22:14:06 | 000,000,706 | ---- | C] () -- C:\Users\Timo\Desktop\JDownloader.lnk
[2013.02.16 22:14:05 | 000,000,670 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.02.16 22:14:05 | 000,000,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.02.16 22:14:04 | 000,000,615 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.02.12 11:28:16 | 000,000,628 | ---- | C] () -- C:\Users\Timo\Desktop\PlanetSide 2 PSG.lnk
[2013.02.12 11:28:16 | 000,000,628 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 PSG.lnk
[2013.02.12 11:21:37 | 000,000,621 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk
[2013.02.09 16:13:00 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.31 16:55:04 | 000,000,200 | ---- | C] () -- C:\Users\Timo\Desktop\Dota 2.url
[2012.12.26 18:36:46 | 000,000,402 | ---- | C] () -- C:\Windows\PLTGC.ini.cfl
[2012.12.26 18:36:37 | 000,000,534 | ---- | C] () -- C:\Windows\PLTGC.ini.imi
[2012.12.26 18:36:36 | 000,003,489 | ---- | C] () -- C:\Windows\PLTGC.ini.cfg
[2012.12.23 18:05:00 | 001,184,699 | ---- | C] () -- C:\Windows\unins000.exe
[2012.12.23 18:05:00 | 000,018,454 | ---- | C] () -- C:\Windows\unins000.dat
[2012.10.20 19:44:25 | 000,007,602 | ---- | C] () -- C:\Users\Timo\AppData\Local\Resmon.ResmonCfg
[2012.05.27 15:10:27 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.02.24 14:04:42 | 000,017,408 | ---- | C] () -- C:\Users\Timo\AppData\Local\WebpageIcons.db
[2011.11.24 22:29:50 | 000,594,843 | ---- | C] () -- C:\Users\Timo\{1A8140AD-3D01-7C98-D764-55146F5D4AE5}-HBLiteSA.exe
[2011.10.31 11:29:14 | 000,000,669 | ---- | C] () -- C:\Users\Timo\Timo - Verknüpfung.lnk
[2011.10.06 19:13:36 | 000,443,392 | ---- | C] () -- C:\Windows\SysWow64\wlsppc.dll
[2011.09.29 20:27:43 | 000,000,447 | ---- | C] () -- C:\Windows\PLTGC.ini
[2011.09.17 11:03:16 | 000,024,561 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\UserTile.png
[2011.06.08 12:33:57 | 000,002,157 | ---- | C] () -- C:\Windows\SysWow64\GUCI_AVS.ini
[2011.04.20 09:06:51 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.22 21:09:52 | 001,767,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.13 16:22:23 | 000,005,120 | ---- | C] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.06 00:25:51 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.06 00:25:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.03.05 23:53:25 | 000,000,135 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.03.04 20:08:31 | 000,000,013 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011.03.04 20:08:31 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.03.04 20:08:16 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.03.04 20:08:16 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd4040cn.dat
[2011.03.04 20:08:16 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.03.04 20:08:13 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011.03.04 20:08:13 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011.03.04 20:07:14 | 000,000,094 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.02.07 14:38:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3772474302-332197646-2498302637-1000\$87ef2bcc14ca716fa86ad1420e654d74\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.30 18:41:53 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\.minecraft
[2011.06.18 10:51:45 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Atari
[2013.02.16 22:11:13 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Babylon
[2011.06.28 13:59:04 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Bioshock
[2011.10.12 15:43:25 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Bioshock2
[2013.02.16 13:28:23 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\BitTorrent
[2011.02.05 13:40:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Canneverbe Limited
[2013.02.16 22:12:31 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Delta
[2013.02.16 13:29:49 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\EurekaLog
[2011.04.10 22:52:37 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\facemoods.com
[2011.11.29 13:31:28 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FinalTorrent
[2012.03.01 14:24:24 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FreeArc
[2011.11.29 13:31:28 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FreeFileViewer
[2011.07.23 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\go
[2011.02.23 15:24:52 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\HBLite
[2011.05.31 20:32:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Hive Cluster
[2011.02.07 14:36:55 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\JavaRun
[2011.06.18 10:47:45 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Leadertech
[2011.04.09 12:55:29 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\LolClient
[2012.05.25 14:32:58 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\LolClient2
[2012.12.23 18:05:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MingGuan
[2011.05.02 12:41:47 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Notepad++
[2011.02.11 15:09:26 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\OpenOffice.org
[2011.02.08 16:53:33 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Phase6
[2011.04.10 22:52:36 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\PriceGong
[2011.03.09 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Teeworlds
[2012.05.25 14:46:30 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\TS3Client
[2011.03.28 13:11:58 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Ubisoft
[2011.02.07 11:41:42 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Uniblue
[2011.05.20 12:55:37 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\XRay Engine
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.07 10:49:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.05.13 12:53:04 | 000,000,000 | ---D | M] -- C:\AeriaGames
[2011.03.23 14:11:50 | 000,000,000 | ---D | M] -- C:\BDS
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.02.04 18:26:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.05.13 13:30:48 | 000,000,000 | ---D | M] -- C:\Download
[2011.02.07 11:49:41 | 000,000,000 | ---D | M] -- C:\extensions
[2012.03.09 23:08:41 | 000,000,000 | ---D | M] -- C:\Fraps
[2011.06.06 13:27:17 | 000,000,000 | ---D | M] -- C:\inetpub
[2011.07.05 22:11:55 | 000,000,000 | ---D | M] -- C:\MicrovoltsDownloader
[2011.04.19 18:34:24 | 000,000,000 | ---D | M] -- C:\Nexon
[2011.02.05 13:31:36 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.26 18:36:46 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.16 22:12:17 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.02.16 22:11:22 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.02.04 18:26:37 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.02.04 18:26:37 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.02.17 18:23:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.07 10:49:03 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.26 18:36:46 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.02.07 11:41:42 | 000,000,342 | ---- | C] () -- C:\Windows\Tasks\RegistryBooster.job
[2011.02.07 14:37:53 | 000,001,102 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.02.07 14:37:54 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011.02.25 16:55:48 | 000,000,400 | ---- | C] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job
[2011.07.25 12:39:33 | 000,000,264 | ---- | C] () -- C:\Windows\Tasks\RMSchedule.job
[2012.04.21 11:21:42 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\Sens.dll
 
< %USERPROFILE%\*.* >
[2013.02.17 18:23:56 | 004,194,304 | -HS- | M] () -- C:\Users\Timo\ntuser.dat
[2013.02.17 18:23:56 | 000,262,144 | -HS- | M] () -- C:\Users\Timo\ntuser.dat.LOG1
[2011.12.16 13:57:30 | 000,262,144 | -HS- | M] () -- C:\Users\Timo\ntuser.dat.LOG2
[2011.02.05 13:20:40 | 000,065,536 | -HS- | M] () -- C:\Users\Timo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.02.05 13:20:40 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.02.05 13:20:40 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.11.29 20:10:42 | 000,065,536 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{3d550802-1a86-11e1-a466-bcaec51fc960}.TM.blf
[2011.11.29 20:10:42 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{3d550802-1a86-11e1-a466-bcaec51fc960}.TMContainer00000000000000000001.regtrans-ms
[2011.11.29 20:10:42 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{3d550802-1a86-11e1-a466-bcaec51fc960}.TMContainer00000000000000000002.regtrans-ms
[2012.01.09 22:45:20 | 000,065,536 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{c6c6d8ab-3ad9-11e1-a03d-bcaec51fc960}.TM.blf
[2012.01.09 22:45:20 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{c6c6d8ab-3ad9-11e1-a03d-bcaec51fc960}.TMContainer00000000000000000001.regtrans-ms
[2012.01.09 22:45:20 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{c6c6d8ab-3ad9-11e1-a03d-bcaec51fc960}.TMContainer00000000000000000002.regtrans-ms
[2011.02.04 18:26:44 | 000,000,020 | -HS- | M] () -- C:\Users\Timo\ntuser.ini
[2011.10.31 11:29:14 | 000,000,669 | ---- | M] () -- C:\Users\Timo\Timo - Verknüpfung.lnk
[2011.11.24 22:29:50 | 000,594,843 | ---- | M] () -- C:\Users\Timo\{1A8140AD-3D01-7C98-D764-55146F5D4AE5}-HBLiteSA.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         
--- --- ---

ich habe alle Pogramme geschlossen (wenn unten rechts die Symbole nicht dazu zählen) und musste es in zwei Teile teilen, weil das zu viele Zeichen waren.

Alt 17.02.2013, 18:46   #5
xreason
 
Delta Search - Standard

Delta Search



OTL.txt :
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.02.2013 18:20:41 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,05 Gb Available Physical Memory | 76,32% Memory free
8,36 Gb Paging File | 6,18 Gb Available in Paging File | 73,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 14,04 Gb Free Space | 7,19% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 245,18 Gb Free Space | 62,77% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 778,81 Gb Free Space | 83,61% Space Free | Partition Type: NTFS
Drive I: | 7,26 Gb Total Space | 0,12 Gb Free Space | 1,68% Space Free | Partition Type: FAT32
 
Computer Name: TIMO-PC | User Name: Timo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.17 18:16:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
PRC - [2013.02.05 16:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.12.15 13:03:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.10.30 16:34:33 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012.10.16 14:49:36 | 002,051,552 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Timo\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.07 10:24:54 | 000,246,784 | ---- | M] () -- H:\Drakonia Configurator\hid.exe
PRC - [2011.12.01 20:15:42 | 000,777,448 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\GameCom780.exe
PRC - [2011.06.01 21:44:15 | 001,546,640 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.01.21 15:19:38 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010.11.15 16:05:30 | 000,112,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2010.10.01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
PRC - [2010.07.15 18:58:24 | 009,936,512 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2010.07.07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010.06.24 07:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.06.09 09:53:20 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\PACTray.exe
PRC - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007.12.10 14:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\PAP7501\GUCI_AVS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.07 10:24:54 | 000,246,784 | ---- | M] () -- H:\Drakonia Configurator\hid.exe
MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.12.01 20:16:00 | 000,150,760 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\VMixPLGC.dll
MOD - [2011.12.01 20:15:42 | 000,777,448 | ---- | M] () -- C:\Programme\Plantronics\GameCom780\GameCom780.exe
MOD - [2011.11.22 14:18:58 | 000,061,440 | ---- | M] () -- H:\Drakonia Configurator\HidDevice.dll
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011.01.21 15:19:38 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\Uniblue\RegistryBooster\cache.dll
MOD - [2010.06.01 10:38:40 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2010.06.01 10:38:40 | 000,061,440 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\flashobj.dll
MOD - [2010.02.08 17:19:52 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\HookKey32.dll
MOD - [2010.01.08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
MOD - [2010.01.08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009.09.30 04:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.06.27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
MOD - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV - [2013.02.14 03:14:02 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.08 13:54:16 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.05 16:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.15 13:03:13 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.12 19:59:39 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012.10.30 16:34:33 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012.10.16 14:49:36 | 002,051,552 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2012.09.04 12:16:08 | 000,678,416 | ---- | M] () [Auto | Running] -- C:\Programme\EslWire\service\WireHelperSvc.exe -- (EslWireHelper)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 13:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 13:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.10.01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010.07.19 19:57:32 | 002,231,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2010.06.24 07:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.06.07 11:22:00 | 003,549,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys -- (dump_wmimmc)
DRV:64bit: - [2012.10.30 16:35:13 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.09.04 12:16:00 | 000,147,472 | ---- | M] (<Turtle Entertainment>) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.05 01:47:58 | 001,327,104 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PLTGC.sys -- (PlantronicsGC)
DRV:64bit: - [2011.07.28 17:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.01.07 16:02:28 | 000,045,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.12 00:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.08.30 14:38:38 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2010.08.30 14:38:38 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2010.04.27 02:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 02:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.03.02 12:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.01.01 18:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.12.30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.11.06 12:13:20 | 000,597,504 | ---- | M] (PixArt Imaging Incorporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GUCI_AVS.sys -- (GUCI_AVS)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.07 11:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.07 11:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.08.09 22:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.01.24 23:08:34 | 000,057,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2008.01.24 23:08:24 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2008.01.24 23:08:04 | 000,032,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2008.01.24 23:07:54 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2012.10.16 14:49:40 | 000,020,528 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\DU Meter\DUMETR64.SYS -- (DUMeterDrv)
DRV - [2010.06.10 13:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=bfus&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Delta Search
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{09848B84-7179-4142-8006-A5461C05B662}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=bfus&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119370&tt=060411_def&babsrc=SP_ss&mntrId=d0c9404b000000000000bcaec51fc960
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = hxxp://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKCU\..\SearchScopes\{A525F025-4323-4742-AAE4-85E933F66EAF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\..\SearchScopes\{E1D79936-9933-4091-BF99-6C1BEF6C298F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files (x86)\HBLite\bin\11.0.349.0\firefox\extensions [2011.04.07 15:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.07.25 09:39:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.10.30 16:35:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.10.30 16:35:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.10.30 16:35:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files (x86)\PriceGong\2.1.0\FF [2011.02.07 11:41:16 | 000,000,000 | ---D | M]
 
[2013.02.16 22:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.02.27 19:47:38 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
 
========== Chrome  ==========
 
CHR - homepage: Delta Search
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=102&systemid=406&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: Delta Search
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Adblock Plus = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\
CHR - Extension: Delta Toolbar = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.0_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\
CHR - Extension: Skype Click to Call = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Yontoo = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Google Mail = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Java Runtime) - {279384DD-3D1B-4086-8679-AA5EC7268BE1} - C:\Users\Timo\AppData\Roaming\JavaRun\IE\JavaRun.dll (Oracle Corporation)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Surf Canyon Search Engine Assistant) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll㴀幯 佃䑎䥕ㅾ䐮䱌 File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - c:\progra~2\wi3c8a~1\datamngr\iebho.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (NetAssistantBHO Class) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files (x86)\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll File not found
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll File not found
O4:64bit: - HKLM..\Run: [GamecomSound] C:\Programme\Plantronics\GameCom780\GameCom780.exe ()
O4:64bit: - HKLM..\Run: [GUCI_AVS] C:\Windows\PixArt\PAP7501\GUCI_AVS.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [PACTray] C:\Windows\PixArt\PAP7501\PACTray.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GamingMouse] H:\Drakonia Configurator\hid.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime File not found
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Timo\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - HKCU..\Run: [ESL Wire] C:\Program Files\EslWire\wire.exe (Turtle Entertainment GmbH)
O4 - HKCU..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe (NEXON Inc.)
O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray File not found
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [Steam] H:\steam2\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D7181A0-39E5-445E-AAAD-3647C489EF4A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\wi3c8a~1\datamngr\datamngr.dll) - c:\progra~2\wi3c8a~1\datamngr\datamngr.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\Shell - "" = AutoRun
O33 - MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.17 18:15:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
[2013.02.16 22:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013.02.16 22:12:16 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Delta
[2013.02.16 22:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013.02.16 22:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.02.16 22:11:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.02.16 22:11:13 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Roaming\Babylon
[2013.02.12 11:22:50 | 000,000,000 | ---D | C] -- C:\Users\Timo\AppData\Local\SCE
[2013.02.09 16:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013.02.07 16:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.07 16:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.28 19:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.17 18:16:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
[2013.02.17 17:52:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.17 17:40:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.17 16:55:03 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job
[2013.02.16 22:14:06 | 000,000,706 | ---- | M] () -- C:\Users\Timo\Desktop\JDownloader.lnk
[2013.02.16 21:40:03 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.16 19:00:00 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2013.02.15 11:49:13 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 11:49:13 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 11:42:18 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2013.02.15 11:42:06 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.02.15 11:42:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.15 11:41:45 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.12 11:28:16 | 000,000,628 | ---- | M] () -- C:\Users\Timo\Desktop\PlanetSide 2 PSG.lnk
[2013.02.09 16:13:00 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.02.09 16:13:00 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013.02.07 16:19:24 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.02.06 16:30:15 | 001,790,288 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.06 16:30:15 | 000,767,432 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.06 16:30:15 | 000,710,514 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.06 16:30:15 | 000,172,906 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.06 16:30:15 | 000,141,010 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.31 16:55:04 | 000,000,200 | ---- | M] () -- C:\Users\Timo\Desktop\Dota 2.url
[2013.01.25 14:05:49 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.01.25 14:05:49 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.16 22:14:06 | 000,000,706 | ---- | C] () -- C:\Users\Timo\Desktop\JDownloader.lnk
[2013.02.16 22:14:05 | 000,000,670 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.02.16 22:14:05 | 000,000,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.02.16 22:14:04 | 000,000,615 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.02.12 11:28:16 | 000,000,628 | ---- | C] () -- C:\Users\Timo\Desktop\PlanetSide 2 PSG.lnk
[2013.02.12 11:28:16 | 000,000,628 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2 PSG.lnk
[2013.02.12 11:21:37 | 000,000,621 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk
[2013.02.09 16:13:00 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013.01.31 16:55:04 | 000,000,200 | ---- | C] () -- C:\Users\Timo\Desktop\Dota 2.url
[2012.12.26 18:36:46 | 000,000,402 | ---- | C] () -- C:\Windows\PLTGC.ini.cfl
[2012.12.26 18:36:37 | 000,000,534 | ---- | C] () -- C:\Windows\PLTGC.ini.imi
[2012.12.26 18:36:36 | 000,003,489 | ---- | C] () -- C:\Windows\PLTGC.ini.cfg
[2012.12.23 18:05:00 | 001,184,699 | ---- | C] () -- C:\Windows\unins000.exe
[2012.12.23 18:05:00 | 000,018,454 | ---- | C] () -- C:\Windows\unins000.dat
[2012.10.20 19:44:25 | 000,007,602 | ---- | C] () -- C:\Users\Timo\AppData\Local\Resmon.ResmonCfg
[2012.05.27 15:10:27 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.02.24 14:04:42 | 000,017,408 | ---- | C] () -- C:\Users\Timo\AppData\Local\WebpageIcons.db
[2011.11.24 22:29:50 | 000,594,843 | ---- | C] () -- C:\Users\Timo\{1A8140AD-3D01-7C98-D764-55146F5D4AE5}-HBLiteSA.exe
[2011.10.31 11:29:14 | 000,000,669 | ---- | C] () -- C:\Users\Timo\Timo - Verknüpfung.lnk
[2011.10.06 19:13:36 | 000,443,392 | ---- | C] () -- C:\Windows\SysWow64\wlsppc.dll
[2011.09.29 20:27:43 | 000,000,447 | ---- | C] () -- C:\Windows\PLTGC.ini
[2011.09.17 11:03:16 | 000,024,561 | ---- | C] () -- C:\Users\Timo\AppData\Roaming\UserTile.png
[2011.06.08 12:33:57 | 000,002,157 | ---- | C] () -- C:\Windows\SysWow64\GUCI_AVS.ini
[2011.04.20 09:06:51 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.22 21:09:52 | 001,767,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.13 16:22:23 | 000,005,120 | ---- | C] () -- C:\Users\Timo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.06 00:25:51 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.06 00:25:49 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.03.05 23:53:25 | 000,000,135 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.03.04 20:08:31 | 000,000,013 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011.03.04 20:08:31 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.03.04 20:08:16 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.03.04 20:08:16 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\bd4040cn.dat
[2011.03.04 20:08:16 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.03.04 20:08:13 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011.03.04 20:08:13 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011.03.04 20:07:14 | 000,000,094 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.02.07 14:38:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3772474302-332197646-2498302637-1000\$87ef2bcc14ca716fa86ad1420e654d74\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.30 18:41:53 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\.minecraft
[2011.06.18 10:51:45 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Atari
[2013.02.16 22:11:13 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Babylon
[2011.06.28 13:59:04 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Bioshock
[2011.10.12 15:43:25 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Bioshock2
[2013.02.16 13:28:23 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\BitTorrent
[2011.02.05 13:40:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Canneverbe Limited
[2013.02.16 22:12:31 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Delta
[2013.02.16 13:29:49 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\EurekaLog
[2011.04.10 22:52:37 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\facemoods.com
[2011.11.29 13:31:28 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FinalTorrent
[2012.03.01 14:24:24 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FreeArc
[2011.11.29 13:31:28 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\FreeFileViewer
[2011.07.23 10:23:02 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\go
[2011.02.23 15:24:52 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\HBLite
[2011.05.31 20:32:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Hive Cluster
[2011.02.07 14:36:55 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\JavaRun
[2011.06.18 10:47:45 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Leadertech
[2011.04.09 12:55:29 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\LolClient
[2012.05.25 14:32:58 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\LolClient2
[2012.12.23 18:05:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MingGuan
[2011.05.02 12:41:47 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Notepad++
[2011.02.11 15:09:26 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\OpenOffice.org
[2011.02.08 16:53:33 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Phase6
[2011.04.10 22:52:36 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\PriceGong
[2011.03.09 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Teeworlds
[2012.05.25 14:46:30 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\TS3Client
[2011.03.28 13:11:58 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Ubisoft
[2011.02.07 11:41:42 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Uniblue
[2011.05.20 12:55:37 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\XRay Engine
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.07 10:49:10 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.05.13 12:53:04 | 000,000,000 | ---D | M] -- C:\AeriaGames
[2011.03.23 14:11:50 | 000,000,000 | ---D | M] -- C:\BDS
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.02.04 18:26:37 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.05.13 13:30:48 | 000,000,000 | ---D | M] -- C:\Download
[2011.02.07 11:49:41 | 000,000,000 | ---D | M] -- C:\extensions
[2012.03.09 23:08:41 | 000,000,000 | ---D | M] -- C:\Fraps
[2011.06.06 13:27:17 | 000,000,000 | ---D | M] -- C:\inetpub
[2011.07.05 22:11:55 | 000,000,000 | ---D | M] -- C:\MicrovoltsDownloader
[2011.04.19 18:34:24 | 000,000,000 | ---D | M] -- C:\Nexon
[2011.02.05 13:31:36 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.26 18:36:46 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.16 22:12:17 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.02.16 22:11:22 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.02.04 18:26:37 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.02.04 18:26:37 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.02.17 18:23:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.11.07 10:49:03 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.26 18:36:46 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.02.07 11:41:42 | 000,000,342 | ---- | C] () -- C:\Windows\Tasks\RegistryBooster.job
[2011.02.07 14:37:53 | 000,001,102 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.02.07 14:37:54 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011.02.25 16:55:48 | 000,000,400 | ---- | C] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job
[2011.07.25 12:39:33 | 000,000,264 | ---- | C] () -- C:\Windows\Tasks\RMSchedule.job
[2012.04.21 11:21:42 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:16:13 | 000,049,664 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\Sens.dll
 
< %USERPROFILE%\*.* >
[2013.02.17 18:23:56 | 004,194,304 | -HS- | M] () -- C:\Users\Timo\ntuser.dat
[2013.02.17 18:23:56 | 000,262,144 | -HS- | M] () -- C:\Users\Timo\ntuser.dat.LOG1
[2011.12.16 13:57:30 | 000,262,144 | -HS- | M] () -- C:\Users\Timo\ntuser.dat.LOG2
[2011.02.05 13:20:40 | 000,065,536 | -HS- | M] () -- C:\Users\Timo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.02.05 13:20:40 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.02.05 13:20:40 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.11.29 20:10:42 | 000,065,536 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{3d550802-1a86-11e1-a466-bcaec51fc960}.TM.blf
[2011.11.29 20:10:42 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{3d550802-1a86-11e1-a466-bcaec51fc960}.TMContainer00000000000000000001.regtrans-ms
[2011.11.29 20:10:42 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{3d550802-1a86-11e1-a466-bcaec51fc960}.TMContainer00000000000000000002.regtrans-ms
[2012.01.09 22:45:20 | 000,065,536 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{c6c6d8ab-3ad9-11e1-a03d-bcaec51fc960}.TM.blf
[2012.01.09 22:45:20 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{c6c6d8ab-3ad9-11e1-a03d-bcaec51fc960}.TMContainer00000000000000000001.regtrans-ms
[2012.01.09 22:45:20 | 000,524,288 | -HS- | M] () -- C:\Users\Timo\ntuser.dat{c6c6d8ab-3ad9-11e1-a03d-bcaec51fc960}.TMContainer00000000000000000002.regtrans-ms
[2011.02.04 18:26:44 | 000,000,020 | -HS- | M] () -- C:\Users\Timo\ntuser.ini
[2011.10.31 11:29:14 | 000,000,669 | ---- | M] () -- C:\Users\Timo\Timo - Verknüpfung.lnk
[2011.11.24 22:29:50 | 000,594,843 | ---- | M] () -- C:\Users\Timo\{1A8140AD-3D01-7C98-D764-55146F5D4AE5}-HBLiteSA.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         
--- --- ---

ich habe alle Pogramme geschlossen (wenn unten rechts die Symbole nicht dazu zählen) und musste es in zwei Teile teilen, weil das zu viele Zeichen waren.


Alt 17.02.2013, 18:50   #6
markusg
/// Malware-holic
 
Delta Search - Standard

Delta Search



Hi
Kaspersky Homepage aufsuchen bitte, upgraden auf 2013

otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_DE Toolbar) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll
File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found
O3 - HKLM\..\Toolbar: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll File not
found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O2 - BHO: (BittorrentBar_DE Toolbar) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll㴀幯 佃䑎䥕ㅾ䐮䱌 File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime File not found
O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray File not found
O33 - MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\Shell - "" = AutoRun
O33 - MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\Shell\AutoRun\command - "" = F:\Autorun.exe
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
--> Delta Search

Alt 17.02.2013, 19:29   #7
xreason
 
Delta Search - Standard

Delta Search



Die Datei war nicht auf dem Desktop, aber dafür waren dort 2 mal Desktop.ini und einmal Thumbs.db.
Außerdem noch eine Anwendung mit dem Namen "Sicherer Zahlungsverkehr" (was ziehmlich gruselig ist).

Hier aber trotzdem was in der Datei stand:


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}\ deleted successfully.
File C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
File C:\Program Files (x86)\BittorrentBar_DE\tbBitt.dll File not not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NetLimiter deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b6420d7-3122-11e0-b7a5-806e6f6e6963}\ not found.
File E:\.\Bin\ASSETUP.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c45c2cdf-477a-11e0-91b8-bcaec51fc960}\ not found.
File F:\Autorun.exe not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 40485646 bytes
->Temporary Internet Files folder emptied: 1103547981 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 255039127 bytes
->Flash cache emptied: 67387 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: nge
->Temp folder emptied: 221710 bytes
->Temporary Internet Files folder emptied: 32685000 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 255586412 bytes
->Flash cache emptied: 104828 bytes

User: Public

User: Timo
->Temp folder emptied: 4990453411 bytes
->Temporary Internet Files folder emptied: 751363616 bytes
->Java cache emptied: 43276 bytes
->Google Chrome cache emptied: 243732727 bytes
->Flash cache emptied: 448587 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 557056 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2299059278 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 30251654040 bytes

Total Files Cleaned = 38.362,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02172013_191659

Alt 17.02.2013, 19:33   #8
markusg
/// Malware-holic
 
Delta Search - Standard

Delta Search



Hi
sicherer ZahlungsVerkehr gehört zu Kaspersky :-)

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.02.2013, 19:41   #9
xreason
 
Delta Search - Standard

Delta Search



Ok und wie bekomme ich die nervigen files jetzt vom Desktop?
Also die Desktop.ini etc.

Hier der log:

19:37:40.0584 5284 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:37:40.0783 5284 ============================================================
19:37:40.0783 5284 Current date / time: 2013/02/17 19:37:40.0783
19:37:40.0783 5284 SystemInfo:
19:37:40.0783 5284
19:37:40.0784 5284 OS Version: 6.1.7601 ServicePack: 1.0
19:37:40.0784 5284 Product type: Workstation
19:37:40.0784 5284 ComputerName: TIMO-PC
19:37:40.0784 5284 UserName: Timo
19:37:40.0784 5284 Windows directory: C:\Windows
19:37:40.0784 5284 System windows directory: C:\Windows
19:37:40.0784 5284 Running under WOW64
19:37:40.0784 5284 Processor architecture: Intel x64
19:37:40.0784 5284 Number of processors: 4
19:37:40.0784 5284 Page size: 0x1000
19:37:40.0784 5284 Boot type: Normal boot
19:37:40.0784 5284 ============================================================
19:37:42.0270 5284 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:37:42.0286 5284 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C00000 (7.28 Gb), SectorSize: 0x200, Cylinders: 0x3B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:37:42.0288 5284 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:37:42.0314 5284 ============================================================
19:37:42.0314 5284 \Device\Harddisk0\DR0:
19:37:42.0314 5284 MBR partitions:
19:37:42.0314 5284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:37:42.0314 5284 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1866D800
19:37:42.0315 5284 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0000, BlocksNum 0x30D40000
19:37:42.0315 5284 \Device\Harddisk1\DR1:
19:37:42.0316 5284 MBR partitions:
19:37:42.0316 5284 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0xE8DFE0
19:37:42.0316 5284 \Device\Harddisk2\DR2:
19:37:42.0317 5284 MBR partitions:
19:37:42.0317 5284 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
19:37:42.0317 5284 ============================================================
19:37:42.0354 5284 C: <-> \Device\Harddisk0\DR0\Partition2
19:37:42.0386 5284 D: <-> \Device\Harddisk0\DR0\Partition3
19:37:42.0403 5284 H: <-> \Device\Harddisk2\DR2\Partition1
19:37:42.0403 5284 ============================================================
19:37:42.0403 5284 Initialize success
19:37:42.0403 5284 ============================================================
19:38:05.0007 6752 ============================================================
19:38:05.0007 6752 Scan started
19:38:05.0007 6752 Mode: Manual;
19:38:05.0007 6752 ============================================================
19:38:07.0865 6752 ================ Scan system memory ========================
19:38:07.0865 6752 System memory - ok
19:38:07.0865 6752 ================ Scan services =============================
19:38:08.0019 6752 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:38:08.0030 6752 1394ohci - ok
19:38:08.0101 6752 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:38:08.0104 6752 ACPI - ok
19:38:08.0114 6752 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:38:08.0120 6752 AcpiPmi - ok
19:38:08.0201 6752 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:38:08.0226 6752 AdobeARMservice - ok
19:38:08.0324 6752 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:38:08.0426 6752 AdobeFlashPlayerUpdateSvc - ok
19:38:08.0462 6752 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:38:08.0476 6752 adp94xx - ok
19:38:08.0490 6752 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:38:08.0510 6752 adpahci - ok
19:38:08.0515 6752 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:38:08.0528 6752 adpu320 - ok
19:38:08.0551 6752 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:38:08.0552 6752 AeLookupSvc - ok
19:38:08.0584 6752 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:38:08.0599 6752 AFD - ok
19:38:08.0604 6752 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:38:08.0620 6752 agp440 - ok
19:38:08.0934 6752 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
19:38:08.0934 6752 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
19:38:08.0941 6752 Akamai ( HiddenFile.Multi.Generic ) - warning
19:38:08.0941 6752 Akamai - detected HiddenFile.Multi.Generic (1)
19:38:08.0958 6752 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:38:08.0959 6752 ALG - ok
19:38:08.0968 6752 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:38:08.0976 6752 aliide - ok
19:38:08.0994 6752 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:38:09.0018 6752 amdide - ok
19:38:09.0042 6752 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:38:09.0050 6752 AmdK8 - ok
19:38:09.0069 6752 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:38:09.0070 6752 AmdPPM - ok
19:38:09.0091 6752 [ 53D8D46D51D390ABDB54ECA623165CB7 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
19:38:09.0092 6752 amdsata - ok
19:38:09.0113 6752 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:38:09.0132 6752 amdsbs - ok
19:38:09.0148 6752 [ 75C51148154E34EB3D7BB84749A758D5 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
19:38:09.0161 6752 amdxata - ok
19:38:09.0210 6752 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
19:38:09.0218 6752 AppHostSvc - ok
19:38:09.0263 6752 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:38:09.0278 6752 AppID - ok
19:38:09.0294 6752 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:38:09.0295 6752 AppIDSvc - ok
19:38:09.0320 6752 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:38:09.0328 6752 Appinfo - ok
19:38:09.0395 6752 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:38:09.0404 6752 Apple Mobile Device - ok
19:38:09.0417 6752 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:38:09.0427 6752 arc - ok
19:38:09.0431 6752 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:38:09.0439 6752 arcsas - ok
19:38:09.0475 6752 [ F6BDA026E4157DC4E321CA391E9D9BC6 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
19:38:09.0476 6752 AsIO - ok
19:38:09.0537 6752 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:38:09.0557 6752 aspnet_state - ok
19:38:09.0585 6752 [ 8C1FD73CC27EDD8D3344C632571C224C ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
19:38:09.0586 6752 AsSysCtrlService - ok
19:38:09.0608 6752 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:38:09.0609 6752 AsyncMac - ok
19:38:09.0630 6752 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:38:09.0631 6752 atapi - ok
19:38:09.0649 6752 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
19:38:09.0649 6752 AtiPcie - ok
19:38:09.0682 6752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:38:09.0697 6752 AudioEndpointBuilder - ok
19:38:09.0706 6752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:38:09.0709 6752 AudioSrv - ok
19:38:09.0851 6752 AVP - ok
19:38:09.0901 6752 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:38:09.0940 6752 AxInstSV - ok
19:38:09.0962 6752 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:38:09.0974 6752 b06bdrv - ok
19:38:09.0999 6752 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:38:10.0010 6752 b57nd60a - ok
19:38:10.0057 6752 [ 7ED4E1D2E124AD4E6A287CF49DBC9BBA ] BCUService C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
19:38:10.0060 6752 BCUService - ok
19:38:10.0084 6752 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:38:10.0086 6752 BDESVC - ok
19:38:10.0094 6752 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:38:10.0095 6752 Beep - ok
19:38:10.0139 6752 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:38:10.0169 6752 BFE - ok
19:38:10.0192 6752 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:38:10.0209 6752 BITS - ok
19:38:10.0231 6752 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:38:10.0232 6752 blbdrive - ok
19:38:10.0393 6752 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:38:10.0417 6752 Bonjour Service - ok
19:38:10.0449 6752 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:38:10.0459 6752 bowser - ok
19:38:10.0463 6752 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:38:10.0469 6752 BrFiltLo - ok
19:38:10.0482 6752 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:38:10.0487 6752 BrFiltUp - ok
19:38:10.0546 6752 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:38:10.0562 6752 Browser - ok
19:38:10.0579 6752 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:38:10.0590 6752 Brserid - ok
19:38:10.0609 6752 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:38:10.0616 6752 BrSerWdm - ok
19:38:10.0635 6752 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:38:10.0641 6752 BrUsbMdm - ok
19:38:10.0659 6752 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:38:10.0665 6752 BrUsbSer - ok
19:38:10.0737 6752 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:38:10.0746 6752 BTHMODEM - ok
19:38:10.0775 6752 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:38:10.0776 6752 bthserv - ok
19:38:10.0789 6752 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:38:10.0798 6752 cdfs - ok
19:38:10.0830 6752 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:38:10.0831 6752 cdrom - ok
19:38:10.0853 6752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:38:10.0861 6752 CertPropSvc - ok
19:38:10.0874 6752 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:38:10.0881 6752 circlass - ok
19:38:10.0910 6752 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:38:10.0913 6752 CLFS - ok
19:38:10.0957 6752 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:38:10.0983 6752 clr_optimization_v2.0.50727_32 - ok
19:38:11.0007 6752 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:38:11.0017 6752 clr_optimization_v2.0.50727_64 - ok
19:38:11.0074 6752 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:38:11.0096 6752 clr_optimization_v4.0.30319_32 - ok
19:38:11.0110 6752 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:38:11.0130 6752 clr_optimization_v4.0.30319_64 - ok
19:38:11.0146 6752 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:38:11.0153 6752 CmBatt - ok
19:38:11.0173 6752 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:38:11.0180 6752 cmdide - ok
19:38:11.0212 6752 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:38:11.0228 6752 CNG - ok
19:38:11.0236 6752 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:38:11.0244 6752 Compbatt - ok
19:38:11.0266 6752 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:38:11.0267 6752 CompositeBus - ok
19:38:11.0270 6752 COMSysApp - ok
19:38:11.0279 6752 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:38:11.0288 6752 crcdisk - ok
19:38:11.0349 6752 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:38:11.0372 6752 CryptSvc - ok
19:38:11.0394 6752 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
19:38:11.0395 6752 dc3d - ok
19:38:11.0459 6752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:38:11.0463 6752 DcomLaunch - ok
19:38:11.0499 6752 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:38:11.0502 6752 defragsvc - ok
19:38:11.0606 6752 [ D2600494C45B98ADFDAE290205AD7CD3 ] DevoloNetworkService C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
19:38:11.0626 6752 DevoloNetworkService - ok
19:38:11.0648 6752 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:38:11.0657 6752 DfsC - ok
19:38:11.0674 6752 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:38:11.0686 6752 Dhcp - ok
19:38:11.0707 6752 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:38:11.0712 6752 discache - ok
19:38:11.0738 6752 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:38:11.0748 6752 Disk - ok
19:38:11.0770 6752 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:38:11.0772 6752 Dnscache - ok
19:38:11.0799 6752 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:38:11.0809 6752 dot3svc - ok
19:38:11.0836 6752 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:38:11.0852 6752 DPS - ok
19:38:12.0053 6752 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:38:12.0068 6752 drmkaud - ok
19:38:12.0135 6752 [ DCB557B63F8CDB1DA3F19F69F99CC219 ] DUMeterDrv C:\Program Files (x86)\DU Meter\DUMETR64.SYS
19:38:12.0150 6752 DUMeterDrv - ok
19:38:12.0234 6752 DUMeterSvc - ok
19:38:12.0261 6752 dump_wmimmc - ok
19:38:12.0345 6752 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:38:12.0393 6752 DXGKrnl - ok
19:38:12.0408 6752 EagleX64 - ok
19:38:12.0431 6752 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:38:12.0433 6752 EapHost - ok
19:38:12.0500 6752 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:38:12.0535 6752 ebdrv - ok
19:38:12.0558 6752 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:38:12.0566 6752 EFS - ok
19:38:12.0600 6752 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:38:12.0621 6752 ehRecvr - ok
19:38:12.0643 6752 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:38:12.0645 6752 ehSched - ok
19:38:12.0687 6752 [ A14D6E3EF78F6D6AC42F98D633F2400A ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
19:38:12.0688 6752 ElbyCDIO - ok
19:38:12.0709 6752 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:38:12.0724 6752 elxstor - ok
19:38:12.0749 6752 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:38:12.0755 6752 ErrDev - ok
19:38:12.0807 6752 [ ABC24F129C616E5DEE5CE58683606C84 ] ESLWireAC C:\Windows\system32\drivers\ESLWireACD.sys
19:38:12.0815 6752 ESLWireAC - ok
19:38:12.0929 6752 [ 4FC6545A22D348E1B6DA15A27748B7FE ] EslWireHelper C:\Program Files\EslWire\service\WireHelperSvc.exe
19:38:13.0014 6752 EslWireHelper - ok
19:38:13.0047 6752 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:38:13.0051 6752 EventSystem - ok
19:38:13.0065 6752 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:38:13.0076 6752 exfat - ok
19:38:13.0089 6752 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:38:13.0092 6752 fastfat - ok
19:38:13.0137 6752 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:38:13.0169 6752 Fax - ok
19:38:13.0185 6752 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:38:13.0195 6752 fdc - ok
19:38:13.0229 6752 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:38:13.0230 6752 fdPHost - ok
19:38:13.0234 6752 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:38:13.0236 6752 FDResPub - ok
19:38:13.0247 6752 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:38:13.0248 6752 FileInfo - ok
19:38:13.0275 6752 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:38:13.0283 6752 Filetrace - ok
19:38:13.0294 6752 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:38:13.0301 6752 flpydisk - ok
19:38:13.0316 6752 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:38:13.0329 6752 FltMgr - ok
19:38:13.0369 6752 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:38:13.0387 6752 FontCache - ok
19:38:13.0431 6752 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:38:13.0454 6752 FontCache3.0.0.0 - ok
19:38:13.0529 6752 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:38:13.0540 6752 FsDepends - ok
19:38:13.0570 6752 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:38:13.0592 6752 Fs_Rec - ok
19:38:13.0658 6752 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:38:13.0669 6752 fvevol - ok
19:38:13.0681 6752 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:38:13.0690 6752 gagp30kx - ok
19:38:13.0736 6752 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:38:13.0744 6752 GEARAspiWDM - ok
19:38:13.0789 6752 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:38:13.0807 6752 gpsvc - ok
19:38:13.0852 6752 [ 03BF24E2497F9CE09D7863295526C93C ] GUCI_AVS C:\Windows\system32\DRIVERS\GUCI_AVS.sys
19:38:13.0870 6752 GUCI_AVS - ok
19:38:13.0938 6752 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:38:13.0941 6752 gupdate - ok
19:38:13.0979 6752 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:38:13.0981 6752 gupdatem - ok
19:38:14.0011 6752 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:38:14.0012 6752 gusvc - ok
19:38:14.0033 6752 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
19:38:14.0040 6752 hamachi - ok
19:38:14.0043 6752 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:38:14.0050 6752 hcw85cir - ok
19:38:14.0090 6752 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:38:14.0103 6752 HdAudAddService - ok
19:38:14.0134 6752 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:38:14.0136 6752 HDAudBus - ok
19:38:14.0147 6752 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:38:14.0155 6752 HidBatt - ok
19:38:14.0180 6752 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:38:14.0199 6752 HidBth - ok
19:38:14.0218 6752 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:38:14.0227 6752 HidIr - ok
19:38:14.0253 6752 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:38:14.0254 6752 hidserv - ok
19:38:14.0293 6752 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:38:14.0307 6752 HidUsb - ok
19:38:14.0331 6752 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:38:14.0355 6752 hkmsvc - ok
19:38:14.0379 6752 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:38:14.0396 6752 HomeGroupListener - ok
19:38:14.0422 6752 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:38:14.0435 6752 HomeGroupProvider - ok
19:38:14.0452 6752 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:38:14.0463 6752 HpSAMD - ok
19:38:14.0552 6752 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:38:14.0576 6752 HTTP - ok
19:38:14.0581 6752 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:38:14.0591 6752 hwpolicy - ok
19:38:14.0618 6752 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:38:14.0626 6752 i8042prt - ok
19:38:14.0664 6752 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:38:14.0677 6752 iaStorV - ok
19:38:14.0721 6752 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:38:14.0738 6752 IDriverT - ok
19:38:14.0797 6752 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:38:14.0825 6752 idsvc - ok
19:38:14.0829 6752 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:38:14.0836 6752 iirsp - ok
19:38:14.0913 6752 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:38:14.0932 6752 IKEEXT - ok
19:38:14.0943 6752 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:38:14.0951 6752 intelide - ok
19:38:14.0960 6752 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:38:14.0968 6752 intelppm - ok
19:38:14.0987 6752 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:38:14.0989 6752 IPBusEnum - ok
19:38:14.0998 6752 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:38:15.0007 6752 IpFilterDriver - ok
19:38:15.0023 6752 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:38:15.0035 6752 iphlpsvc - ok
19:38:15.0059 6752 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:38:15.0068 6752 IPMIDRV - ok
19:38:15.0083 6752 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:38:15.0093 6752 IPNAT - ok
19:38:15.0149 6752 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:38:15.0169 6752 iPod Service - ok
19:38:15.0182 6752 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:38:15.0192 6752 IRENUM - ok
19:38:15.0222 6752 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:38:15.0229 6752 isapnp - ok
19:38:15.0246 6752 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:38:15.0258 6752 iScsiPrt - ok
19:38:15.0282 6752 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:38:15.0283 6752 kbdclass - ok
19:38:15.0303 6752 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:38:15.0304 6752 kbdhid - ok
19:38:15.0311 6752 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:38:15.0312 6752 KeyIso - ok
19:38:15.0446 6752 [ 8B5219318DF5895ABD230C373F2DF18A ] KL1 C:\Windows\system32\DRIVERS\kl1.sys
19:38:15.0469 6752 KL1 - ok
19:38:15.0507 6752 [ 8191BB24F61EBCAF84719993C7F7B5C6 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
19:38:15.0515 6752 KLIF - ok
19:38:15.0534 6752 [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
19:38:15.0541 6752 KLIM6 - ok
19:38:15.0578 6752 [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt C:\Windows\system32\DRIVERS\klkbdflt.sys
19:38:15.0585 6752 klkbdflt - ok
19:38:15.0609 6752 [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
19:38:15.0616 6752 klmouflt - ok
19:38:15.0632 6752 [ FFC0501A1EA742406F1904A0CFE3BFE2 ] kltdi C:\Windows\system32\DRIVERS\kltdi.sys
19:38:15.0649 6752 kltdi - ok
19:38:15.0688 6752 [ 185D21CB8F10CFB351FF65DA88C18BC9 ] kneps C:\Windows\system32\DRIVERS\kneps.sys
19:38:15.0698 6752 kneps - ok
19:38:15.0727 6752 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:38:15.0737 6752 KSecDD - ok
19:38:15.0761 6752 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:38:15.0771 6752 KSecPkg - ok
19:38:15.0789 6752 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:38:15.0790 6752 ksthunk - ok
19:38:15.0816 6752 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:38:15.0831 6752 KtmRm - ok
19:38:15.0854 6752 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:38:15.0866 6752 LanmanServer - ok
19:38:15.0893 6752 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:38:15.0902 6752 LanmanWorkstation - ok
19:38:15.0932 6752 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:38:15.0933 6752 lltdio - ok
19:38:15.0948 6752 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:38:15.0960 6752 lltdsvc - ok
19:38:15.0977 6752 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:38:15.0979 6752 lmhosts - ok
19:38:16.0004 6752 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:38:16.0013 6752 LSI_FC - ok
19:38:16.0036 6752 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:38:16.0045 6752 LSI_SAS - ok
19:38:16.0069 6752 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:38:16.0079 6752 LSI_SAS2 - ok
19:38:16.0093 6752 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:38:16.0102 6752 LSI_SCSI - ok
19:38:16.0115 6752 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:38:16.0116 6752 luafv - ok
19:38:16.0176 6752 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
19:38:16.0197 6752 McComponentHostService - ok
19:38:16.0213 6752 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:38:16.0221 6752 Mcx2Svc - ok
19:38:16.0232 6752 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:38:16.0240 6752 megasas - ok
19:38:16.0259 6752 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:38:16.0272 6752 MegaSR - ok
19:38:16.0294 6752 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:38:16.0296 6752 MMCSS - ok
19:38:16.0306 6752 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:38:16.0314 6752 Modem - ok
19:38:16.0332 6752 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:38:16.0333 6752 monitor - ok
19:38:16.0342 6752 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:38:16.0343 6752 mouclass - ok
19:38:16.0351 6752 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:38:16.0352 6752 mouhid - ok
19:38:16.0374 6752 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:38:16.0397 6752 mountmgr - ok
19:38:16.0419 6752 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:38:16.0429 6752 mpio - ok
19:38:16.0438 6752 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:38:16.0439 6752 mpsdrv - ok
19:38:16.0474 6752 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:38:16.0491 6752 MpsSvc - ok
19:38:16.0508 6752 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:38:16.0518 6752 MRxDAV - ok
19:38:16.0549 6752 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:38:16.0559 6752 mrxsmb - ok
19:38:16.0586 6752 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:38:16.0589 6752 mrxsmb10 - ok
19:38:16.0617 6752 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:38:16.0627 6752 mrxsmb20 - ok
19:38:16.0650 6752 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:38:16.0651 6752 msahci - ok
19:38:16.0665 6752 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:38:16.0675 6752 msdsm - ok
19:38:16.0688 6752 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:38:16.0691 6752 MSDTC - ok
19:38:16.0703 6752 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:38:16.0704 6752 Msfs - ok
19:38:16.0721 6752 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:38:16.0722 6752 mshidkmdf - ok
19:38:16.0733 6752 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:38:16.0734 6752 msisadrv - ok
19:38:16.0750 6752 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:38:16.0761 6752 MSiSCSI - ok
19:38:16.0765 6752 msiserver - ok
19:38:16.0785 6752 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:38:16.0792 6752 MSKSSRV - ok
19:38:16.0798 6752 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:38:16.0805 6752 MSPCLOCK - ok
19:38:16.0816 6752 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:38:16.0823 6752 MSPQM - ok
19:38:16.0849 6752 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:38:16.0862 6752 MsRPC - ok
19:38:16.0877 6752 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:38:16.0878 6752 mssmbios - ok
19:38:16.0882 6752 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:38:16.0889 6752 MSTEE - ok
19:38:16.0893 6752 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:38:16.0899 6752 MTConfig - ok
19:38:16.0932 6752 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
19:38:16.0933 6752 MTsensor - ok
19:38:16.0956 6752 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:38:16.0960 6752 Mup - ok
19:38:16.0996 6752 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:38:17.0033 6752 napagent - ok
19:38:17.0060 6752 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:38:17.0064 6752 NativeWifiP - ok
19:38:17.0098 6752 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
19:38:17.0126 6752 NDIS - ok
19:38:17.0138 6752 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:38:17.0139 6752 NdisCap - ok
19:38:17.0157 6752 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:38:17.0158 6752 NdisTapi - ok
19:38:17.0173 6752 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:38:17.0182 6752 Ndisuio - ok
19:38:17.0205 6752 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:38:17.0215 6752 NdisWan - ok
19:38:17.0233 6752 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:38:17.0241 6752 NDProxy - ok
19:38:17.0272 6752 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
19:38:17.0279 6752 Netaapl - ok
19:38:17.0310 6752 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:38:17.0311 6752 NetBIOS - ok
19:38:17.0328 6752 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:38:17.0344 6752 NetBT - ok
19:38:17.0360 6752 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:38:17.0361 6752 Netlogon - ok
19:38:17.0441 6752 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:38:17.0445 6752 Netman - ok
19:38:17.0487 6752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:38:17.0506 6752 NetMsmqActivator - ok
19:38:17.0509 6752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:38:17.0510 6752 NetPipeActivator - ok
19:38:17.0539 6752 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:38:17.0544 6752 netprofm - ok
19:38:17.0559 6752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:38:17.0560 6752 NetTcpActivator - ok
19:38:17.0563 6752 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:38:17.0564 6752 NetTcpPortSharing - ok
19:38:17.0575 6752 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:38:17.0582 6752 nfrd960 - ok
19:38:17.0612 6752 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:38:17.0624 6752 NlaSvc - ok
19:38:17.0646 6752 [ A56A9B58DDDAA4357C856427690FE61B ] NLNdisMP C:\Windows\system32\DRIVERS\nlndis.sys
19:38:17.0647 6752 NLNdisMP - ok
19:38:17.0649 6752 [ A56A9B58DDDAA4357C856427690FE61B ] NLNdisPT C:\Windows\system32\DRIVERS\nlndis.sys
19:38:17.0650 6752 NLNdisPT - ok
19:38:17.0666 6752 nlsvc - ok
19:38:17.0669 6752 nltdi - ok
19:38:17.0689 6752 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:38:17.0690 6752 Npfs - ok
19:38:17.0771 6752 [ 49697C2C761ACB5C0DE99CC8FE93E95B ] NPF_devolo C:\Windows\sysWOW64\drivers\npf_devolo.sys
19:38:17.0772 6752 NPF_devolo - ok
19:38:17.0785 6752 npggsvc - ok
19:38:17.0791 6752 NPPTNT2 - ok
19:38:17.0812 6752 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:38:17.0814 6752 nsi - ok
19:38:17.0824 6752 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:38:17.0825 6752 nsiproxy - ok
19:38:17.0870 6752 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:38:17.0894 6752 Ntfs - ok
19:38:17.0906 6752 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:38:17.0906 6752 Null - ok
19:38:17.0936 6752 [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
19:38:17.0938 6752 nusb3hub - ok
19:38:17.0948 6752 [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:38:17.0951 6752 nusb3xhc - ok
19:38:18.0023 6752 [ 857FB74754EBFF94EE3AD40788740916 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
19:38:18.0038 6752 NVHDA - ok
19:38:18.0675 6752 [ 9C1996DD3C0469BC8933321F15709F5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:38:18.0801 6752 nvlddmkm - ok
19:38:18.0831 6752 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:38:18.0842 6752 nvraid - ok
19:38:18.0869 6752 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:38:18.0879 6752 nvstor - ok
19:38:18.0920 6752 [ DFDA089BB2CD0FF7E789E2EF6BA1E4BA ] NVSvc C:\Windows\system32\nvvsvc.exe
19:38:18.0936 6752 NVSvc - ok
19:38:19.0018 6752 [ E7818CD4FB51284C948D68A7A85A69B8 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
19:38:19.0082 6752 nvUpdatusService - ok
19:38:19.0105 6752 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:38:19.0122 6752 nv_agp - ok
19:38:19.0134 6752 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:38:19.0144 6752 ohci1394 - ok
19:38:19.0211 6752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:38:19.0223 6752 p2pimsvc - ok
19:38:19.0250 6752 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:38:19.0255 6752 p2psvc - ok
19:38:19.0275 6752 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:38:19.0284 6752 Parport - ok
19:38:19.0305 6752 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:38:19.0316 6752 partmgr - ok
19:38:19.0329 6752 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:38:19.0332 6752 PcaSvc - ok
19:38:19.0341 6752 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:38:19.0343 6752 pci - ok
19:38:19.0353 6752 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:38:19.0354 6752 pciide - ok
19:38:19.0360 6752 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:38:19.0373 6752 pcmcia - ok
19:38:19.0459 6752 [ A0E7D752514A7D99341D5F2A834224A9 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
19:38:19.0467 6752 PCToolsSSDMonitorSvc - ok
19:38:19.0491 6752 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:38:19.0499 6752 pcw - ok
19:38:19.0517 6752 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:38:19.0524 6752 PEAUTH - ok
19:38:19.0550 6752 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:38:19.0552 6752 PerfHost - ok
19:38:19.0743 6752 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:38:19.0767 6752 pla - ok
19:38:19.0811 6752 [ AB168D5CF1CD69F9FA6F09C828FEA660 ] PlantronicsGC C:\Windows\system32\drivers\PLTGC.sys
19:38:19.0840 6752 PlantronicsGC - ok
19:38:19.0877 6752 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:38:19.0891 6752 PlugPlay - ok
19:38:19.0912 6752 PnkBstrA - ok
19:38:19.0922 6752 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:38:19.0924 6752 PNRPAutoReg - ok
19:38:19.0940 6752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:38:19.0943 6752 PNRPsvc - ok
19:38:19.0959 6752 [ B23F79E41E30ED500586151A9EF27D8F ] Point64 C:\Windows\system32\DRIVERS\point64.sys
19:38:19.0960 6752 Point64 - ok
19:38:19.0976 6752 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:38:19.0989 6752 PolicyAgent - ok
19:38:20.0038 6752 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:38:20.0047 6752 Power - ok
19:38:20.0101 6752 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:38:20.0115 6752 PptpMiniport - ok
19:38:20.0123 6752 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:38:20.0130 6752 Processor - ok
19:38:20.0159 6752 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:38:20.0171 6752 ProfSvc - ok
19:38:20.0174 6752 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:38:20.0176 6752 ProtectedStorage - ok
19:38:20.0215 6752 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:38:20.0225 6752 Psched - ok
19:38:20.0405 6752 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:38:20.0432 6752 ql2300 - ok
19:38:20.0446 6752 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:38:20.0459 6752 ql40xx - ok
19:38:20.0485 6752 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:38:20.0489 6752 QWAVE - ok
19:38:20.0497 6752 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:38:20.0499 6752 QWAVEdrv - ok
19:38:20.0510 6752 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:38:20.0519 6752 RasAcd - ok
19:38:20.0560 6752 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:38:20.0572 6752 RasAgileVpn - ok
19:38:20.0584 6752 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:38:20.0586 6752 RasAuto - ok
19:38:20.0608 6752 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:38:20.0619 6752 Rasl2tp - ok
19:38:20.0667 6752 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:38:20.0681 6752 RasMan - ok
19:38:20.0696 6752 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:38:20.0707 6752 RasPppoe - ok
19:38:20.0726 6752 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:38:20.0727 6752 RasSstp - ok
19:38:20.0754 6752 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:38:20.0766 6752 rdbss - ok
19:38:20.0774 6752 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:38:20.0782 6752 rdpbus - ok
19:38:20.0791 6752 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:38:20.0791 6752 RDPCDD - ok
19:38:20.0805 6752 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:38:20.0805 6752 RDPENCDD - ok
19:38:20.0816 6752 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:38:20.0816 6752 RDPREFMP - ok
19:38:20.0847 6752 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:38:20.0870 6752 RDPWD - ok
19:38:20.0904 6752 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:38:20.0916 6752 rdyboost - ok
19:38:20.0936 6752 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:38:20.0938 6752 RemoteAccess - ok
19:38:20.0949 6752 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:38:20.0952 6752 RemoteRegistry - ok
19:38:21.0006 6752 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
19:38:21.0026 6752 Revoflt - ok
19:38:21.0039 6752 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:38:21.0042 6752 RpcEptMapper - ok
19:38:21.0049 6752 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:38:21.0050 6752 RpcLocator - ok
19:38:21.0080 6752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:38:21.0083 6752 RpcSs - ok
19:38:21.0106 6752 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:38:21.0107 6752 rspndr - ok
19:38:21.0139 6752 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:38:21.0149 6752 RTL8167 - ok
19:38:21.0159 6752 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:38:21.0160 6752 SamSs - ok
19:38:21.0188 6752 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:38:21.0198 6752 sbp2port - ok
19:38:21.0211 6752 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:38:21.0214 6752 SCardSvr - ok
19:38:21.0234 6752 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:38:21.0240 6752 scfilter - ok
19:38:21.0352 6752 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:38:21.0374 6752 Schedule - ok
19:38:21.0395 6752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:38:21.0396 6752 SCPolicySvc - ok
19:38:21.0423 6752 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:38:21.0443 6752 SDRSVC - ok
19:38:21.0467 6752 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:38:21.0469 6752 secdrv - ok
19:38:21.0491 6752 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:38:21.0498 6752 seclogon - ok
19:38:21.0524 6752 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:38:21.0526 6752 SENS - ok
19:38:21.0537 6752 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:38:21.0539 6752 SensrSvc - ok
19:38:21.0549 6752 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:38:21.0550 6752 Serenum - ok
19:38:21.0559 6752 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:38:21.0560 6752 Serial - ok
19:38:21.0592 6752 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:38:21.0611 6752 sermouse - ok
19:38:21.0646 6752 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:38:21.0660 6752 SessionEnv - ok
19:38:21.0674 6752 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:38:21.0695 6752 sffdisk - ok
19:38:21.0713 6752 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:38:21.0719 6752 sffp_mmc - ok
19:38:21.0723 6752 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:38:21.0736 6752 sffp_sd - ok
19:38:21.0739 6752 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:38:21.0747 6752 sfloppy - ok
19:38:21.0793 6752 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:38:21.0797 6752 SharedAccess - ok
19:38:21.0823 6752 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:38:21.0838 6752 ShellHWDetection - ok
19:38:21.0856 6752 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:38:21.0863 6752 SiSRaid2 - ok
19:38:21.0882 6752 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:38:21.0891 6752 SiSRaid4 - ok
19:38:21.0958 6752 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:38:22.0030 6752 SkypeUpdate - ok
19:38:22.0100 6752 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:38:22.0121 6752 Smb - ok
19:38:22.0168 6752 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:38:22.0169 6752 SNMPTRAP - ok
19:38:22.0190 6752 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:38:22.0191 6752 spldr - ok
19:38:22.0224 6752 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:38:22.0241 6752 Spooler - ok
19:38:22.0369 6752 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:38:22.0415 6752 sppsvc - ok
19:38:22.0427 6752 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:38:22.0430 6752 sppuinotify - ok
19:38:22.0459 6752 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:38:22.0478 6752 srv - ok
19:38:22.0493 6752 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:38:22.0506 6752 srv2 - ok
19:38:22.0521 6752 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:38:22.0532 6752 srvnet - ok
19:38:22.0560 6752 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:38:22.0563 6752 SSDPSRV - ok
19:38:22.0575 6752 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:38:22.0577 6752 SstpSvc - ok
19:38:22.0610 6752 Steam Client Service - ok
19:38:22.0632 6752 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:38:22.0638 6752 stexstor - ok
19:38:22.0677 6752 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:38:22.0692 6752 stisvc - ok
19:38:22.0708 6752 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:38:22.0709 6752 swenum - ok
19:38:22.0722 6752 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:38:22.0728 6752 swprv - ok
19:38:22.0772 6752 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:38:22.0812 6752 SysMain - ok
19:38:22.0824 6752 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:38:22.0833 6752 TabletInputService - ok
19:38:22.0846 6752 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:38:22.0859 6752 TapiSrv - ok
19:38:22.0873 6752 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:38:22.0875 6752 TBS - ok
19:38:23.0012 6752 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:38:23.0039 6752 Tcpip - ok
19:38:23.0070 6752 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:38:23.0077 6752 TCPIP6 - ok
19:38:23.0104 6752 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:38:23.0113 6752 tcpipreg - ok
19:38:23.0142 6752 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:38:23.0150 6752 TDPIPE - ok
19:38:23.0159 6752 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:38:23.0167 6752 TDTCP - ok
19:38:23.0200 6752 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:38:23.0210 6752 tdx - ok
19:38:23.0224 6752 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:38:23.0225 6752 TermDD - ok
19:38:23.0253 6752 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:38:23.0270 6752 TermService - ok
19:38:23.0278 6752 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:38:23.0280 6752 Themes - ok
19:38:23.0303 6752 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:38:23.0305 6752 THREADORDER - ok
19:38:23.0321 6752 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:38:23.0323 6752 TrkWks - ok
19:38:23.0356 6752 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:38:23.0367 6752 TrustedInstaller - ok
19:38:23.0382 6752 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:38:23.0391 6752 tssecsrv - ok
19:38:23.0407 6752 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:38:23.0415 6752 TsUsbFlt - ok
19:38:23.0475 6752 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:38:23.0514 6752 tunnel - ok
19:38:23.0536 6752 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:38:23.0546 6752 uagp35 - ok
19:38:23.0687 6752 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:38:23.0740 6752 udfs - ok
19:38:23.0799 6752 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:38:23.0828 6752 UI0Detect - ok
19:38:23.0842 6752 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:38:23.0851 6752 uliagpkx - ok
19:38:23.0884 6752 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:38:23.0886 6752 umbus - ok
19:38:23.0895 6752 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:38:23.0904 6752 UmPass - ok
19:38:23.0932 6752 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:38:23.0936 6752 upnphost - ok
19:38:23.0966 6752 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:38:23.0975 6752 USBAAPL64 - ok
19:38:24.0009 6752 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:38:24.0019 6752 usbaudio - ok
19:38:24.0041 6752 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:38:24.0043 6752 usbccgp - ok
19:38:24.0051 6752 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:38:24.0059 6752 usbcir - ok
19:38:24.0083 6752 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:38:24.0084 6752 usbehci - ok
19:38:24.0120 6752 [ 2C780746DC44A28FE67004DC58173F05 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
19:38:24.0129 6752 usbfilter - ok
19:38:24.0178 6752 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:38:24.0191 6752 usbhub - ok
19:38:24.0245 6752 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:38:24.0256 6752 usbohci - ok
19:38:24.0268 6752 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:38:24.0280 6752 usbprint - ok
19:38:24.0313 6752 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:38:24.0333 6752 USBSTOR - ok
19:38:24.0359 6752 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:38:24.0382 6752 usbuhci - ok
19:38:24.0416 6752 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:38:24.0434 6752 usbvideo - ok
19:38:24.0468 6752 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:38:24.0469 6752 UxSms - ok
19:38:24.0477 6752 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:38:24.0477 6752 VaultSvc - ok
19:38:24.0503 6752 [ 84BB306B7863883018D7F3EB0C453BD5 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
19:38:24.0504 6752 VClone - ok
19:38:24.0514 6752 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:38:24.0531 6752 vdrvroot - ok
19:38:24.0562 6752 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:38:24.0574 6752 vds - ok
19:38:24.0588 6752 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:38:24.0596 6752 vga - ok
19:38:24.0604 6752 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:38:24.0605 6752 VgaSave - ok
19:38:24.0616 6752 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:38:24.0619 6752 vhdmp - ok
19:38:24.0665 6752 [ DFDF7F9CAA50EE72A633EA4BBD65A557 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:38:24.0677 6752 VIAHdAudAddService - ok
19:38:24.0701 6752 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:38:24.0710 6752 viaide - ok
19:38:24.0721 6752 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:38:24.0723 6752 volmgr - ok
19:38:24.0752 6752 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:38:24.0768 6752 volmgrx - ok
19:38:24.0781 6752 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:38:24.0785 6752 volsnap - ok
19:38:24.0810 6752 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:38:24.0820 6752 vsmraid - ok
19:38:24.0867 6752 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:38:24.0886 6752 VSS - ok
19:38:24.0895 6752 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:38:24.0896 6752 vwifibus - ok
19:38:24.0923 6752 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:38:24.0927 6752 W32Time - ok
19:38:24.0996 6752 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
19:38:25.0013 6752 W3SVC - ok
19:38:25.0027 6752 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:38:25.0035 6752 WacomPen - ok
19:38:25.0055 6752 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:38:25.0064 6752 WANARP - ok
19:38:25.0067 6752 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:38:25.0068 6752 Wanarpv6 - ok
19:38:25.0082 6752 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
19:38:25.0084 6752 WAS - ok
19:38:25.0111 6752 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:38:25.0132 6752 wbengine - ok
19:38:25.0144 6752 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:38:25.0147 6752 WbioSrvc - ok
19:38:25.0169 6752 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:38:25.0185 6752 wcncsvc - ok
19:38:25.0198 6752 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:38:25.0200 6752 WcsPlugInService - ok
19:38:25.0204 6752 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:38:25.0214 6752 Wd - ok
19:38:25.0290 6752 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:38:25.0297 6752 Wdf01000 - ok
19:38:25.0312 6752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:38:25.0314 6752 WdiServiceHost - ok
19:38:25.0317 6752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:38:25.0319 6752 WdiSystemHost - ok
19:38:25.0333 6752 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:38:25.0345 6752 WebClient - ok
19:38:25.0361 6752 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:38:25.0365 6752 Wecsvc - ok
19:38:25.0376 6752 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:38:25.0378 6752 wercplsupport - ok
19:38:25.0397 6752 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:38:25.0401 6752 WerSvc - ok
19:38:25.0412 6752 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:38:25.0433 6752 WfpLwf - ok
19:38:25.0437 6752 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:38:25.0445 6752 WIMMount - ok
19:38:25.0465 6752 WinDefend - ok
19:38:25.0470 6752 WinHttpAutoProxySvc - ok
19:38:25.0522 6752 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:38:25.0525 6752 Winmgmt - ok
19:38:25.0574 6752 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:38:25.0600 6752 WinRM - ok
19:38:25.0649 6752 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:38:25.0666 6752 WinUsb - ok
19:38:25.0699 6752 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:38:25.0708 6752 Wlansvc - ok
19:38:25.0874 6752 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:38:25.0913 6752 wlidsvc - ok
19:38:25.0945 6752 [ 7A58BA979F7ACB3FC5310C771A1CF155 ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys
19:38:25.0946 6752 WmBEnum - ok
19:38:25.0956 6752 [ 8693A75C3FFD4A0C9E32BE621FDA71FB ] WmFilter C:\Windows\system32\drivers\WmFilter.sys
19:38:25.0957 6752 WmFilter - ok
19:38:25.0977 6752 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:38:25.0978 6752 WmiAcpi - ok
19:38:26.0007 6752 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:38:26.0009 6752 wmiApSrv - ok
19:38:26.0012 6752 WMPNetworkSvc - ok
19:38:26.0034 6752 [ 3D9266CCD0F1EDB020C7AA24D527942B ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys
19:38:26.0035 6752 WmVirHid - ok
19:38:26.0046 6752 [ 3CFFDF56A00408913B1E51C67F999E2E ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys
19:38:26.0047 6752 WmXlCore - ok
19:38:26.0059 6752 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:38:26.0061 6752 WPCSvc - ok
19:38:26.0082 6752 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:38:26.0091 6752 WPDBusEnum - ok
19:38:26.0121 6752 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:38:26.0129 6752 ws2ifsl - ok
19:38:26.0145 6752 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:38:26.0147 6752 wscsvc - ok
19:38:26.0150 6752 WSearch - ok
19:38:26.0279 6752 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:38:26.0311 6752 wuauserv - ok
19:38:26.0322 6752 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:38:26.0331 6752 WudfPf - ok
19:38:26.0360 6752 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:38:26.0371 6752 WUDFRd - ok
19:38:26.0414 6752 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:38:26.0424 6752 wudfsvc - ok
19:38:26.0444 6752 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:38:26.0447 6752 WwanSvc - ok
19:38:26.0511 6752 X6va003 - ok
19:38:26.0536 6752 X6va005 - ok
19:38:26.0600 6752 X6va008 - ok
19:38:26.0654 6752 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:38:26.0660 6752 YahooAUService - ok
19:38:26.0684 6752 ================ Scan global ===============================
19:38:26.0766 6752 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:38:26.0791 6752 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:38:26.0807 6752 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
19:38:26.0827 6752 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:38:26.0889 6752 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:38:26.0895 6752 [Global] - ok
19:38:26.0896 6752 ================ Scan MBR ==================================
19:38:26.0908 6752 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:38:27.0073 6752 \Device\Harddisk0\DR0 - ok
19:38:27.0078 6752 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:38:28.0788 6752 \Device\Harddisk1\DR1 - ok
19:38:28.0793 6752 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
19:38:28.0797 6752 \Device\Harddisk2\DR2 - ok
19:38:28.0798 6752 ================ Scan VBR ==================================
19:38:28.0800 6752 [ D76AD1E64AEA1E295C086CB6396D6D1C ] \Device\Harddisk0\DR0\Partition1
19:38:28.0801 6752 \Device\Harddisk0\DR0\Partition1 - ok
19:38:28.0808 6752 [ FD67970C3FDA0D8EA55FBC5D74E814C0 ] \Device\Harddisk0\DR0\Partition2
19:38:28.0809 6752 \Device\Harddisk0\DR0\Partition2 - ok
19:38:28.0824 6752 [ 3B64EAA56F138B9EC831AE9CA27B71AA ] \Device\Harddisk0\DR0\Partition3
19:38:28.0825 6752 \Device\Harddisk0\DR0\Partition3 - ok
19:38:28.0829 6752 [ 663F54E04E809918DC9BCA74384C7000 ] \Device\Harddisk1\DR1\Partition1
19:38:28.0830 6752 \Device\Harddisk1\DR1\Partition1 - ok
19:38:28.0834 6752 [ 48AB988E7E46C3FBBA8BA5DB68049A23 ] \Device\Harddisk2\DR2\Partition1
19:38:28.0836 6752 \Device\Harddisk2\DR2\Partition1 - ok
19:38:28.0836 6752 ============================================================
19:38:28.0836 6752 Scan finished
19:38:28.0836 6752 ============================================================
19:38:28.0848 6928 Detected object count: 1
19:38:28.0848 6928 Actual detected object count: 1
19:39:00.0311 6928 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:39:00.0311 6928 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip

Alt 17.02.2013, 20:24   #10
markusg
/// Malware-holic
 
Delta Search - Standard

Delta Search



Hi,
die inis einfach löschen.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.02.2013, 21:45   #11
xreason
 
Delta Search - Standard

Delta Search



Combofix Logfile:
Code:
ATTFilter
ComboFix 13-02-15.01 - Timo 17.02.2013  20:34:08.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4094.1809 [GMT 1:00]
ausgeführt von:: c:\users\Timo\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\HBLite
c:\program files (x86)\HBLite\bin\11.0.349.0\firefox\extensions\install.rdf
c:\program files (x86)\ShoppingReport2
c:\programdata\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
c:\programdata\HBLiteSA
c:\programdata\HBLiteSA\HBLiteSA.dat
c:\programdata\HBLiteSA\HBLiteSA_hpk.dat
c:\programdata\HBLiteSA\HBLiteSA_kyf.dat
c:\programdata\HBLiteSA\HBLiteSAAbout.mht
c:\programdata\HBLiteSA\HBLiteSAau.dat
c:\programdata\HBLiteSA\HBLiteSAEULA.mht
c:\programdata\Microsoft\Windows\Start Menu\Programs\Hotbar
c:\users\Timo\AppData\Local\Temp\nswA028.tmp\System.dll
c:\users\Timo\AppData\Roaming\facemoods.com
c:\users\Timo\AppData\Roaming\HBLite
c:\users\Timo\AppData\Roaming\PriceGong
c:\users\Timo\AppData\Roaming\PriceGong\Data\1.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\a.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\b.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\c.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\d.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\e.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\f.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\g.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\h.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\i.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\J.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\k.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\l.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\m.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\n.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\o.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\p.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\q.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\r.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\s.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\t.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\u.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\v.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\w.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\x.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\y.xml
c:\users\Timo\AppData\Roaming\PriceGong\Data\z.xml
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-17 bis 2013-02-17  ))))))))))))))))))))))))))))))
.
.
2013-02-17 19:49 . 2013-02-17 19:49	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-02-17 19:49 . 2013-02-17 19:49	--------	d-----w-	c:\users\nge\AppData\Local\temp
2013-02-17 19:49 . 2013-02-17 19:49	--------	d-----w-	c:\users\DefaultAppPool\AppData\Local\temp
2013-02-17 18:16 . 2013-02-17 18:16	--------	d-----w-	C:\_OTL
2013-02-17 18:14 . 2012-07-11 16:09	64856	----a-w-	c:\windows\system32\klfphc.dll
2013-02-17 18:13 . 2013-02-17 18:13	--------	d-----w-	c:\windows\ELAMBKUP
2013-02-17 18:12 . 2013-02-17 18:12	--------	d-----w-	c:\programdata\Kaspersky Lab Setup Files
2013-02-16 21:12 . 2013-02-16 21:12	--------	d-----w-	c:\program files (x86)\Delta
2013-02-16 21:12 . 2013-02-16 21:12	--------	d-----w-	c:\users\Timo\AppData\Roaming\Delta
2013-02-16 21:11 . 2013-02-16 21:11	--------	d-----w-	c:\program files (x86)\Yontoo
2013-02-16 21:11 . 2013-02-16 21:11	--------	d-----w-	c:\programdata\Tarma Installer
2013-02-16 21:11 . 2013-02-16 21:11	--------	d-----w-	c:\programdata\Babylon
2013-02-16 21:11 . 2013-02-16 21:11	--------	d-----w-	c:\users\Timo\AppData\Roaming\Babylon
2013-02-12 10:22 . 2013-02-12 10:22	--------	d-----w-	c:\users\Timo\AppData\Local\SCE
2013-02-07 15:19 . 2013-02-07 15:19	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-01-28 18:40 . 2013-01-28 18:40	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-01-28 18:40 . 2013-01-28 18:40	859552	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-01-28 18:40 . 2013-01-28 18:40	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-17 18:48 . 2012-06-08 10:38	54104	----a-w-	c:\windows\system32\drivers\kltdi.sys
2013-02-17 18:48 . 2012-10-25 11:42	613720	----a-w-	c:\windows\system32\drivers\klif.sys
2013-02-08 12:54 . 2012-04-21 10:21	697712	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-08 12:54 . 2011-07-29 14:52	74096	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-28 18:40 . 2011-02-05 21:25	780192	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-25 13:05 . 2011-07-10 20:13	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-01-25 13:05 . 2011-03-05 23:25	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-12-23 17:03 . 2012-12-23 17:05	1184699	----a-w-	c:\windows\unins000.exe
2012-12-20 10:51 . 2011-03-05 23:25	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-12-15 12:03 . 2011-03-05 23:25	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-11-21 16:45 . 2011-04-20 08:06	682280	----a-w-	c:\windows\SysWow64\pbsvc.exe
2012-07-03 14:41 . 2012-05-27 14:10	168864	----a-w-	c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2010-03-28 19:53	353656	----a-w-	c:\program files (x86)\PriceGong\2.1.0\PriceGongIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{279384DD-3D1B-4086-8679-AA5EC7268BE1}]
2011-02-03 11:30	201728	----a-w-	c:\users\Timo\AppData\Roaming\JavaRun\IE\JavaRun.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51	3911776	----a-w-	c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
2011-05-31 12:29	88976	----a-w-	c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
2011-06-01 20:44	1236376	----a-w-	c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-01-23 12:24	247704	----a-w-	c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
2010-11-09 09:21	371320	----a-w-	c:\program files (x86)\Freeze.com\NetAssistant\NetAssistant.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2013-01-10 22:05	197920	----a-w-	c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"= "c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll" [2011-05-31 88976]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryBooster"="c:\program files (x86)\Uniblue\RegistryBooster\launcher.exe" [2011-01-21 67456]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2011-03-26 400760]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2011-02-07 438272]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-07 39408]
"Akamai NetSession Interface"="c:\users\Timo\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Steam"="h:\steam2\Steam.exe" [2013-02-15 1597864]
"ESL Wire"="c:\program files\EslWire\wire.exe" [2012-10-10 4104192]
"DU Meter"="c:\program files (x86)\DU Meter\DUMeter.exe" [2012-10-16 3822560]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-15 2369536]
"TurboV EVO"="c:\program files\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-15 9936512]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"GamingMouse"="h:\drakonia configurator\hid.exe" [2012-06-07 246784]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-02-17 356376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCommonGroups"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll
.
R1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [x]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2010-06-24 109056]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 dump_wmimmc;dump_wmimmc;c:\program files\gPotato.eu\FlyFF\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 GUCI_AVS;Generic USB Controller Interface (AVS);c:\windows\system32\DRIVERS\GUCI_AVS.sys [2009-11-06 597504]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 X6va003;X6va003;c:\users\Timo\AppData\Local\Temp\00358B1.tmp [x]
R3 X6va005;X6va005;c:\users\Timo\AppData\Local\Temp\005CDEE.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-02-17 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
S2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [2010-07-19 2231616]
S2 DUMeterSvc;DU Meter Service;c:\program files (x86)\DU Meter\DUMeterSvc.exe [2012-10-16 2051552]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2012-09-04 147472]
S2 EslWireHelper;ESL Wire Helper Service;c:\program files\EslWire\service\WireHelperSvc.exe [2012-09-04 678416]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2010-06-10 34048]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
S3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files (x86)\DU Meter\DUMETR64.SYS [2012-10-16 20528]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-25 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-25 29528]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [2010-08-30 33416]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 PlantronicsGC;PLTGC Interface;c:\windows\system32\drivers\PLTGC.sys [2011-11-05 1327104]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-01-07 45408]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 15:35	1607120	----a-w-	c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 12:54]
.
2013-02-17 c:\windows\Tasks\Free File Viewer Update Checker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-02-25 15:50]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 13:37]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-07 13:37]
.
2013-02-17 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 120328]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
"PACTray"="c:\windows\PixArt\PAP7501\PACTray.exe" [2009-06-09 319488]
"GamecomSound"="c:\program files\Plantronics\GameCom780\GameCom780.exe" [2011-12-01 777448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?affID=119370&tt=060411_def&babsrc=HP_ss&mntrId=d0c9404b000000000000bcaec51fc960
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
mSearchAssistant = hxxp://start.facemoods.com/?a=bfus&s={searchTerms}&f=4
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - (no file)
AddRemove-BittorrentBar_DE Toolbar - c:\progra~2\BITTOR~2\UNWISE.EXE
AddRemove-BrickForce - c:\brickforce\uninst.exe
AddRemove-Origin - c:\program files (x86)\Origin\OriginUninstall.exe
AddRemove-Registry Mechanic_is1 - c:\program files (x86)\Registry Mechanic\unins000.exe
AddRemove-Resident Evil 4_is1 - h:\resident evil 4\unins000.exe
AddRemove-ShoppingReport2 - c:\program files (x86)\ShoppingReport2\Uninst.exe
AddRemove-Sudden Strike II - c:\progra~2\SUDDEN~1\UNINST~1\UNWISE.EXE
AddRemove-Worms Reloaded Full-Rip - d:\spiele\Worms Reloaded Full-Rip\uninst.exe
AddRemove-Worms Reloaded_is1 - h:\worms reloaded\unins000.exe
AddRemove-{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1 - c:\program files\gPotato.eu\FlyFF\unins000.exe
AddRemove-{C6A0FD8A-F107-44CA-AA1B-49341936F76A} - c:\program files (x86)\InstallShield Installation Information\{C6A0FD8A-F107-44CA-AA1B-49341936F76A}\setup.exe
AddRemove-FoxTab PDF Creator - d:\allesw~1\Uninstall\Uninstall.exe
AddRemove-Game Organizer - c:\programdata\Easybits GO\EasyBitsGO.exe
AddRemove-soe-PlanetSide 2 - h:\planetside\uninstaller.exe
AddRemove-{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4} - c:\program files (x86)\EA Games\Battlefield Heroes\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DUMeterSvc]
"ImagePath"="c:\program files (x86)\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3772474302-332197646-2498302637-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0a,49,84,58,c2,83,01,34,e4,df,2c,13,06,81,51,94,1c,39,43,d1,c0,b0,1e,
   e1,3b,e9,94,d7,3e,11,58,82,02,73,87,29,8d,63,0a,7e,c6,38,bf,10,5a,68,c4,ed,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_USERS\S-1-5-21-3772474302-332197646-2498302637-1000\Software\SecuROM\License information*]
"datasecu"=hex:fe,45,87,97,fe,c2,f0,35,ed,7d,97,53,96,c7,ea,0a,6e,9a,2b,6e,82,
   e2,01,5d,a5,47,b0,a0,99,b0,00,c9,7c,62,92,72,0c,0b,d0,94,e3,f9,36,49,ba,a4,\
"rkeysecu"=hex:6b,e5,09,95,f7,e9,3c,79,0e,9c,7e,e9,62,f5,b6,bb
.
[HKEY_USERS\S-1-5-21-3772474302-332197646-2498302637-1000\ð* :*]
@Allowed: (Read) (RestrictedCode)
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\ASUS\TurboV EVO\TurboVHELP.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-17  21:34:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-02-17 20:34
.
Vor Suchlauf: 16 Verzeichnis(se), 47.161.585.664 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 48.817.262.592 Bytes frei
.
- - End Of File - - BEF68CE76A63BFF2A6C7481CA887C88B
         
--- --- ---

et voilà

Alt 18.02.2013, 15:10   #12
markusg
/// Malware-holic
 
Delta Search - Standard

Delta Search



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.02.2013, 23:33   #13
xreason
 
Delta Search - Standard

Delta Search



Ein bisschen spät aber hier:


Malwarebytes Anti-Malware 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.02.18.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Timo :: TIMO-PC [Administrator]

18.02.2013 17:16:51
mbam-log-2013-02-18 (17-16-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 630895
Laufzeit: 1 Stunde(n), 56 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\HBLite (Adware.HotBar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Daten: C:\Program Files (x86)\HBLite\bin\11.0.349.0\firefox\extensions -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 18.02.2013, 23:37   #14
markusg
/// Malware-holic
 
Delta Search - Standard

Delta Search



Hi,
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.02.2013, 13:37   #15
xreason
 
Delta Search - Standard

Delta Search



also soll ich ihn nicht ausfürhren sondern einfach in die uninstall list gehen?

Antwort

Themen zu Delta Search
ahnung, bestimmte, bestimmten, browser, delts search, einstellung, falsche, folge, folgendes, forum, gefährlich, hallo zusammen, internetseite, link, neu, neue, neuen, problem, schnell, search, seite, seiten, tab, wenig ahnung, windows, zusammen, öffnet



Ähnliche Themen: Delta Search


  1. babylon search und delta search als startseite im browser
    Plagegeister aller Art und deren Bekämpfung - 06.06.2014 (9)
  2. Search d.p Engine. Ist das Delta-Search? Wenn nein, egal ich werde es nicht mehr los
    Log-Analyse und Auswertung - 27.01.2014 (11)
  3. Delta Search
    Log-Analyse und Auswertung - 10.08.2013 (20)
  4. Delta Search und Babylon search - Malware durch Freeware, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (37)
  5. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (9)
  6. delta-search.com
    Plagegeister aller Art und deren Bekämpfung - 05.06.2013 (37)
  7. Delta-Search
    Plagegeister aller Art und deren Bekämpfung - 09.05.2013 (10)
  8. Delta Search die 2te
    Log-Analyse und Auswertung - 03.05.2013 (7)
  9. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (7)
  10. Delta Search mit Spybot entfernt; Delta Search taucht jedoch in neuen Tab trotzdem auf
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (10)
  11. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (6)
  12. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (10)
  13. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 22.03.2013 (9)
  14. Delta Search und Babylon Search entfernt - Ist nun alles weg?
    Log-Analyse und Auswertung - 16.03.2013 (18)
  15. Delta Search
    Plagegeister aller Art und deren Bekämpfung - 03.03.2013 (15)
  16. Delta Search Tab
    Plagegeister aller Art und deren Bekämpfung - 21.02.2013 (24)
  17. Delta Search
    Log-Analyse und Auswertung - 21.02.2013 (1)

Zum Thema Delta Search - Hallo Zusammen, Ich bin neu hier auf dem Forum neu und weiß auch nicht so genau wie das hier alles geht, habe aber trotzdem folgendes Problem: Normalerweise habe ich bei - Delta Search...
Archiv
Du betrachtest: Delta Search auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.