Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Qtrax und Sposorship= Virus?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.07.2013, 19:43   #1
Bayer92
 
Qtrax und Sposorship= Virus? - Standard

Qtrax und Sposorship= Virus?



Servus zusammen,

da ich mich leider nicht so gut mit PC- Software auskenne und mir eure Seite sehr Seriös erscheint hoffe ich, dass Ihr mir bei meinem Problem helfen könnt.

Zu meinem Problem es öffnet sich immer wieder mal sporadisch mein Browser (Opera) und öffnet dabei 2 Tabs zum einen sponsorship und Qtrax. Dies ist ziemlich nervig für mich da ich nicht weiß was da alles passiert. Z. b. ob mein PC ausspioniert wird.


VG Chris

Alt 11.07.2013, 19:43   #2
markusg
/// Malware-holic
 
Qtrax und Sposorship= Virus? - Standard

Qtrax und Sposorship= Virus?



Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 11.07.2013, 19:53   #3
Bayer92
 
Qtrax und Sposorship= Virus? - Standard

Qtrax und Sposorship= Virus?



Sorry aber irgendwie verläuft bei mir der OTL link ins nirgendwo
__________________

Alt 11.07.2013, 20:08   #4
markusg
/// Malware-holic
 
Qtrax und Sposorship= Virus? - Standard

Qtrax und Sposorship= Virus?



http://filepony.de/download-otl/
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.07.2013, 20:32   #5
Bayer92
 
Qtrax und Sposorship= Virus? - Standard

Qtrax und Sposorship= Virus?



So habs jetz durchlaufen lassen.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.07.2013 21:20:51 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 5,20 Gb Available Physical Memory | 65,93% Memory free
15,77 Gb Paging File | 12,46 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 229,70 Gb Total Space | 97,44 Gb Free Space | 42,42% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 671,54 Gb Free Space | 72,09% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 2,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Christian\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Opera\15.0.1147.141\opera_crashreporter.exe ()
PRC - C:\Program Files (x86)\Opera\15.0.1147.141\opera.exe (Opera Software)
PRC - C:\Users\Christian\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
PRC - C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (WebCake LLC)
PRC - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Users\Christian\temp\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe (ROCCAT GmbH)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Programme\Alienware\Command Center\AWCCApplicationWatcher32.exe (Alienware)
PRC - C:\Programme\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware)
PRC - C:\Programme\Alienware\Command Center\AlienFusionController.exe (Alienware)
PRC - C:\Windows\SysWOW64\CtHdaSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\AlienRespawn\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\AlienRespawn\TOASTER.EXE (SoftThinks - Dell)
PRC - C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe ()
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Opera\15.0.1147.141\opera_crashreporter.exe ()
MOD - C:\Program Files (x86)\Opera\15.0.1147.141\libglesv2.dll ()
MOD - C:\Program Files (x86)\Opera\15.0.1147.141\libegl.dll ()
MOD - C:\Program Files (x86)\Opera\15.0.1147.141\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\990123c5701a26f1d724150839811bce\System.Xml.Linq.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e698a866fd16973a24ca6697218028ad\System.ServiceModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1e8f7367eaa08c5057d78c093982f8f0\System.IdentityModel.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\54c496ff6d9d7e1c51cc343620fcc656\System.Data.DataSetExtensions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6f120c76113dc5166d2a5a5d21900f39\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll ()
MOD - C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
MOD - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\5ea93652e4752c75bc6fbb195b4eb864\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\c300c8ca0910bbffb16a244b56be6d05\System.Numerics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
MOD - C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\de-DE\SBRcni.resources.dll ()
MOD - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (BrowserDefendert) -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (TeamViewer6) -- C:\Users\Christian\temp\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Qualcomm Atheros Killer Service) -- C:\Programme\Qualcomm Atheros\Killer Network Manager\BFNService.exe ()
SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (AlienFusionService) -- C:\Programme\Alienware\Command Center\AlienFusionService.exe (Alienware)
SRV - (CtHdaSvc) -- C:\Windows\SysWOW64\CtHdaSvc.exe (Creative Technology Ltd)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (btwdins) -- c:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (SftService) -- C:\Program Files (x86)\AlienRespawn\sftservice.EXE (SoftThinks SAS)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- c:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (CTAudSvcService) -- c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (DokanMounter) -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BfLwf) -- C:\Windows\SysNative\drivers\bflwfx64.sys (Qualcomm Atheros, Inc.)
DRV:64bit: - (Ak27x64) -- C:\Windows\SysNative\drivers\Ak27x64.sys (Qualcomm Atheros, Inc.)
DRV:64bit: - (cthda) -- C:\Windows\SysNative\drivers\CtHda.sys (Creative Technology Ltd)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ST_ACCEL) -- C:\Windows\SysNative\drivers\ST_ACCEL.sys (STMicroelectronics)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (Dokan) -- C:\Windows\SysNative\drivers\dokan.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc60.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (SynthVid) -- C:\Windows\SysNative\drivers\VMBusVideoM.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)
DRV:64bit: - (SNTUSB64) -- C:\Windows\SysNative\drivers\SNTUSB64.SYS (SafeNet, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (EMSC) -- C:\Windows\SysNative\drivers\EMSC.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (aksdf) -- C:\Windows\SysNative\drivers\aksdf.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (Hardlock) -- C:\Windows\SysNative\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (EMSC) -- C:\Windows\SysWOW64\drivers\EMSC.sys (Windows (R) Win 7 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=4C22689423D65289&affID=119357&tt=180613_ndtc&tsp=4921
IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.alienwarearena.com/welcome-de
IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=4C22689423D65289&affID=119357&tt=180613_ndtc&tsp=4921
IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=4C22689423D65289&affID=119357&tt=180613_ndtc&tsp=4921
IE - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
 
[2013.06.22 16:05:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (WebCake) - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.21.5\bh\delta.dll (Delta-search.com)
O2 - BHO: (DealPly) - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [Command Center Controllers] C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe (Alienware)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Integrated Webcam Live! Central] C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROCCAT Savu Gaming Mouse] C:\Program Files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe (ROCCAT GmbH)
O4 - HKLM..\Run: [Sound Blaster Recon3Di Control Panel] c:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000..\Run: [WebCake Desktop] C:\Users\Christian\AppData\Roaming\WebCake\WebCakeDesktop.exe (WebCake LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\BfLLR.dll (Bigfoot Networks, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2841639435-1349762481-4228377861-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FB5C1C8-752A-40AA-821C-B75ED4C21FA8}: NameServer = 192.168.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{881965BF-D620-4A39-AD9D-9ECACA5C7F00}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.02.06 16:50:15 | 000,000,062 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2013.03.04 23:28:25 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{356754c2-4667-11e2-8e08-20689d6492d2}\Shell - "" = AutoRun
O33 - MountPoints2\{356754c2-4667-11e2-8e08-20689d6492d2}\Shell\AutoRun\command - "" = F:\hmh-trseg.exe -- [2013.03.04 23:24:27 | 000,472,750 | R--- | M] (                                                            )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 60 Days ==========
 
[2013.07.11 17:16:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.6
[2013.07.09 21:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.07.09 21:45:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.07.03 19:19:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Opera Software
[2013.07.03 19:19:54 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Opera Software
[2013.07.02 21:27:33 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\AVG2013
[2013.07.02 21:27:07 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.07.02 21:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.07.02 21:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013.07.02 21:15:16 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\MFAData
[2013.07.02 21:15:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.07.02 21:15:16 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Avg2013
[2013.06.27 17:46:43 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.06.27 17:46:42 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.27 17:46:42 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.06.27 17:46:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.06.27 17:46:42 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.27 17:46:42 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.06.27 17:46:42 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.06.27 17:46:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.06.27 17:46:41 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.27 17:46:41 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.06.27 17:46:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.06.27 17:46:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.27 17:46:41 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.27 17:46:41 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.27 17:46:41 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.06.27 17:37:57 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.06.27 17:37:57 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.06.27 17:37:57 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.06.27 17:37:57 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.06.27 17:37:55 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.27 17:37:19 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.27 17:37:19 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.27 17:37:19 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.27 17:37:19 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.27 17:37:19 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.27 17:37:19 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.27 17:37:09 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.27 17:37:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.27 17:37:02 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.27 17:37:02 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.27 17:36:21 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.27 17:36:21 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.27 17:36:20 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.06.27 17:36:20 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.06.27 17:36:20 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.06.22 16:06:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.06.22 16:06:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.06.22 16:06:14 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013.06.22 16:06:12 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.06.22 16:05:51 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\BabSolution
[2013.06.22 16:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.06.22 16:05:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013.06.22 16:05:01 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\WebCake
[2013.06.22 16:05:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebCake
[2013.06.22 16:04:34 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Google
[2013.06.22 16:04:34 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
[2013.06.22 16:04:34 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\DealPly
[2013.06.22 16:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2013.06.22 16:04:30 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\DSite
[2013.06.22 16:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.06.22 16:04:26 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Babylon
[2013.06.21 19:29:14 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\iLivid
[2013.05.25 14:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
 
========== Files - Modified Within 60 Days ==========
 
[2013.07.11 21:04:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013.07.11 20:14:44 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.11 20:14:44 | 000,696,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.11 20:14:44 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.11 20:14:44 | 000,148,134 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.11 20:14:44 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.11 18:04:04 | 000,000,005 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\WBPU-TTL.DAT
[2013.07.11 18:04:04 | 000,000,005 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q5-TTL.DAT
[2013.07.11 17:22:57 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.11 17:22:57 | 000,021,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.11 17:15:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.11 17:15:40 | 2054,926,335 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.09 23:04:32 | 000,000,005 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q4-TTL.DAT
[2013.07.09 21:45:41 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.07.07 00:04:11 | 000,000,005 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q3-TTL.DAT
[2013.07.02 23:01:36 | 000,004,677 | ---- | M] () -- C:\Users\Christian\Desktop\Wacker.odt
[2013.06.29 14:23:59 | 000,000,005 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q2-TTL.DAT
[2013.06.29 00:12:21 | 809,614,649 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.27 21:30:35 | 000,353,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.27 17:36:42 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.06.22 19:21:52 | 000,956,936 | ---- | M] () -- C:\Users\Christian\Desktop\Dok1.odt
[2013.06.11 20:45:25 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Alienware Command Center.lnk
[2013.05.28 15:26:56 | 000,868,092 | ---- | M] () -- C:\Users\Christian\Desktop\20130528_1521_germany-VK3601H_18_cliff.wotreplay
[2013.05.17 05:09:56 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.17 05:01:13 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.17 05:00:22 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.17 04:56:09 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.17 04:56:00 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.17 04:55:59 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.17 04:54:09 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.17 04:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.17 04:46:31 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.17 00:27:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.17 00:26:07 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.17 00:21:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.17 00:21:34 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.17 00:17:21 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.17 00:12:55 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.13 07:51:00 | 001,464,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.05.13 07:51:00 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.05.13 07:50:40 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.05.13 05:43:55 | 001,192,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.05.13 05:08:10 | 000,903,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.05.13 05:08:06 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
 
========== Files Created - No Company Name ==========
 
[2013.07.11 18:04:04 | 000,000,005 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q5-TTL.DAT
[2013.07.09 23:04:32 | 000,000,005 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q4-TTL.DAT
[2013.07.05 02:04:42 | 000,000,005 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q3-TTL.DAT
[2013.07.03 19:19:54 | 000,001,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.07.03 19:14:49 | 000,001,258 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.07.02 23:01:36 | 000,004,677 | ---- | C] () -- C:\Users\Christian\Desktop\Wacker.odt
[2013.07.02 21:27:18 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.06.23 00:04:26 | 000,000,005 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\WBPU-Q2-TTL.DAT
[2013.06.22 20:04:04 | 000,000,005 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\WBPU-TTL.DAT
[2013.06.22 16:04:31 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013.06.11 20:45:10 | 000,662,518 | ---- | C] () -- C:\Users\Christian\Desktop\AW-CO4.jpg
[2013.05.28 15:26:55 | 000,868,092 | ---- | C] () -- C:\Users\Christian\Desktop\20130528_1521_germany-VK3601H_18_cliff.wotreplay
[2013.05.04 08:15:57 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.EXE
[2013.05.04 08:15:57 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\hdsuinst.exe
[2013.05.04 08:15:57 | 000,006,836 | ---- | C] () -- C:\Windows\SysWow64\UNWISE.INI
[2013.02.16 20:03:23 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2013.02.16 13:45:40 | 000,007,618 | ---- | C] () -- C:\Users\Christian\AppData\Local\Resmon.ResmonCfg
[2013.02.16 12:03:20 | 000,000,020 | ---- | C] () -- C:\Windows\Crocclip.INI
[2012.12.22 00:26:12 | 000,280,600 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.22 00:26:11 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.08 02:08:37 | 000,734,772 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.12.08 02:08:36 | 000,557,476 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.12.08 02:08:33 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.08 02:08:31 | 012,978,688 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.12.08 02:08:28 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.12.08 02:08:28 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.12.08 02:08:27 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.12.08 00:30:59 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012.12.08 00:30:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.16 00:13:58 | 000,022,384 | ---- | C] () -- C:\Windows\SysWow64\LightFX.dll
[2012.03.07 22:54:30 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2012.03.07 22:54:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.01.11 04:39:16 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.07.02 21:27:33 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\AVG2013
[2013.06.22 16:05:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\BabSolution
[2013.06.22 16:04:26 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Babylon
[2012.12.16 15:31:24 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite
[2013.06.22 16:04:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DealPly
[2013.06.22 16:04:30 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DSite
[2013.02.25 23:59:21 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICAClient
[2012.12.16 15:29:43 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\OpenCandy
[2013.07.03 19:14:50 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Opera
[2013.07.03 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Opera Software
[2013.06.09 19:26:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Origin
[2012.12.19 20:25:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PCDr
[2013.01.11 22:41:34 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TeamViewer
[2013.07.11 21:15:41 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TS3Client
[2013.07.02 21:27:17 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software
[2013.01.03 16:48:45 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Wargaming.net
[2013.06.22 16:05:02 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\WebCake
[2013.07.09 21:45:41 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.07.09 21:45:41 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.07.02 21:27:07 | 000,000,000 | -H-D | M] -- C:\$AVG
[2013.06.25 23:46:15 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.12.08 00:35:57 | 000,000,000 | ---D | M] -- C:\Apps
[2013.07.06 12:46:55 | 000,000,000 | ---D | M] -- C:\bnwin
[2013.07.10 21:12:07 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2013.05.04 10:07:52 | 000,000,000 | ---D | M] -- C:\DdsCr
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.12.13 21:35:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.04.27 19:12:39 | 000,000,000 | ---D | M] -- C:\Games
[2012.12.07 17:14:59 | 000,000,000 | ---D | M] -- C:\Intel
[2013.01.02 20:57:14 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2013.06.25 18:29:54 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.07.06 11:47:24 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.07.06 08:00:33 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012.12.13 21:35:35 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.12.13 21:40:06 | 000,000,000 | -HSD | M] -- C:\System Recovery
[2013.07.11 21:22:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.01.28 22:17:24 | 000,000,000 | ---D | M] -- C:\Temp
[2012.12.13 21:35:37 | 000,000,000 | R--D | M] -- C:\Users
[2013.06.29 00:12:21 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 05:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 07:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2013.06.22 16:04:31 | 000,000,300 | ---- | C] () -- C:\Windows\Tasks\DSite.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2012.12.08 02:11:44 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012.12.08 02:11:44 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012.12.08 02:11:44 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012.12.08 02:11:44 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012.12.08 02:11:44 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012.12.08 02:11:44 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2011.12.29 06:14:04 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.12.29 06:14:04 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_9c981fcb416c038e\iaStor.sys
[2011.12.29 06:14:04 | 000,568,600 | ---- | M] (Intel Corporation) MD5=C224331A54571C8C9162F7714400BBBD -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_b6f2349de4a55e89\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2012.12.08 02:11:41 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2012.12.08 02:11:41 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2012.12.08 02:11:41 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2012.12.08 02:11:41 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2012.12.08 02:11:41 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2012.12.08 02:11:41 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2012.12.08 02:11:41 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2012.12.08 02:11:41 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.07.11 21:26:42 | 001,835,008 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT
[2013.07.11 21:26:42 | 000,262,144 | -HS- | M] () -- C:\Users\Christian\ntuser.dat.LOG1
[2012.12.13 21:35:37 | 000,000,000 | -HS- | M] () -- C:\Users\Christian\ntuser.dat.LOG2
[2012.12.13 22:38:33 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.12.13 22:38:33 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.12.13 22:38:33 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.12.13 21:35:37 | 000,000,020 | -HS- | M] () -- C:\Users\Christian\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.07.2013 21:20:51 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 5,20 Gb Available Physical Memory | 65,93% Memory free
15,77 Gb Paging File | 12,46 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 229,70 Gb Total Space | 97,44 Gb Free Space | 42,42% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 671,54 Gb Free Space | 72,09% Space Free | Partition Type: NTFS
Drive F: | 7,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 2,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0012667F-85A4-46A8-9E38-4380256D5A6C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{05ABF955-AB0E-46D0-8100-67FF4C7CB10E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe | 
"{0993FF61-8F7B-4632-94D2-A975BDEFA6F0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{0A55795B-0C52-491F-AA6C-4CE99551051C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{22E5CC68-229C-45C9-A34A-B194CEAC21BA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{35F46485-17FD-4610-9F07-34B1CC045AEF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{36EBED36-9BC1-4ABF-A200-586D475419C5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | 
"{3A0A5119-57E2-41A9-82A0-591062F601E9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{417CB69D-EAC5-4C95-B63E-7200CCF6EBB5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{45CC82C1-8D54-4483-83E4-834008E6304C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{61C04A07-1C38-453F-A03D-63C57845D496}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{63DFCF91-999F-47F4-9B44-455431852BDB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{66532C9E-F412-4282-B0F4-ADE71AABFE31}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{66C7253D-F3D2-46B3-B60A-4B1CD9B660C0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | 
"{6EEACE16-3E1F-4618-B751-C1E759A22340}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{72C34376-5D32-460D-880A-1113A5E6C2E6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{77D3C8F8-9921-43F5-BE60-A085C634B0AF}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{7BC311DE-73D5-4981-895C-85674549EEBF}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{8114CC27-85E5-4C3D-8B2D-9651F0EB5F85}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{83F7A8B4-ECEE-4023-8671-0DABA2C06A6A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{8AA3CC8F-E610-4BA2-88CB-DCC068A30D65}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8FA5C6B4-CC8C-4906-ADB0-EF788B67B2F7}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{92E004A0-6D7D-48F0-84C0-FC786A453B36}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | 
"{ABD20274-1483-4022-B594-8C469F4D1589}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{AD020905-60D6-475B-8B15-E7523FD96533}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{B04F80D7-079B-4351-A65A-4A8AD1758A49}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{B178FFA9-8D3B-4C44-9645-49D17B088D45}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{B1DA8C51-E6C3-4B15-983E-B7622C3670E5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{BFB9A66D-F2E9-4E73-9C8B-C0A84D0279B4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{C37A472C-852C-42E7-B0FA-57E610BD43EB}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | 
"{C628EEA9-4F82-4373-AF93-740EAA0C51F5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{C65F5FBB-F96F-49BD-9DF2-C7D26E7C535C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D16075EF-0652-4B17-B1EC-FFEBCF889BE4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"{DDEB3411-DAE3-4FAA-81F3-D9056AE750D2}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{E3094945-A5C8-49E8-85DB-041440089431}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{F450A5E4-325B-48E9-8A40-5B0029ED3B5D}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"{FE7EA086-61E2-48E9-A812-CB8FE83D1D89}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe | 
"TCP Query User{0D9F9BA5-1988-43D8-8F88-39D30F4A7D0E}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{3113153A-C0CC-452B-9541-E79885D7202D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{6BA78B6B-6748-47AC-B220-077096F99E33}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe | 
"TCP Query User{9DD745C4-DE2C-493B-B8BA-7E94BC63C8FC}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{AB4E7A25-506D-47D7-9076-554DE7C62B0D}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{D945E8C3-12B1-4FF5-AA91-A937CA599B64}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"TCP Query User{E06DEAC3-C1FC-476C-8451-52E82495EBA2}C:\games\world_of_tanks - kopie\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks - kopie\worldoftanks.exe | 
"TCP Query User{F0A2CBE5-3050-4FD1-836F-C2FE6C4E0745}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"UDP Query User{26A75F1B-D840-4276-A18A-4096E1F8DC1E}C:\games\world_of_tanks_ct\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks_ct\wotlauncher.exe | 
"UDP Query User{371C5B42-7FC3-48E9-92F2-3177DD25E826}C:\games\world_of_tanks - kopie\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks - kopie\worldoftanks.exe | 
"UDP Query User{428BA9DE-DD6F-478A-B1AA-2591DB583B91}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"UDP Query User{70508FC7-7E32-4385-AD6E-797695C75BDC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{7AD88413-C3CC-467B-9507-96FCB6A4C111}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"UDP Query User{7E413ACE-6F22-4D3B-B39B-275B0297E6C4}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{9C2C5600-B6B0-42EA-AE03-1D4A708A451A}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{EEBD81A0-F961-45E0-B46F-59C320CB2ABB}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1951928B-0BA3-03EF-A6C3-AA1BA09386FF}" = ccc-utility64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{538B98C3-773F-4F20-9C66-802D104DCBE2}" = Intel® Trusted Connect Service Client
"{78B5B205-2F59-4D96-9D83-DEB94CD5229B}" = AVG 2013
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{993FE4D0-F7BB-F48A-9D70-E301142D282D}" = AMD Catalyst Install Manager
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
"{AE7891D8-2340-4CD6-BA0A-6C8C01F7B4B4}" = AVG 2013
"{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}" = WebCake 3.00
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}" = Alienware Command Center
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PC-Doctor for Windows" = AlienAutopsy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0049934D-30CA-8FC0-7C12-EE7184E96E7F}" = CCC Help Russian
"{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = AlienRespawn
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserDefender
"{187C351F-6116-AAB7-903A-917D0A07596F}" = CCC Help Spanish
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1" = World of Tanks - Common Test
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{27521D03-28DE-CF65-E270-05F7F058EEC2}" = CCC Help Chinese Traditional
"{29104819-77A7-FA53-1A47-DC336836E4B2}" = CCC Help Italian
"{2C6ED207-F7D0-9489-26DD-6CEC59523219}" = Catalyst Control Center Localization All
"{32A4F64A-3BBA-505A-6DCC-7245D23E1A4A}" = PX Profile Update
"{3329A007-9AA2-C904-0CAC-CF47B7CBCA14}" = CCC Help Dutch
"{3B591BD7-F4E7-B4AA-F22E-18188180F988}" = Catalyst Control Center
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{48379835-BF2E-4487-9CB1-D5E654502B53}" = Medal of Honor™ Warfighter
"{4B7CAFE4-9ABA-85A9-8B80-9FB44E8177F9}" = CCC Help Japanese
"{51FDC2DE-0917-46B7-EAEC-5377504701DE}" = PowerXpressHybrid
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6BF39FC4-586C-FABD-A962-AD1562A2FCDD}" = CCC Help English
"{6F4B8EA6-4546-4160-A05F-0706F7DC1EFF}" = Savu Mouse
"{7170F93F-6B61-4DC1-A664-0E222744CEC7}" = Citrix Online Plug-in (DV)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77E945F2-BB8B-D2B1-4190-5774A0E8DE51}" = CCC Help Chinese Standard
"{7AFAD3CC-CA62-E317-EE00-1BA2139E4C33}" = CCC Help Swedish
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8F081FB1-6D7D-54B7-26BC-C562B644E1D1}" = CCC Help Finnish
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}" = ST Microelectronics 3 Axis Digital Accelerometer Solution
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01
"{A5F2EBB1-41CD-4B2D-937E-1C63792FFC45}" = kwp-bnWin.net
"{A62B243F-3A4D-4001-C55A-1B5E8AB05383}" = Catalyst Control Center InstallProxy
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = AlienRespawn - Support Software
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{AE66F944-596A-4D09-9A1C-DAF3DE836991}" = Citrix Online Plug-in (HDX)
"{B1CBD9A4-D8E7-C1E5-7134-2D5DBCAC2943}" = CCC Help French
"{C45E715E-442E-4D82-BD46-A08A0870957C}" = Sound Blaster Recon3Di Extras
"{C4A6253A-9139-4A7F-E848-C9E0E4504E09}" = CCC Help German
"{C65826F1-CFB4-4F0D-55D7-CB0FA1F69844}" = CCC Help Korean
"{C8AAFCDC-CD3A-40AD-9FA9-07FB70F08224}" = Sound Blaster Recon3Di
"{CFB89DE9-C8FD-4D33-986A-DBDEC5309378}" = Catalyst Control Center - Branding
"{D308FCBE-FB4A-4F49-A24A-378F255098D8}" = DDS-CAD 7.2
"{D641760F-FE66-4655-99B9-59A451F2FFAB}" = Citrix Online Plug-in (USB)
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{DFDE5A58-AA42-1446-DAD2-E611E4768CC7}" = CCC Help Portuguese
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0CECD5B-17C6-9576-2B13-E92520912D97}" = CCC Help Norwegian
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9F0C5D5-AAE5-45FA-95C2-CA1EE0FA067A}" = Citrix Online Plug-in (Web)
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"{FF86F3A1-FFEE-3037-659E-DC5AF48D06C3}" = CCC Help Danish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"DAEMON Tools Lite" = DAEMON Tools Lite
"DealPly" = DealPly (remove only)
"delta" = Delta toolbar  
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"DokanLibrary" = Dokan Library 0.6.0
"HASP HL Device Driver" = HASP HL Device Driver
"InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}" = Alienware On-Screen Display
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.6
"InstallShield_{DF446558-ADF7-4884-9B2D-281979CCE71F}" = Qualcomm Atheros Killer Network Manager
"InstallShield_{FD1AE10F-163C-4D4B-9FCE-AC667AF1DC6E}" = Alienware Command Center
"Integrated Webcam Live! Central" = Integrated Webcam Live! Central
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Opera 15.0.1147.141" = Opera Stable 15.0.1147.141
"Origin" = Origin
"Polysun 5.3.12.13149" = Polysun 5.3.12.13149
"PunkBusterSvc" = PunkBuster Services
"Tabellenbuch Elektrotechnik 2.0" = Tabellenbuch Elektrotechnik 2.0
"Tomb Raider_is1" = Tomb Raider
"Uplay" = Uplay
"VDE-Anwendungsprogramm" = VDE-Anwendungsprogramm 8.1.1.42
"Worms Reloaded_is1" = Worms Reloaded
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2841639435-1349762481-4228377861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DealPly" = DealPly
"DSite" = Update for Zip Opener
"SOE-C:/Users/Christian/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2 PSG" = gamelauncher-ps2-psg
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.05.2013 12:09:59 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 17.05.2013 10:48:42 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.05.2013 11:33:56 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.05.2013 01:53:37 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.05.2013 03:27:11 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.05.2013 09:35:58 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.05.2013 18:36:12 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 19.05.2013 05:44:56 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.05.2013 06:57:26 | Computer Name = Christian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.05.2013 18:30:15 | Computer Name = Christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\ATI\CIM\Bin64\SetACL64.exe".
Die
 abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 25.04.2013 17:48:46 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 25.04.2013 17:48:47 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.04.2013 15:24:48 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 27.04.2013 13:11:53 | Computer Name = Christian-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 27.04.2013 18:18:26 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 28.04.2013 16:35:38 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 29.04.2013 16:09:22 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.04.2013 17:24:41 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.04.2013 17:34:38 | Computer Name = Christian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Qualcomm Atheros Killer Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 30.04.2013 18:15:48 | Computer Name = Christian-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---


hoffe das passt so.


Alt 11.07.2013, 20:47   #6
markusg
/// Malware-holic
 
Qtrax und Sposorship= Virus? - Standard

Qtrax und Sposorship= Virus?



Hi,
sieht eher ungefährlich aus, Adware.
wir schaun aber erst mal weiter.

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
--> Qtrax und Sposorship= Virus?

Alt 11.07.2013, 20:55   #7
Bayer92
 
Qtrax und Sposorship= Virus? - Standard

Qtrax und Sposorship= Virus?



Hi,
hab alles so gemacht wie in der Anweisung

21:50:32.0582 12876 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:50:33.0035 12876 ============================================================
21:50:33.0035 12876 Current date / time: 2013/07/11 21:50:33.0035
21:50:33.0035 12876 SystemInfo:
21:50:33.0035 12876
21:50:33.0035 12876 OS Version: 6.1.7601 ServicePack: 1.0
21:50:33.0035 12876 Product type: Workstation
21:50:33.0035 12876 ComputerName: CHRISTIAN-PC
21:50:33.0035 12876 UserName: Christian
21:50:33.0035 12876 Windows directory: C:\Windows
21:50:33.0035 12876 System windows directory: C:\Windows
21:50:33.0035 12876 Running under WOW64
21:50:33.0035 12876 Processor architecture: Intel x64
21:50:33.0035 12876 Number of processors: 8
21:50:33.0035 12876 Page size: 0x1000
21:50:33.0035 12876 Boot type: Normal boot
21:50:33.0035 12876 ============================================================
21:50:33.0185 12876 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:50:33.0185 12876 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:50:33.0189 12876 ============================================================
21:50:33.0189 12876 \Device\Harddisk0\DR0:
21:50:33.0189 12876 MBR partitions:
21:50:33.0189 12876 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1178000
21:50:33.0189 12876 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x118C000, BlocksNum 0x1CB66000
21:50:33.0189 12876 \Device\Harddisk1\DR1:
21:50:33.0190 12876 MBR partitions:
21:50:33.0190 12876 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x2000, BlocksNum 0x74704000
21:50:33.0190 12876 ============================================================
21:50:33.0191 12876 C: <-> \Device\Harddisk0\DR0\Partition2
21:50:33.0786 12876 D: <-> \Device\Harddisk1\DR1\Partition1
21:50:33.0786 12876 ============================================================
21:50:33.0786 12876 Initialize success
21:50:33.0786 12876 ============================================================
21:51:01.0973 11804 ============================================================
21:51:01.0973 11804 Scan started
21:51:01.0973 11804 Mode: Manual; SigCheck; TDLFS;
21:51:01.0973 11804 ============================================================
21:51:02.0116 11804 ================ Scan system memory ========================
21:51:02.0116 11804 System memory - ok
21:51:02.0117 11804 ================ Scan services =============================
21:51:02.0142 11804 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:51:02.0182 11804 1394ohci - ok
21:51:02.0187 11804 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:51:02.0198 11804 ACPI - ok
21:51:02.0200 11804 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:51:02.0218 11804 AcpiPmi - ok
21:51:02.0222 11804 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:51:02.0230 11804 AdobeARMservice - ok
21:51:02.0237 11804 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:51:02.0249 11804 adp94xx - ok
21:51:02.0254 11804 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:51:02.0265 11804 adpahci - ok
21:51:02.0269 11804 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:51:02.0278 11804 adpu320 - ok
21:51:02.0281 11804 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:51:02.0304 11804 AeLookupSvc - ok
21:51:02.0310 11804 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:51:02.0324 11804 AFD - ok
21:51:02.0326 11804 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:51:02.0334 11804 agp440 - ok
21:51:02.0360 11804 [ 3E675F96034C90A4A3DFFBDD714A22AE ] Ak27x64 C:\Windows\system32\DRIVERS\Ak27x64.sys
21:51:02.0404 11804 Ak27x64 - ok
21:51:02.0409 11804 [ BC569A6C209D94F6643EE35710AEC1F6 ] aksdf C:\Windows\system32\DRIVERS\aksdf.sys
21:51:02.0417 11804 aksdf - ok
21:51:02.0420 11804 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:51:02.0429 11804 ALG - ok
21:51:02.0433 11804 [ CE8A16A035F697D69DD2E6152DA05B8C ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
21:51:02.0440 11804 AlienFusionService - ok
21:51:02.0442 11804 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:51:02.0449 11804 aliide - ok
21:51:02.0453 11804 [ A29A10AB5DB8A12576989AE348814805 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:51:02.0477 11804 AMD External Events Utility - ok
21:51:02.0480 11804 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:51:02.0487 11804 amdide - ok
21:51:02.0489 11804 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:51:02.0498 11804 AmdK8 - ok
21:51:02.0565 11804 [ 288EB089133CDE5349CC4AF02D5569BB ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:51:02.0661 11804 amdkmdag - ok
21:51:02.0667 11804 [ ED3524BF7EDB33CB06C44B7B7BED4E2E ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:51:02.0682 11804 amdkmdap - ok
21:51:02.0685 11804 [ 554FB0F28C411FB1EAFD4EA46A8CAAA4 ] amdkmpfd C:\Windows\system32\DRIVERS\amdkmpfd.sys
21:51:02.0691 11804 amdkmpfd - ok
21:51:02.0694 11804 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:51:02.0703 11804 AmdPPM - ok
21:51:02.0706 11804 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:51:02.0715 11804 amdsata - ok
21:51:02.0719 11804 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:51:02.0728 11804 amdsbs - ok
21:51:02.0729 11804 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:51:02.0737 11804 amdxata - ok
21:51:02.0740 11804 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:51:02.0767 11804 AppID - ok
21:51:02.0769 11804 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:51:02.0790 11804 AppIDSvc - ok
21:51:02.0793 11804 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
21:51:02.0802 11804 Appinfo - ok
21:51:02.0807 11804 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
21:51:02.0818 11804 AppMgmt - ok
21:51:02.0820 11804 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
21:51:02.0828 11804 arc - ok
21:51:02.0831 11804 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:51:02.0839 11804 arcsas - ok
21:51:02.0847 11804 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:51:02.0854 11804 aspnet_state - ok
21:51:02.0856 11804 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:51:02.0877 11804 AsyncMac - ok
21:51:02.0880 11804 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:51:02.0887 11804 atapi - ok
21:51:02.0897 11804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:51:02.0922 11804 AudioEndpointBuilder - ok
21:51:02.0928 11804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:51:02.0952 11804 AudioSrv - ok
21:51:02.0988 11804 [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
21:51:03.0045 11804 AVGIDSAgent - ok
21:51:03.0050 11804 [ 139BD30C32BEE830D0CF39C5324D79DE ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:51:03.0059 11804 AVGIDSDriver - ok
21:51:03.0061 11804 [ 2940FACB6EF92BD1936E4A1E2502468E ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
21:51:03.0069 11804 AVGIDSHA - ok
21:51:03.0073 11804 [ 54B66C4AEEC6C4F742F3569EBA03EBB8 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
21:51:03.0081 11804 Avgldx64 - ok
21:51:03.0087 11804 [ 13667B5D6310228A9FEF2BA5FCD9081F ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
21:51:03.0096 11804 Avgloga - ok
21:51:03.0099 11804 [ BE82F9A1F2CCF4CE746D0C645D94079E ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
21:51:03.0107 11804 Avgmfx64 - ok
21:51:03.0110 11804 [ 5D11620DEF66F9DC9468FEE385A8429B ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
21:51:03.0117 11804 Avgrkx64 - ok
21:51:03.0121 11804 [ 69BD90E337625F96C718CACE7A9C9E29 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
21:51:03.0130 11804 Avgtdia - ok
21:51:03.0135 11804 [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
21:51:03.0145 11804 avgwd - ok
21:51:03.0150 11804 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:51:03.0170 11804 AxInstSV - ok
21:51:03.0176 11804 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:51:03.0189 11804 b06bdrv - ok
21:51:03.0194 11804 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:51:03.0205 11804 b57nd60a - ok
21:51:03.0210 11804 [ BC88D56376CCFAF08BE25E33A7046D1F ] bcbtums C:\Windows\system32\drivers\bcbtums.sys
21:51:03.0218 11804 bcbtums - ok
21:51:03.0221 11804 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:51:03.0230 11804 BDESVC - ok
21:51:03.0233 11804 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:51:03.0254 11804 Beep - ok
21:51:03.0263 11804 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
21:51:03.0289 11804 BFE - ok
21:51:03.0293 11804 [ 92A1B95CFC9E931FDA4FFE75DF87D72B ] BfLwf C:\Windows\system32\DRIVERS\bflwfx64.sys
21:51:03.0300 11804 BfLwf - ok
21:51:03.0309 11804 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:51:03.0339 11804 BITS - ok
21:51:03.0341 11804 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:51:03.0350 11804 blbdrive - ok
21:51:03.0354 11804 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:51:03.0363 11804 bowser - ok
21:51:03.0365 11804 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:51:03.0376 11804 BrFiltLo - ok
21:51:03.0378 11804 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:51:03.0388 11804 BrFiltUp - ok
21:51:03.0392 11804 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:51:03.0403 11804 Browser - ok
21:51:03.0426 11804 [ 013A330F16B1CECBDE5CB6F921689523 ] BrowserDefendert C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
21:51:03.0461 11804 BrowserDefendert - ok
21:51:03.0466 11804 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:51:03.0478 11804 Brserid - ok
21:51:03.0480 11804 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:51:03.0491 11804 BrSerWdm - ok
21:51:03.0493 11804 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:51:03.0502 11804 BrUsbMdm - ok
21:51:03.0504 11804 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:51:03.0512 11804 BrUsbSer - ok
21:51:03.0515 11804 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:51:03.0524 11804 BthEnum - ok
21:51:03.0527 11804 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:51:03.0537 11804 BTHMODEM - ok
21:51:03.0539 11804 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:51:03.0550 11804 BthPan - ok
21:51:03.0557 11804 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:51:03.0569 11804 BTHPORT - ok
21:51:03.0572 11804 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:51:03.0593 11804 bthserv - ok
21:51:03.0596 11804 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:51:03.0606 11804 BTHUSB - ok
21:51:03.0614 11804 [ 30E157AB82EE7406F526ED80896D2431 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
21:51:03.0626 11804 btwampfl - ok
21:51:03.0630 11804 [ 824E7A93F491414B6BF496D29CB14331 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:51:03.0638 11804 btwaudio - ok
21:51:03.0642 11804 [ 9C7A3858D87F3A2574C1D326CA6C1461 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
21:51:03.0651 11804 btwavdt - ok
21:51:03.0662 11804 [ 23532AEB64352440B38C6923A0BFCB2B ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:51:03.0679 11804 btwdins - ok
21:51:03.0681 11804 [ B1ACFD00CDD13B48D86F46BFEC153BF9 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:51:03.0688 11804 btwl2cap - ok
21:51:03.0690 11804 [ BB892C59D453E127797F8C5B203678DC ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:51:03.0697 11804 btwrchid - ok
21:51:03.0699 11804 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:51:03.0721 11804 cdfs - ok
21:51:03.0725 11804 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:51:03.0735 11804 cdrom - ok
21:51:03.0738 11804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:51:03.0759 11804 CertPropSvc - ok
21:51:03.0761 11804 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
21:51:03.0771 11804 circlass - ok
21:51:03.0776 11804 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:51:03.0787 11804 CLFS - ok
21:51:03.0794 11804 [ FC9946B9121978E38943C2D20F129377 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
21:51:03.0803 11804 CLKMSVC10_9EC60124 - ok
21:51:03.0809 11804 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:51:03.0816 11804 clr_optimization_v2.0.50727_32 - ok
21:51:03.0820 11804 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:51:03.0828 11804 clr_optimization_v2.0.50727_64 - ok
21:51:03.0834 11804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:51:03.0841 11804 clr_optimization_v4.0.30319_32 - ok
21:51:03.0845 11804 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:51:03.0852 11804 clr_optimization_v4.0.30319_64 - ok
21:51:03.0855 11804 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:51:03.0863 11804 CmBatt - ok
21:51:03.0865 11804 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:51:03.0873 11804 cmdide - ok
21:51:03.0879 11804 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:51:03.0894 11804 CNG - ok
21:51:03.0897 11804 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:51:03.0905 11804 Compbatt - ok
21:51:03.0908 11804 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:51:03.0917 11804 CompositeBus - ok
21:51:03.0922 11804 COMSysApp - ok
21:51:03.0940 11804 [ F3D0368E158CFB62BE63BA7B4B7EC507 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:51:03.0950 11804 cphs - ok
21:51:03.0952 11804 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:51:03.0960 11804 crcdisk - ok
21:51:03.0962 11804 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
21:51:03.0965 11804 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning
21:51:03.0965 11804 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)
21:51:03.0968 11804 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
21:51:03.0971 11804 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
21:51:03.0971 11804 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
21:51:03.0976 11804 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:51:03.0987 11804 CryptSvc - ok
21:51:03.0993 11804 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
21:51:04.0006 11804 CSC - ok
21:51:04.0015 11804 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
21:51:04.0029 11804 CscService - ok
21:51:04.0035 11804 [ EDBA1382E5D7D1E71442B43E170CF8D4 ] CTAudSvcService c:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
21:51:04.0041 11804 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
21:51:04.0041 11804 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
21:51:04.0045 11804 [ DF214BFF646880D0EB31BDC86136B29B ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
21:51:04.0055 11804 CtClsFlt - ok
21:51:04.0067 11804 [ 210486A236B236B0C5B159C6BC414776 ] cthda C:\Windows\system32\drivers\cthda.sys
21:51:04.0084 11804 cthda - ok
21:51:04.0088 11804 [ D494394738C8F44EB4E5765B797CC75B ] CtHdaSvc C:\Windows\sysWow64\CtHdaSvc.exe
21:51:04.0096 11804 CtHdaSvc - ok
21:51:04.0099 11804 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
21:51:04.0107 11804 ctxusbm - ok
21:51:04.0114 11804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:51:04.0140 11804 DcomLaunch - ok
21:51:04.0145 11804 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:51:04.0169 11804 defragsvc - ok
21:51:04.0172 11804 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:51:04.0193 11804 DfsC - ok
21:51:04.0198 11804 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:51:04.0210 11804 Dhcp - ok
21:51:04.0212 11804 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:51:04.0234 11804 discache - ok
21:51:04.0236 11804 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
21:51:04.0245 11804 Disk - ok
21:51:04.0247 11804 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
21:51:04.0256 11804 dmvsc - ok
21:51:04.0260 11804 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:51:04.0270 11804 Dnscache - ok
21:51:04.0274 11804 [ FA122BC1451B1B35B7814FBE1ACF1924 ] Dokan C:\Windows\system32\drivers\dokan.sys
21:51:04.0283 11804 Dokan - ok
21:51:04.0286 11804 [ 8C856E531A1170F53AC6844E89CD0B5F ] DokanMounter C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
21:51:04.0288 11804 DokanMounter ( UnsignedFile.Multi.Generic ) - warning
21:51:04.0288 11804 DokanMounter - detected UnsignedFile.Multi.Generic (1)
21:51:04.0292 11804 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:51:04.0314 11804 dot3svc - ok
21:51:04.0318 11804 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:51:04.0340 11804 DPS - ok
21:51:04.0342 11804 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:51:04.0352 11804 drmkaud - ok
21:51:04.0357 11804 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
21:51:04.0366 11804 dtsoftbus01 - ok
21:51:04.0377 11804 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:51:04.0395 11804 DXGKrnl - ok
21:51:04.0398 11804 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:51:04.0420 11804 EapHost - ok
21:51:04.0446 11804 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:51:04.0481 11804 ebdrv - ok
21:51:04.0484 11804 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:51:04.0493 11804 EFS - ok
21:51:04.0502 11804 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:51:04.0518 11804 ehRecvr - ok
21:51:04.0521 11804 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:51:04.0531 11804 ehSched - ok
21:51:04.0538 11804 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:51:04.0550 11804 elxstor - ok
21:51:04.0553 11804 [ E47D9D7E6E53892FC97282482F4AE307 ] EMSC C:\Windows\system32\DRIVERS\EMSC.SYS
21:51:04.0559 11804 EMSC - ok
21:51:04.0561 11804 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:51:04.0569 11804 ErrDev - ok
21:51:04.0576 11804 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:51:04.0601 11804 EventSystem - ok
21:51:04.0604 11804 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:51:04.0627 11804 exfat - ok
21:51:04.0631 11804 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:51:04.0654 11804 fastfat - ok
21:51:04.0663 11804 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:51:04.0678 11804 Fax - ok
21:51:04.0680 11804 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
21:51:04.0688 11804 fdc - ok
21:51:04.0691 11804 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:51:04.0712 11804 fdPHost - ok
21:51:04.0714 11804 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:51:04.0736 11804 FDResPub - ok
21:51:04.0739 11804 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:51:04.0747 11804 FileInfo - ok
21:51:04.0749 11804 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:51:04.0771 11804 Filetrace - ok
21:51:04.0773 11804 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:51:04.0782 11804 flpydisk - ok
21:51:04.0786 11804 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:51:04.0796 11804 FltMgr - ok
21:51:04.0808 11804 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
21:51:04.0826 11804 FontCache - ok
21:51:04.0831 11804 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:51:04.0841 11804 FontCache3.0.0.0 - ok
21:51:04.0845 11804 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:51:04.0856 11804 FsDepends - ok
21:51:04.0865 11804 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:51:04.0874 11804 Fs_Rec - ok
21:51:04.0882 11804 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:51:04.0896 11804 fvevol - ok
21:51:04.0898 11804 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:51:04.0907 11804 gagp30kx - ok
21:51:04.0915 11804 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:51:04.0942 11804 gpsvc - ok
21:51:04.0948 11804 [ D8BF3C594BD17A37960362E6C6739B90 ] Hardlock C:\Windows\system32\drivers\hardlock.sys
21:51:04.0958 11804 Hardlock - ok
21:51:04.0960 11804 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:51:04.0969 11804 hcw85cir - ok
21:51:04.0974 11804 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:51:04.0987 11804 HdAudAddService - ok
21:51:04.0989 11804 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:51:04.0989 11804 HDAudBus - ok
21:51:04.0989 11804 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:51:05.0004 11804 HidBatt - ok
21:51:05.0004 11804 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:51:05.0020 11804 HidBth - ok
21:51:05.0020 11804 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
21:51:05.0036 11804 HidIr - ok
21:51:05.0036 11804 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:51:05.0051 11804 hidserv - ok
21:51:05.0051 11804 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:51:05.0067 11804 HidUsb - ok
21:51:05.0067 11804 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:51:05.0098 11804 hkmsvc - ok
21:51:05.0098 11804 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:51:05.0098 11804 HomeGroupListener - ok
21:51:05.0114 11804 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:51:05.0114 11804 HomeGroupProvider - ok
21:51:05.0129 11804 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:51:05.0129 11804 HpSAMD - ok
21:51:05.0145 11804 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:51:05.0160 11804 HTTP - ok
21:51:05.0160 11804 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:51:05.0176 11804 hwpolicy - ok
21:51:05.0176 11804 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:51:05.0192 11804 i8042prt - ok
21:51:05.0192 11804 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\Windows\system32\drivers\iaStor.sys
21:51:05.0207 11804 iaStor - ok
21:51:05.0207 11804 [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:51:05.0223 11804 IAStorDataMgrSvc - ok
21:51:05.0223 11804 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:51:05.0238 11804 iaStorV - ok
21:51:05.0238 11804 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:51:05.0238 11804 IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:51:05.0238 11804 IDriverT - detected UnsignedFile.Multi.Generic (1)
21:51:05.0254 11804 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:51:05.0270 11804 idsvc - ok
21:51:05.0363 11804 [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:51:05.0488 11804 igfx - ok
21:51:05.0504 11804 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:51:05.0504 11804 iirsp - ok
21:51:05.0519 11804 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:51:05.0535 11804 IKEEXT - ok
21:51:05.0550 11804 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:51:05.0566 11804 IntcDAud - ok
21:51:05.0566 11804 [ 7C76466F4E0F76CE259C6005D161E9E8 ] Intel(R) Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
21:51:05.0582 11804 Intel(R) Capability Licensing Service Interface - ok
21:51:05.0582 11804 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:51:05.0597 11804 intelide - ok
21:51:05.0691 11804 [ 54E37A4E66B2CA1C38E9728FAD5F9822 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
21:51:05.0847 11804 intelkmd - ok
21:51:05.0847 11804 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:51:05.0847 11804 intelppm - ok
21:51:05.0862 11804 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:51:05.0878 11804 IPBusEnum - ok
21:51:05.0878 11804 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:51:05.0909 11804 IpFilterDriver - ok
21:51:05.0909 11804 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:51:05.0925 11804 iphlpsvc - ok
21:51:05.0925 11804 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:51:05.0940 11804 IPMIDRV - ok
21:51:05.0940 11804 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:51:05.0956 11804 IPNAT - ok
21:51:05.0956 11804 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:51:05.0972 11804 IRENUM - ok
21:51:05.0972 11804 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:51:05.0987 11804 isapnp - ok
21:51:05.0987 11804 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:51:06.0003 11804 iScsiPrt - ok
21:51:06.0003 11804 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
21:51:06.0003 11804 iusb3hcs - ok
21:51:06.0018 11804 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
21:51:06.0018 11804 iusb3hub - ok
21:51:06.0034 11804 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
21:51:06.0050 11804 iusb3xhc - ok
21:51:06.0050 11804 [ D22982C269775BCBDDA8A0F82A9ADE9E ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:51:06.0065 11804 jhi_service - ok
21:51:06.0065 11804 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:51:06.0065 11804 kbdclass - ok
21:51:06.0065 11804 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:51:06.0081 11804 kbdhid - ok
21:51:06.0081 11804 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:51:06.0096 11804 KeyIso - ok
21:51:06.0096 11804 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:51:06.0096 11804 KSecDD - ok
21:51:06.0096 11804 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:51:06.0112 11804 KSecPkg - ok
21:51:06.0112 11804 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:51:06.0143 11804 ksthunk - ok
21:51:06.0143 11804 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:51:06.0174 11804 KtmRm - ok
21:51:06.0174 11804 [ FC010C7814DDAC17389A7D87EA2EBB39 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
21:51:06.0174 11804 L1C - ok
21:51:06.0174 11804 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:51:06.0206 11804 LanmanServer - ok
21:51:06.0206 11804 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:51:06.0237 11804 LanmanWorkstation - ok
21:51:06.0237 11804 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:51:06.0252 11804 lltdio - ok
21:51:06.0252 11804 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:51:06.0284 11804 lltdsvc - ok
21:51:06.0284 11804 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:51:06.0315 11804 lmhosts - ok
21:51:06.0315 11804 [ 5C08357C65F658E29B5DDC2EF18D575C ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:51:06.0315 11804 LMS - ok
21:51:06.0330 11804 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:51:06.0330 11804 LSI_FC - ok
21:51:06.0330 11804 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:51:06.0346 11804 LSI_SAS - ok
21:51:06.0346 11804 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:51:06.0362 11804 LSI_SAS2 - ok
21:51:06.0362 11804 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:51:06.0362 11804 LSI_SCSI - ok
21:51:06.0377 11804 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:51:06.0393 11804 luafv - ok
21:51:06.0393 11804 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:51:06.0408 11804 Mcx2Svc - ok
21:51:06.0408 11804 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
21:51:06.0408 11804 megasas - ok
21:51:06.0424 11804 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:51:06.0424 11804 MegaSR - ok
21:51:06.0440 11804 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
21:51:06.0440 11804 MEIx64 - ok
21:51:06.0440 11804 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:51:06.0471 11804 MMCSS - ok
21:51:06.0471 11804 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:51:06.0486 11804 Modem - ok
21:51:06.0486 11804 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:51:06.0502 11804 monitor - ok
21:51:06.0502 11804 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:51:06.0518 11804 mouclass - ok
21:51:06.0518 11804 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:51:06.0518 11804 mouhid - ok
21:51:06.0518 11804 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:51:06.0533 11804 mountmgr - ok
21:51:06.0533 11804 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:51:06.0549 11804 mpio - ok
21:51:06.0549 11804 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:51:06.0564 11804 mpsdrv - ok
21:51:06.0580 11804 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:51:06.0611 11804 MpsSvc - ok
21:51:06.0611 11804 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:51:06.0627 11804 MRxDAV - ok
21:51:06.0627 11804 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:51:06.0642 11804 mrxsmb - ok
21:51:06.0642 11804 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:51:06.0658 11804 mrxsmb10 - ok
21:51:06.0658 11804 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:51:06.0658 11804 mrxsmb20 - ok
21:51:06.0674 11804 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:51:06.0674 11804 msahci - ok
21:51:06.0674 11804 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:51:06.0689 11804 msdsm - ok
21:51:06.0689 11804 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:51:06.0705 11804 MSDTC - ok
21:51:06.0705 11804 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:51:06.0720 11804 Msfs - ok
21:51:06.0720 11804 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:51:06.0752 11804 mshidkmdf - ok
21:51:06.0752 11804 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:51:06.0752 11804 msisadrv - ok
21:51:06.0767 11804 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:51:06.0783 11804 MSiSCSI - ok
21:51:06.0783 11804 msiserver - ok
21:51:06.0783 11804 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:51:06.0814 11804 MSKSSRV - ok
21:51:06.0814 11804 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:51:06.0830 11804 MSPCLOCK - ok
21:51:06.0830 11804 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:51:06.0861 11804 MSPQM - ok
21:51:06.0861 11804 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:51:06.0876 11804 MsRPC - ok
21:51:06.0876 11804 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:51:06.0876 11804 mssmbios - ok
21:51:06.0892 11804 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:51:06.0908 11804 MSTEE - ok
21:51:06.0908 11804 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:51:06.0923 11804 MTConfig - ok
21:51:06.0923 11804 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:51:06.0923 11804 Mup - ok
21:51:06.0939 11804 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:51:06.0954 11804 napagent - ok
21:51:06.0970 11804 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:51:06.0970 11804 NativeWifiP - ok
21:51:06.0986 11804 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:51:07.0001 11804 NDIS - ok
21:51:07.0001 11804 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:51:07.0032 11804 NdisCap - ok
21:51:07.0032 11804 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:51:07.0048 11804 NdisTapi - ok
21:51:07.0064 11804 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:51:07.0079 11804 Ndisuio - ok
21:51:07.0079 11804 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:51:07.0095 11804 NdisWan - ok
21:51:07.0110 11804 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:51:07.0126 11804 NDProxy - ok
21:51:07.0126 11804 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:51:07.0142 11804 NetBIOS - ok
21:51:07.0157 11804 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:51:07.0173 11804 NetBT - ok
21:51:07.0173 11804 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:51:07.0188 11804 Netlogon - ok
21:51:07.0188 11804 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:51:07.0220 11804 Netman - ok
21:51:07.0220 11804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:51:07.0235 11804 NetMsmqActivator - ok
21:51:07.0235 11804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:51:07.0235 11804 NetPipeActivator - ok
21:51:07.0251 11804 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:51:07.0266 11804 netprofm - ok
21:51:07.0266 11804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:51:07.0282 11804 NetTcpActivator - ok
21:51:07.0282 11804 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:51:07.0298 11804 NetTcpPortSharing - ok
21:51:07.0298 11804 [ 73CE12B8BDD747B0063CB0A7EF44CEA7 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
21:51:07.0298 11804 netvsc - ok
21:51:07.0313 11804 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:51:07.0313 11804 nfrd960 - ok
21:51:07.0313 11804 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:51:07.0329 11804 NlaSvc - ok
21:51:07.0329 11804 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:51:07.0360 11804 Npfs - ok
21:51:07.0360 11804 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:51:07.0376 11804 nsi - ok
21:51:07.0376 11804 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:51:07.0407 11804 nsiproxy - ok
21:51:07.0422 11804 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:51:07.0454 11804 Ntfs - ok
21:51:07.0454 11804 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:51:07.0469 11804 Null - ok
21:51:07.0469 11804 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:51:07.0485 11804 nvraid - ok
21:51:07.0485 11804 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:51:07.0500 11804 nvstor - ok
21:51:07.0500 11804 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:51:07.0500 11804 nv_agp - ok
21:51:07.0516 11804 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:51:07.0516 11804 ohci1394 - ok
21:51:07.0532 11804 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:51:07.0532 11804 ose - ok
21:51:07.0578 11804 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:51:07.0641 11804 osppsvc - ok
21:51:07.0641 11804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:51:07.0656 11804 p2pimsvc - ok
21:51:07.0656 11804 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:51:07.0672 11804 p2psvc - ok
21:51:07.0672 11804 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
21:51:07.0688 11804 Parport - ok
21:51:07.0688 11804 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:51:07.0688 11804 partmgr - ok
21:51:07.0703 11804 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:51:07.0703 11804 PcaSvc - ok
21:51:07.0719 11804 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:51:07.0719 11804 pci - ok
21:51:07.0719 11804 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:51:07.0734 11804 pciide - ok
21:51:07.0734 11804 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:51:07.0750 11804 pcmcia - ok
21:51:07.0750 11804 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:51:07.0750 11804 pcw - ok
21:51:07.0766 11804 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:51:07.0797 11804 PEAUTH - ok
21:51:07.0797 11804 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:51:07.0828 11804 PeerDistSvc - ok
21:51:07.0844 11804 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:51:07.0859 11804 PerfHost - ok
21:51:07.0875 11804 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:51:07.0906 11804 pla - ok
21:51:07.0906 11804 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:51:07.0922 11804 PlugPlay - ok
21:51:07.0922 11804 PnkBstrA - ok
21:51:07.0922 11804 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:51:07.0937 11804 PNRPAutoReg - ok
21:51:07.0937 11804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:51:07.0953 11804 PNRPsvc - ok
21:51:07.0953 11804 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:51:07.0984 11804 PolicyAgent - ok
21:51:07.0984 11804 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
21:51:08.0000 11804 Power - ok
21:51:08.0000 11804 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:51:08.0015 11804 PptpMiniport - ok
21:51:08.0015 11804 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
21:51:08.0031 11804 Processor - ok
21:51:08.0031 11804 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:51:08.0046 11804 ProfSvc - ok
21:51:08.0046 11804 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:51:08.0062 11804 ProtectedStorage - ok
21:51:08.0062 11804 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:51:08.0078 11804 Psched - ok
21:51:08.0093 11804 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:51:08.0124 11804 ql2300 - ok
21:51:08.0124 11804 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:51:08.0124 11804 ql40xx - ok
21:51:08.0140 11804 [ 046850313F51513FF9E12B2822A9E097 ] Qualcomm Atheros Killer Service C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
21:51:08.0140 11804 Qualcomm Atheros Killer Service ( UnsignedFile.Multi.Generic ) - warning
21:51:08.0140 11804 Qualcomm Atheros Killer Service - detected UnsignedFile.Multi.Generic (1)
21:51:08.0156 11804 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:51:08.0171 11804 QWAVE - ok
21:51:08.0171 11804 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:51:08.0171 11804 QWAVEdrv - ok
21:51:08.0187 11804 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:51:08.0202 11804 RasAcd - ok
21:51:08.0202 11804 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:51:08.0218 11804 RasAgileVpn - ok
21:51:08.0234 11804 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:51:08.0249 11804 RasAuto - ok
21:51:08.0249 11804 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:51:08.0280 11804 Rasl2tp - ok
21:51:08.0280 11804 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:51:08.0312 11804 RasMan - ok
21:51:08.0312 11804 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:51:08.0327 11804 RasPppoe - ok
21:51:08.0327 11804 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:51:08.0358 11804 RasSstp - ok
21:51:08.0358 11804 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:51:08.0374 11804 rdbss - ok
21:51:08.0390 11804 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:51:08.0390 11804 rdpbus - ok
21:51:08.0390 11804 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:51:08.0421 11804 RDPCDD - ok
21:51:08.0421 11804 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:51:08.0436 11804 RDPDR - ok
21:51:08.0436 11804 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:51:08.0452 11804 RDPENCDD - ok
21:51:08.0452 11804 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:51:08.0483 11804 RDPREFMP - ok
21:51:08.0483 11804 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:51:08.0499 11804 RDPWD - ok
21:51:08.0499 11804 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:51:08.0514 11804 rdyboost - ok
21:51:08.0514 11804 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:51:08.0530 11804 RemoteAccess - ok
21:51:08.0530 11804 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:51:08.0561 11804 RemoteRegistry - ok
21:51:08.0561 11804 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:51:08.0577 11804 RFCOMM - ok
21:51:08.0577 11804 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:51:08.0608 11804 RpcEptMapper - ok
21:51:08.0608 11804 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:51:08.0608 11804 RpcLocator - ok
21:51:08.0624 11804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:51:08.0639 11804 RpcSs - ok
21:51:08.0655 11804 [ 1EA2EDA2D6CD253CE3EC3387FEAA40AC ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
21:51:08.0655 11804 RSPCIESTOR - ok
21:51:08.0655 11804 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:51:08.0686 11804 rspndr - ok
21:51:08.0686 11804 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:51:08.0702 11804 s3cap - ok
21:51:08.0702 11804 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:51:08.0702 11804 SamSs - ok
21:51:08.0702 11804 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:51:08.0717 11804 sbp2port - ok
21:51:08.0717 11804 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:51:08.0748 11804 SCardSvr - ok
21:51:08.0748 11804 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:51:08.0764 11804 scfilter - ok
21:51:08.0780 11804 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:51:08.0811 11804 Schedule - ok
21:51:08.0811 11804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:51:08.0826 11804 SCPolicySvc - ok
21:51:08.0842 11804 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:51:08.0842 11804 SDRSVC - ok
21:51:08.0842 11804 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:51:08.0873 11804 secdrv - ok
21:51:08.0873 11804 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:51:08.0889 11804 seclogon - ok
21:51:08.0889 11804 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:51:08.0920 11804 SENS - ok
21:51:08.0920 11804 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:51:08.0936 11804 SensrSvc - ok
21:51:08.0936 11804 [ 255476B54C82A89416EFDF09FD62F107 ] Sentinel64 C:\Windows\System32\Drivers\Sentinel64.sys
21:51:08.0936 11804 Sentinel64 - ok
21:51:08.0951 11804 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
21:51:08.0951 11804 Serenum - ok
21:51:08.0951 11804 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
21:51:08.0967 11804 Serial - ok
21:51:08.0967 11804 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:51:08.0982 11804 sermouse - ok
21:51:08.0982 11804 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:51:08.0998 11804 SessionEnv - ok
21:51:09.0014 11804 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:51:09.0014 11804 sffdisk - ok
21:51:09.0014 11804 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:51:09.0029 11804 sffp_mmc - ok
21:51:09.0029 11804 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:51:09.0045 11804 sffp_sd - ok
21:51:09.0045 11804 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:51:09.0045 11804 sfloppy - ok
21:51:09.0076 11804 [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService C:\Program Files (x86)\AlienRespawn\sftservice.EXE
21:51:09.0092 11804 SftService - ok
21:51:09.0107 11804 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:51:09.0123 11804 SharedAccess - ok
21:51:09.0123 11804 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:51:09.0154 11804 ShellHWDetection - ok
21:51:09.0154 11804 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:51:09.0170 11804 SiSRaid2 - ok
21:51:09.0170 11804 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:51:09.0170 11804 SiSRaid4 - ok
21:51:09.0185 11804 [ 6128E98EAAED364ED1A32708D2FD22CB ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
21:51:09.0185 11804 SkypeUpdate - ok
21:51:09.0185 11804 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:51:09.0216 11804 Smb - ok
21:51:09.0216 11804 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:51:09.0232 11804 SNMPTRAP - ok
21:51:09.0232 11804 [ 2D5576C01C8A34AA614870E745FE8F19 ] SNTUSB64 C:\Windows\system32\DRIVERS\SNTUSB64.SYS
21:51:09.0232 11804 SNTUSB64 - ok
21:51:09.0232 11804 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:51:09.0248 11804 spldr - ok
21:51:09.0248 11804 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:51:09.0263 11804 Spooler - ok
21:51:09.0294 11804 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:51:09.0341 11804 sppsvc - ok
21:51:09.0357 11804 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:51:09.0372 11804 sppuinotify - ok
21:51:09.0372 11804 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:51:09.0388 11804 srv - ok
21:51:09.0404 11804 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:51:09.0404 11804 srv2 - ok
21:51:09.0419 11804 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:51:09.0419 11804 srvnet - ok
21:51:09.0419 11804 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:51:09.0450 11804 SSDPSRV - ok
21:51:09.0450 11804 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:51:09.0482 11804 SstpSvc - ok
21:51:09.0482 11804 [ E4EA2412FB1B8AEE33667A9CC6D456A4 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
21:51:09.0482 11804 stdcfltn - ok
21:51:09.0482 11804 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:51:09.0497 11804 stexstor - ok
21:51:09.0497 11804 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:51:09.0513 11804 stisvc - ok
21:51:09.0513 11804 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
21:51:09.0528 11804 StorSvc - ok
21:51:09.0528 11804 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:51:09.0544 11804 storvsc - ok
21:51:09.0544 11804 [ 10D69C83513B50F34032F7F96E40019D ] ST_ACCEL C:\Windows\system32\DRIVERS\ST_ACCEL.sys
21:51:09.0544 11804 ST_ACCEL - ok
21:51:09.0544 11804 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:51:09.0560 11804 swenum - ok
21:51:09.0560 11804 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:51:09.0591 11804 swprv - ok
21:51:09.0591 11804 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
21:51:09.0606 11804 SynthVid - ok
21:51:09.0606 11804 [ 662D9B75D7769C810F76B0C116333607 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:51:09.0622 11804 SynTP - ok
21:51:09.0638 11804 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:51:09.0669 11804 SysMain - ok
21:51:09.0669 11804 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:51:09.0684 11804 TabletInputService - ok
21:51:09.0684 11804 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:51:09.0700 11804 TapiSrv - ok
21:51:09.0716 11804 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:51:09.0731 11804 TBS - ok
21:51:09.0747 11804 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:51:09.0778 11804 Tcpip - ok
21:51:09.0794 11804 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:51:09.0809 11804 TCPIP6 - ok
21:51:09.0825 11804 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:51:09.0825 11804 tcpipreg - ok
21:51:09.0825 11804 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:51:09.0840 11804 TDPIPE - ok
21:51:09.0840 11804 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:51:09.0856 11804 TDTCP - ok
21:51:09.0856 11804 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:51:09.0872 11804 tdx - ok
21:51:09.0903 11804 [ 81E136A30B7F0631E5A0867453852CF3 ] TeamViewer6 C:\Users\Christian\temp\TeamViewer\Version6\TeamViewer_Service.exe
21:51:09.0934 11804 TeamViewer6 - ok
21:51:09.0934 11804 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:51:09.0950 11804 TermDD - ok
21:51:09.0950 11804 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:51:09.0981 11804 TermService - ok
21:51:09.0981 11804 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:51:09.0996 11804 Themes - ok
21:51:09.0996 11804 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:51:10.0028 11804 THREADORDER - ok
21:51:10.0028 11804 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:51:10.0043 11804 TrkWks - ok
21:51:10.0059 11804 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:51:10.0074 11804 TrustedInstaller - ok
21:51:10.0074 11804 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:51:10.0106 11804 tssecsrv - ok
21:51:10.0106 11804 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:51:10.0106 11804 TsUsbFlt - ok
21:51:10.0106 11804 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:51:10.0121 11804 TsUsbGD - ok
21:51:10.0121 11804 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:51:10.0152 11804 tunnel - ok
21:51:10.0152 11804 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:51:10.0152 11804 uagp35 - ok
21:51:10.0168 11804 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:51:10.0184 11804 udfs - ok
21:51:10.0184 11804 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:51:10.0199 11804 UI0Detect - ok
21:51:10.0199 11804 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:51:10.0215 11804 uliagpkx - ok
21:51:10.0215 11804 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:51:10.0215 11804 umbus - ok
21:51:10.0230 11804 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
21:51:10.0230 11804 UmPass - ok
21:51:10.0230 11804 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
21:51:10.0246 11804 UmRdpService - ok
21:51:10.0262 11804 [ 0DFC9713D117B349E41A2A477448107A ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:51:10.0262 11804 UNS - ok
21:51:10.0277 11804 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:51:10.0293 11804 upnphost - ok
21:51:10.0293 11804 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:51:10.0308 11804 usbccgp - ok
21:51:10.0308 11804 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:51:10.0324 11804 usbcir - ok
21:51:10.0324 11804 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:51:10.0324 11804 usbehci - ok
21:51:10.0340 11804 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:51:10.0355 11804 usbhub - ok
21:51:10.0355 11804 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:51:10.0355 11804 usbohci - ok
21:51:10.0355 11804 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:51:10.0371 11804 usbprint - ok
21:51:10.0371 11804 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:51:10.0386 11804 USBSTOR - ok
21:51:10.0386 11804 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:51:10.0386 11804 usbuhci - ok
21:51:10.0402 11804 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:51:10.0402 11804 usbvideo - ok
21:51:10.0418 11804 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:51:10.0433 11804 UxSms - ok
21:51:10.0433 11804 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:51:10.0449 11804 VaultSvc - ok
21:51:10.0449 11804 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:51:10.0449 11804 vdrvroot - ok
21:51:10.0464 11804 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:51:10.0480 11804 vds - ok
21:51:10.0496 11804 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:51:10.0496 11804 vga - ok
21:51:10.0496 11804 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:51:10.0527 11804 VgaSave - ok
21:51:10.0527 11804 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:51:10.0542 11804 vhdmp - ok
21:51:10.0542 11804 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:51:10.0542 11804 viaide - ok
21:51:10.0542 11804 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:51:10.0558 11804 VMBusHID - ok
21:51:10.0558 11804 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:51:10.0574 11804 volmgr - ok
21:51:10.0574 11804 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:51:10.0589 11804 volmgrx - ok
21:51:10.0589 11804 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:51:10.0605 11804 volsnap - ok
21:51:10.0605 11804 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:51:10.0605 11804 vsmraid - ok
21:51:10.0620 11804 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:51:10.0667 11804 VSS - ok
21:51:10.0667 11804 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:51:10.0683 11804 vwifibus - ok
21:51:10.0683 11804 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:51:10.0698 11804 vwififlt - ok
21:51:10.0698 11804 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:51:10.0714 11804 W32Time - ok
21:51:10.0730 11804 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:51:10.0730 11804 WacomPen - ok
21:51:10.0730 11804 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:51:10.0761 11804 WANARP - ok
21:51:10.0761 11804 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:51:10.0776 11804 Wanarpv6 - ok
21:51:10.0792 11804 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:51:10.0823 11804 wbengine - ok
21:51:10.0823 11804 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:51:10.0839 11804 WbioSrvc - ok
21:51:10.0839 11804 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:51:10.0854 11804 wcncsvc - ok
21:51:10.0854 11804 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:51:10.0870 11804 WcsPlugInService - ok
21:51:10.0870 11804 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
21:51:10.0870 11804 Wd - ok
21:51:10.0886 11804 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:51:10.0901 11804 Wdf01000 - ok
21:51:10.0901 11804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:51:10.0917 11804 WdiServiceHost - ok
21:51:10.0917 11804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:51:10.0932 11804 WdiSystemHost - ok
21:51:10.0932 11804 [ E89D463AB373CFACCCBB0645E9AE8154 ] WebCake Desktop Updater C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe
21:51:10.0932 11804 WebCake Desktop Updater ( UnsignedFile.Multi.Generic ) - warning
21:51:10.0932 11804 WebCake Desktop Updater - detected UnsignedFile.Multi.Generic (1)
21:51:10.0948 11804 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:51:10.0964 11804 WebClient - ok
21:51:10.0964 11804 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:51:10.0979 11804 Wecsvc - ok
21:51:10.0995 11804 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:51:11.0010 11804 wercplsupport - ok
21:51:11.0010 11804 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:51:11.0042 11804 WerSvc - ok
21:51:11.0042 11804 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:51:11.0057 11804 WfpLwf - ok
21:51:11.0057 11804 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:51:11.0073 11804 WimFltr - ok
21:51:11.0073 11804 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:51:11.0088 11804 WIMMount - ok
21:51:11.0088 11804 WinDefend - ok
21:51:11.0088 11804 WinHttpAutoProxySvc - ok
21:51:11.0088 11804 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:51:11.0120 11804 Winmgmt - ok
21:51:11.0135 11804 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:51:11.0166 11804 WinRM - ok
21:51:11.0182 11804 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:51:11.0182 11804 WinUsb - ok
21:51:11.0198 11804 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:51:11.0213 11804 Wlansvc - ok
21:51:11.0229 11804 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:51:11.0229 11804 WmiAcpi - ok
21:51:11.0229 11804 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:51:11.0244 11804 wmiApSrv - ok
21:51:11.0244 11804 WMPNetworkSvc - ok
21:51:11.0244 11804 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:51:11.0260 11804 WPCSvc - ok
21:51:11.0260 11804 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:51:11.0276 11804 WPDBusEnum - ok
21:51:11.0276 11804 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:51:11.0291 11804 ws2ifsl - ok
21:51:11.0307 11804 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
21:51:11.0322 11804 wscsvc - ok
21:51:11.0322 11804 WSearch - ok
21:51:11.0338 11804 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:51:11.0369 11804 wuauserv - ok
21:51:11.0369 11804 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:51:11.0385 11804 WudfPf - ok
21:51:11.0385 11804 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:51:11.0400 11804 WUDFRd - ok
21:51:11.0400 11804 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:51:11.0416 11804 wudfsvc - ok
21:51:11.0416 11804 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
21:51:11.0432 11804 WwanSvc - ok
21:51:11.0432 11804 ================ Scan global ===============================
21:51:11.0432 11804 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:51:11.0432 11804 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:51:11.0447 11804 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:51:11.0447 11804 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:51:11.0447 11804 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:51:11.0463 11804 [Global] - ok
21:51:11.0463 11804 ================ Scan MBR ==================================
21:51:11.0463 11804 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:51:11.0572 11804 \Device\Harddisk0\DR0 - ok
21:51:11.0572 11804 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
21:51:11.0962 11804 \Device\Harddisk1\DR1 - ok
21:51:11.0962 11804 ================ Scan VBR ==================================
21:51:11.0962 11804 [ 482421A26DA8AE0667C657C694F1439A ] \Device\Harddisk0\DR0\Partition1
21:51:11.0962 11804 \Device\Harddisk0\DR0\Partition1 - ok
21:51:11.0962 11804 [ 245295A96FF9B0D89C204972484C7B8D ] \Device\Harddisk0\DR0\Partition2
21:51:11.0962 11804 \Device\Harddisk0\DR0\Partition2 - ok
21:51:11.0962 11804 [ 7BDEC79BEB2848A710F4A5497A2FB732 ] \Device\Harddisk1\DR1\Partition1
21:51:11.0962 11804 \Device\Harddisk1\DR1\Partition1 - ok
21:51:11.0962 11804 ============================================================
21:51:11.0962 11804 Scan finished
21:51:11.0962 11804 ============================================================
21:51:11.0978 9028 Detected object count: 7
21:51:11.0978 9028 Actual detected object count: 7
21:52:16.0496 9028 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:52:16.0496 9028 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:52:16.0496 9028 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:52:16.0496 9028 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:52:16.0497 9028 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
21:52:16.0497 9028 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:52:16.0497 9028 DokanMounter ( UnsignedFile.Multi.Generic ) - skipped by user
21:52:16.0497 9028 DokanMounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:52:16.0498 9028 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:52:16.0498 9028 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:52:16.0499 9028 Qualcomm Atheros Killer Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:52:16.0499 9028 Qualcomm Atheros Killer Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:52:16.0499 9028 WebCake Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user
21:52:16.0499 9028 WebCake Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 11.07.2013, 20:57   #8
markusg
/// Malware-holic
 
Qtrax und Sposorship= Virus? - Standard

Qtrax und Sposorship= Virus?



Sehr gut.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.07.2013, 21:17   #9
Bayer92
 
Qtrax und Sposorship= Virus? - Standard

Qtrax und Sposorship= Virus?



So hab alles so gemacht wie du es gesagt hasd
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-07-11.03 - Christian 11.07.2013  22:07:06.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8074.5692 [GMT 2:00]
ausgeführt von:: c:\users\Christian\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\DealPly.crx
c:\program files (x86)\DealPly\DealPly.xpi
c:\program files (x86)\DealPly\DealPlyIE.dll
c:\program files (x86)\DealPly\DealPlyIE64.dll
c:\program files (x86)\DealPly\DealPlyUpdate.exe
c:\program files (x86)\DealPly\DealPlyUpdate.log
c:\program files (x86)\DealPly\DealPlyUpdateRun.exe
c:\program files (x86)\DealPly\DealPlyUpdateVer.exe
c:\program files (x86)\DealPly\icon.ico
c:\program files (x86)\DealPly\uninst.exe
c:\programdata\PCDr\6261\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\programdata\PCDr\6261\AddOnDownloaded\31274d4c-b2a5-4954-874c-18abd8e795fc.dll
c:\programdata\PCDr\6261\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6261\AddOnDownloaded\f80f957a-a781-4825-977a-a4ab79468916.dll
c:\windows\SysWow64\UNWISE.EXE
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BrowserDefendert
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-06-11 bis 2013-07-11  ))))))))))))))))))))))))))))))
.
.
2013-07-09 19:45 . 2013-07-09 19:45	--------	d-----w-	c:\users\Default\AppData\Roaming\TuneUp Software
2013-07-03 17:19 . 2013-07-03 17:19	--------	d-----w-	c:\users\Christian\AppData\Roaming\Opera Software
2013-07-03 17:19 . 2013-07-03 17:19	--------	d-----w-	c:\users\Christian\AppData\Local\Opera Software
2013-07-02 19:27 . 2013-07-02 19:27	--------	d-----w-	c:\users\Christian\AppData\Roaming\AVG2013
2013-07-02 19:27 . 2013-07-02 19:27	--------	d-----w-	C:\$AVG
2013-07-02 19:27 . 2013-07-02 19:27	--------	d-----w-	c:\programdata\AVG2013
2013-07-02 19:26 . 2013-07-02 19:26	--------	d-----w-	c:\program files (x86)\AVG
2013-07-02 19:15 . 2013-07-11 16:43	--------	d-----w-	c:\programdata\MFAData
2013-07-02 19:15 . 2013-07-02 19:33	--------	d-----w-	c:\users\Christian\AppData\Local\Avg2013
2013-07-02 19:15 . 2013-07-02 19:15	--------	d-----w-	c:\users\Christian\AppData\Local\MFAData
2013-06-27 15:44 . 2013-06-02 15:11	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-06-27 15:36 . 2013-05-08 06:39	1910632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-06-27 15:36 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-06-27 15:36 . 2013-04-26 05:51	751104	----a-w-	c:\windows\system32\win32spl.dll
2013-06-27 15:36 . 2013-04-26 04:55	492544	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-06-27 15:36 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-06-27 15:36 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-06-27 15:36 . 2013-03-19 05:53	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-06-27 15:36 . 2013-03-19 05:53	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-06-27 15:36 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-06-22 14:06 . 2013-06-22 14:06	--------	d-----w-	c:\windows\SysWow64\searchplugins
2013-06-22 14:06 . 2013-06-22 14:06	--------	d-----w-	c:\windows\SysWow64\Extensions
2013-06-22 14:06 . 2013-06-22 14:06	--------	d-----w-	c:\programdata\BrowserDefender
2013-06-22 14:05 . 2013-06-22 14:05	--------	d-----w-	c:\users\Christian\AppData\Roaming\BabSolution
2013-06-22 14:05 . 2013-06-22 14:05	--------	d-----w-	c:\program files (x86)\Delta
2013-06-22 14:05 . 2013-06-22 14:05	--------	d-----w-	c:\users\Christian\AppData\Roaming\WebCake
2013-06-22 14:05 . 2013-06-22 14:05	--------	d-----w-	c:\program files (x86)\WebCake
2013-06-22 14:04 . 2013-06-22 14:04	--------	d-----w-	c:\users\Christian\AppData\Roaming\DealPly
2013-06-22 14:04 . 2013-06-22 14:04	--------	d-----w-	c:\users\Christian\AppData\Local\Google
2013-06-22 14:04 . 2013-06-22 14:04	--------	d-----w-	c:\users\Christian\AppData\Roaming\DSite
2013-06-22 14:04 . 2013-06-22 14:05	--------	d-----w-	c:\programdata\Tarma Installer
2013-06-22 14:04 . 2013-06-22 14:04	--------	d-----w-	c:\users\Christian\AppData\Roaming\Babylon
2013-06-21 17:29 . 2013-06-21 17:29	--------	d-----w-	c:\users\Christian\AppData\Local\iLivid
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-13 05:49 . 2013-06-27 15:37	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-06-27 15:37	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-06-27 15:37	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-06-27 15:37	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-06-27 15:37	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-27 15:37	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}]
2013-06-07 20:55	197912	----a-w-	c:\program files (x86)\WebCake\WebCakeIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-05-20 10:02	295832	----a-w-	c:\program files (x86)\Delta\delta\1.8.21.5\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.21.5\deltaTlbr.dll" [2013-05-20 284056]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-06-04 3456080]
"WebCake Desktop"="c:\users\Christian\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-06-07 47896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-07 343168]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-12-02 1636208]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Sound Blaster Recon3Di Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe" [2011-12-22 880640]
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2012-03-06 577024]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2012-06-26 76872]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ROCCAT Savu Gaming Mouse"="c:\program files (x86)\ROCCAT\Savu Mouse\Savu Monitor.exe" [2012-09-10 872048]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-04-25 305088]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-2-22 1380128]
Qualcomm Atheros Killer Network Manager.lnk - c:\program files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe -minimized [2012-7-23 553984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\261339~1.144\{C16C1~1\BrowserDefender.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe;c:\program files\Alienware\Command Center\AlienFusionService.exe [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/12/07 16:35;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS;c:\windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS;c:\windows\SYSNATIVE\DRIVERS\EMSC.SYS [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aksdf;aksdf;c:\windows\system32\DRIVERS\aksdf.sys;c:\windows\SYSNATIVE\DRIVERS\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 CtHdaSvc;Sound Core3D Service;c:\windows\sysWow64\CtHdaSvc.exe;c:\windows\sysWow64\CtHdaSvc.exe [x]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys;c:\windows\SYSNATIVE\drivers\dokan.sys [x]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE;c:\program files (x86)\AlienRespawn\sftservice.EXE [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\users\Christian\temp\TeamViewer\Version6\TeamViewer_Service.exe;c:\users\Christian\temp\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe [x]
S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys;c:\windows\SYSNATIVE\DRIVERS\Ak27x64.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 cthda;Sound Core3D(CtHda.sys);c:\windows\system32\drivers\cthda.sys;c:\windows\SYSNATIVE\drivers\cthda.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_ACCEL.sys;c:\windows\SYSNATIVE\DRIVERS\ST_ACCEL.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2012-06-15 12656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-06 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-06 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-06 440600]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=4C22689423D65289&affID=119357&tt=180613_ndtc&tsp=4921
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\BfLLR.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{4FB5C1C8-752A-40AA-821C-B75ED4C21FA8}: NameServer = 192.168.2.2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{EF7BD87A-8024-11E2-F316-F3E56188709B} - c:\program files (x86)\DealPly\DealPlyIE.dll
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe
AddRemove-HASP HL Device Driver - c:\windows\System32\UNWISE.EXE
AddRemove-{1EAC1D02-C6AC-4FA6-9A44-96258C37C812CT}_is1 - c:\games\World_of_Tanks_CT\unins000.exe
AddRemove-PlanetSide 2 PSG - c:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2 PSG\Uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\windows\SysWOW64\RunDll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-11  22:13:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-07-11 20:13
.
Vor Suchlauf: 12 Verzeichnis(se), 104.271.949.824 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 109.358.346.240 Bytes frei
.
- - End Of File - - 76336E6C7CF4E8E54BC850312307714B
         
--- --- ---
D41D8CD98F00B204E9800998ECF8427E

Alt 11.07.2013, 21:20   #10
markusg
/// Malware-holic
 
Qtrax und Sposorship= Virus? - Standard

Qtrax und Sposorship= Virus?



Hi,
es sind 2 Logs zu erstellen, poste diese bitte möglichst gleichzeitig.
1.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Neustarten bitte.
2.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.07.2013, 22:12   #11
Bayer92
 
Qtrax und Sposorship= Virus? - Standard

Qtrax und Sposorship= Virus?



so hab jetz alles so gemacht.

Malwarebytes Anti-Malware (Test) 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.07.11.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Christian :: CHRISTIAN-PC [Administrator]

Schutz: Aktiviert

11.07.2013 22:28:25
mbam-log-2013-07-11 (22-28-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 377405
Laufzeit: 15 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\Users\Christian\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> 4624 -> Löschen bei Neustart.
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (PUP.WebCake) -> 1640 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 7
HKCR\CLSID\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\WebCakeIEClient.Api (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\WebCakeIEClient.Api.1 (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\WebCakeIEClient.DLL (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SYSTEM\CurrentControlSet\Services\WebCake Desktop Updater (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebCake Desktop (PUP.WebCake) -> Daten: "C:\Users\Christian\AppData\Roaming\WebCake\WebCakeDesktop.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 2
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38} (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Cache (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 9
C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Program Files (x86)\DealPly\DealPlyIE.dll.vir (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll (PUP.WebCake) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christian\AppData\Roaming\WebCake\WebCakeDesktop.exe (PUP.WebCake) -> Löschen bei Neustart.
C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe (PUP.WebCake) -> Löschen bei Neustart.

(Ende)


Ich hab alles was ich nicht wusste zb. bei den ganzen Windows sachen unbekannt dahinter gesetzt. Bei Windows Silverlight weiß ich nicht was das ist.

7-Zip 9.20 (x64 edition) Igor Pavlov 10.02.2013 4,53MB 9.20.00.0 nötig
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 08.12.2012 6,00MB 11.3.300.265 unbekannt
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.01.2013 6,00MB 11.5.502.146 unbekannt
Adobe Reader X (10.1.7) MUI Adobe Systems Incorporated 27.06.2013 480MB 10.1.7 nötig
Advanced Audio FX Engine Creative Technology Ltd 08.12.2012 1.12.05 nötig
AlienAutopsy PC-Doctor, Inc. 25.05.2013 128MB 3.3.6261.27 nötig
AlienRespawn Alienware 07.12.2012 9.4.67 nötig
AlienRespawn - Support Software Alienware 07.12.2012 9.4.67 nötig
Alienware Command Center Alienware Corp. 07.12.2012 58,2MB 2.8.8.0 nötig
Alienware On-Screen Display 07.12.2012 2,49MB 0.32.0.2C nötig
AMD Catalyst Install Manager Advanced Micro Devices, Inc. 07.12.2012 26,2MB 3.0.859.0 nötig
applicationupdater Sony Online Entertainment 16.12.2012 unbekannt
Assassin's Creed III 1.01 Ubisoft 22.12.2012 1.01 nötig
AVG 2013 AVG Technologies 09.07.2013 2013.0.3349 nötig
BrowserDefender Bit89 Inc 22.06.2013 unbekannt
CCleaner Piriform 19.06.2013 4.03 nötig
Citrix Online Plug-in - Web Citrix Systems, Inc. 25.02.2013 12.1.44.1 nötig
CyberLink PowerDVD 9.6 CyberLink Corp. 07.12.2012 9.6.1.5425 nötig
DAEMON Tools Lite DT Soft Ltd 16.12.2012 4.46.1.0327 nötig
DDS-CAD 7.2 Data Design System GmbH 04.05.2013 7.2 nötig
DealPly 22.06.2013 unbekannt
DealPly (remove only) DealPly Technologies Ltd. 22.06.2013 1,20MB 4.8.6.1 unbekannt
Delta Chrome Toolbar Visual Tools 22.06.2013 unbekannt
Delta toolbar Delta 22.06.2013 1.8.21.5 unbekannt
Dokan Library 0.6.0 10.02.2013 unbekannt
Far Cry 3 Ubisoft 24.12.2012 1.04 nötig
HASP HL Device Driver 04.05.2013 unbekannt
Integrated Webcam Live! Central Creative Technology Ltd 08.12.2012 2.01.15 nötig
Intel(R) Control Center Intel Corporation 08.12.2012 1.2.1.1007 nötig
Intel(R) Display Audio Driver Intel Corporation 08.12.2012 6.14.00.3090 nötig
Intel(R) Management Engine Components Intel Corporation 08.12.2012 8.0.1.1399 nötig
Intel(R) Rapid Storage Technology Intel Corporation 08.12.2012 11.0.0.1032 nötig
Intel(R) USB 3.0 eXtensible Host Controller Driver Intel Corporation 08.12.2012 1.0.3.214 nötig
Intel® Trusted Connect Service Client Intel Corporation 07.12.2012 10,6MB 1.23.219.2 nötig
kwp-bnWin.net KWP Informationssysteme GmbH 04.05.2013 1,03GB 7.0.00 nötig
Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 11.07.2013 19,2MB 1.75.0.1300 nötig
Medal of Honor™ Warfighter Electronic Arts 22.12.2012 16,0GB 1.0.0.0 nötig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 11.02.2011 38,8MB 4.0.30319 unbekannt
Microsoft .NET Framework 4 Extended Microsoft Corporation 11.02.2011 51,9MB 4.0.30319 unbekannt
Microsoft Office Home and Student 2010 Microsoft Corporation 02.01.2013 14.0.6029.1000 unbekannt
Microsoft Silverlight Microsoft Corporation 22.06.2013 50,6MB 5.1.20125.0 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 07.12.2012 428KB 8.0.56336 unbekannt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 07.12.2012 788KB 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 07.12.2012 598KB 9.0.30729 unbekannt
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 07.12.2012 13,6MB 10.0.30319 unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 14.12.2012 11,1MB 10.0.40219 unbekannt
Opera Stable 15.0.1147.141 Opera Software ASA 11.07.2013 15.0.1147.141 nötig
Origin Electronic Arts, Inc. 22.12.2012 9.0.13.2135 nötig
Polysun 5.3.12.13149 Vela Solaris AG 04.05.2013 unbekannt
PunkBuster Services Even Balance, Inc. 24.12.2012 0.993 unbekannt
Qualcomm Atheros Killer Network Manager Qualcomm Atheros 11.01.2013 68,6MB 6.1.0.395 nötig
Savu Mouse ROCCAT GmbH 21.12.2012 1.1.9 nötig
Skype™ 5.8 Skype Technologies S.A. 07.12.2012 19,0MB 5.8.158 nötig
Sound Blaster Recon3Di Creative Technology Limited 07.12.2012 69,7MB 1.00.08 nötig
Sound Blaster Recon3Di Extras Creative Technology Limited 08.12.2012 1.0 nötig
ST Microelectronics 3 Axis Digital Accelerometer Solution ST Microelectronics 07.12.2012 4.12.0018 unbekannt
Star Wars Republic Commando 14.12.2012 1.0 unnötig
Synaptics Pointing Device Driver Synaptics Incorporated 08.12.2012 46,4MB 16.0.4.0 unbekannt
Tabellenbuch Elektrotechnik 2.0 Verlag Europa-Lehrmittel 16.02.2013 2.0 nötig
TeamSpeak 3 Client TeamSpeak Systems GmbH 09.04.2013 3.0.10.1 nötig
Tomb Raider 14.03.2013 nötig
Update for Zip Opener 22.06.2013 nötig
Uplay Ubisoft 22.12.2012 2.0 nötig
VDE-Anwendungsprogramm 8.1.1.42 VDE Verlag GmbH 22.06.2013 8.1.1.42 nötig
Visual Studio 2010 x64 Redistributables AVG Technologies 02.07.2013 12,4MB 13.0.0.1 unbekannt
WebCake 3.00 WebCake LLC 22.06.2013 1,21MB 3.00 unbekannt
WIDCOMM Bluetooth Software Broadcom Corporation 07.12.2012 287MB 6.5.1.2410 unbekannt
World of Tanks Wargaming.net 02.01.2013 16,5MB nötig
World of Tanks - Common Test Wargaming.net 04.04.2013 16,3MB unnötig
Worms Reloaded 16.12.2012 2,02GB unnötig

Alt 11.07.2013, 22:25   #12
markusg
/// Malware-holic
 
Qtrax und Sposorship= Virus? - Standard

Qtrax und Sposorship= Virus?



Hi,
beachte für die Zukunft:
Wenn du Programme lädst, lies die AGB's bzw Lizenzverträge, toolbars die Werbung einblenden werden immer häufiger werden, und solche erkennst du bereits häufig da.
Instaliere Programme immer, wenn möglich nutzerdefiniert, so erkennt man häufig Drittanbietersoftware.
BZW informiere dich via Google suche.
es sind wieder 2 Logs zu erstellen, poste sie gleichzeitig.
1.
falls deinstalationen nicht klappen, nutze Rewo:
Revo Uninstaller - Download - Filepony
2.
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
BrowserDefender
DealPly : beide
Delta : beide
Star Wars
WebCake
Worms


Öffne CCleaner, analysieren, starten, PC neustarten.
3.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

neustarten.
4.
HitmanPro - Download - Filepony
Lade Hitmanpro, doppelklicken, Scan klicken.
Nichts löschen, weiter klicken.
Log speichern und posten, bzw als XML exportieren, packen und anhängen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.07.2013, 22:41   #13
Bayer92
 
Qtrax und Sposorship= Virus? - Standard

Qtrax und Sposorship= Virus?



Mit dem CCleaner kann ich die 2. Dealply datei und Webcake nicht deinstallieren und bei dem Revo uninstaller werden die beide nicht angezeigt

Hey, hier die Logdateien von adwcleaner.AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.305 - Datei am 12/07/2013 um 00:00:42 erstellt
# Aktualisiert am 11/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Christian - CHRISTIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christian\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files (x86)\WebCake
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Ordner Gelöscht : C:\Users\Christian\AppData\Local\Ilivid
Ordner Gelöscht : C:\Users\Christian\AppData\LocalLow\delta
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Christian\AppData\Roaming\WebCake

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5f55dcdbe669ec42
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?babsrc=HP_ss_din2g&mntrId=4C22689423D65289&affID=119357&tt=180613_ndtc&tsp=4921 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=1f8f72d0-0141-4592-a4e9-638ae417dba9&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate=01/01/1970 --> hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [7108 octets] - [12/07/2013 00:00:42]

########## EOF - C:\AdwCleaner[S1].txt - [7168 octets] ##########
         
--- --- ---

Bei Hitmanpro bringt das programm die Meldung das es keine zulässige Win32 anwendung sei.

Alt 11.07.2013, 23:36   #14
markusg
/// Malware-holic
 
Qtrax und Sposorship= Virus? - Standard

Qtrax und Sposorship= Virus?



hmm starte mal neu, verlinkt hab ich eig die 64 bit variannte die du benötigst.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.07.2013, 07:50   #15
Bayer92
 
Qtrax und Sposorship= Virus? - Standard

Qtrax und Sposorship= Virus?



es steht zwar HitmanPro_x64.exe da aber es kommt nach wie vor die Fehlermeldung das dies keine zulässige Win32-Anwendung ist.

Antwort

Themen zu Qtrax und Sposorship= Virus?
ausspioniert, browser, chris, erschein, erscheint, hoffe, immer wieder, nervig, opera, problem, qtrax, seite, seriös, servus, software, sponsorship, sporadisch, virus, virus?, ziemlich, zusammen, öffnet




Zum Thema Qtrax und Sposorship= Virus? - Servus zusammen, da ich mich leider nicht so gut mit PC- Software auskenne und mir eure Seite sehr Seriös erscheint hoffe ich, dass Ihr mir bei meinem Problem helfen könnt. - Qtrax und Sposorship= Virus?...
Archiv
Du betrachtest: Qtrax und Sposorship= Virus? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.