|
Rechner lahmt kann wer was finden? Hey seit ein paar Tagen ist er gefühlt sehr langsam stellenweise im Task Manager 100% Datenträgerauslastung. Danke für die Hilfe Extras: OTL Extras logfile created on: 20.04.2015 21:48:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rick\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17239) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,94 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 30,39% Memory free 9,19 Gb Paging File | 3,22 Gb Available in Paging File | 35,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 150,00 Gb Total Space | 84,23 Gb Free Space | 56,15% Space Free | Partition Type: NTFS Drive D: | 764,71 Gb Total Space | 651,54 Gb Free Space | 85,20% Space Free | Partition Type: NTFS Computer Name: RICKS | User Name: Rick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3412733107-315020943-3521016687-1002\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A90B18D-039A-4C6C-9E80-64596C626D89}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{11ADF815-5956-4713-84E6-798D67A184B1}" = lport=137 | protocol=17 | dir=in | app=system | "{1265C881-639B-443B-A658-6C97A720947B}" = rport=10243 | protocol=6 | dir=out | app=system | "{15D1F4D3-E4B6-401C-A1E0-5E87EAF5C4F6}" = lport=138 | protocol=17 | dir=in | app=system | "{17CF216D-5CF6-4E1D-A015-C82C8A325DA0}" = rport=139 | protocol=6 | dir=out | app=system | "{2197EC88-B153-4E97-B73D-1E6556A75E63}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{26141E1D-D4E6-4251-94EB-C0D41B94DB53}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{3512AA38-E322-474B-8A5E-1F4945B3D26F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{379E2E5F-F321-41E6-95C1-1755C2B96214}" = lport=445 | protocol=6 | dir=in | app=system | "{37E597CF-0757-43FF-A470-225DB2C183BB}" = lport=139 | protocol=6 | dir=in | app=system | "{4AC1304F-01AE-4132-8DD6-3F6216B3BE32}" = lport=10243 | protocol=6 | dir=in | app=system | "{4B3AEC47-109F-430A-BC12-1BB891D7AAEE}" = rport=138 | protocol=17 | dir=out | app=system | "{4F2A7788-B080-4F83-92E6-FDAB1BA107D5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{63575BFC-8665-4D03-9453-145AE88F489A}" = rport=445 | protocol=6 | dir=out | app=system | "{67C89036-0096-491D-A16F-707A1A445D53}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | "{69142D8E-15DE-4622-AC92-E488FF51748B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{69D284D6-1487-45AD-8CE9-2FBE89306392}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7184F69E-E46F-4664-9869-AF2FCEB523B2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{7FFFD92C-E18D-4385-BA4C-4A824FAFC2C8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8739F5F8-E006-41EE-8ED7-E61928B33F51}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8746658B-7C39-4F93-822A-8DC695521034}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{8E61CD52-C6CA-48B1-8B14-58543D5B43FA}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe | "{8F74C595-A28F-4DE9-BFCA-08EAC604042F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A6620C53-34D5-4DA6-9EC4-85ED7D2C293F}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{BA9F08E9-7F15-42B3-AA5D-35ECF11AA6E7}" = rport=137 | protocol=17 | dir=out | app=system | "{C0BCAC7D-67FE-4F91-B015-2AD7BF073FDA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{CBC1B201-CC19-4950-A3D9-2B9833703599}" = lport=2869 | protocol=6 | dir=in | app=system | "{E2CABE8C-8572-4647-A078-38107CE25768}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe | "{E3A5E8B6-787D-4FD1-956C-C047771267FA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{F2DF220C-3667-422A-8697-0D996825297A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{F44175CE-2084-4C2A-8CDF-2FB742406529}" = lport=47995 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{009CF898-66D5-43E4-9049-1BC6680608DF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3478\agent.exe | "{01930628-897C-45FF-82ED-C5F4C74C24F2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3689\agent.exe | "{0200DA03-FFBA-43A4-993D-E87CBCBC43C9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3334\agent.exe | "{0962EAC3-1903-40B3-B99C-F2851448F8CB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0A307558-5B58-4684-85B9-D5DA3E3BD4FD}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{0BF76237-4036-4FF0-8F90-026C4D445E86}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe | "{0C8FEC9F-BE6C-4EFB-BF9A-EFF46BCDE09C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe | "{0D128DDD-51D7-4BAE-A2C9-3F0D6E2BD09B}" = dir=in | name=@{magix.musicmakerjam_2.1.1032.2_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} | "{106B45D5-5AC7-455E-8ACB-9717A51973BB}" = protocol=6 | dir=in | app=d:\wow\diablo iii\diablo iii.exe | "{108B1E39-2A6C-46BF-8378-7D8AD4EE3E2D}" = protocol=6 | dir=in | app=c:\programdata\pennybee\pennybee.exe | "{13665D91-6073-4C2B-B389-2E6125765A0F}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{13F1B5D8-488D-4F4B-98A9-47D6DB02B173}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{14F25FEA-396D-4C0B-99AB-9D0226AD1B6C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{1838B03D-1B3A-4787-8F28-6BD8AE38D833}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1A173CAA-8CBE-438F-9D75-5527367687EF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | "{1BAD347B-BA5E-49E5-98F3-7EB29A9B41A9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3323\agent.exe | "{1EFCA9CB-D7F0-4968-8F1F-A3ADA10D2714}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{20BAFBD0-02F9-4959-81CB-FA7B99241AA0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{22B1E0E5-F571-422E-A0F5-8121A5A5AA52}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{23C3CA1F-E198-4210-A276-80D809A3D956}" = protocol=6 | dir=in | app=d:\steam\bin\steamwebhelper.exe | "{2504520A-F804-4676-9BDC-AE154F36BDC1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3372\agent.exe | "{27282CEE-B544-4567-BFF4-8DB88F9F6304}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | "{2970E836-94D7-4EE8-9021-EC0B1CF44A06}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3507\agent.exe | "{2C3EA296-2901-4186-BC03-D4E46BA20C4E}" = protocol=6 | dir=in | app=c:\programdata\pennybee\pennybee.exe | "{2CCEA927-F053-4536-B0A2-5B8ECFEFAFA2}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{2E56319E-9A64-4F79-8EA6-3DB4B23D22EE}" = protocol=6 | dir=in | app=d:\wow\battle.net\battle.net.exe | "{2F0D6A57-2BB1-4D49-BD1A-A616161789B7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{2F271EF2-DD1C-4E63-9FD4-97925198B421}" = dir=out | name=asus webstorage | "{2FD76D0A-647A-4158-A323-93E7CA198A2A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe | "{33955E69-D7FD-4848-B12E-104B9AD3BBBA}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{394AAF3C-CFD2-4C17-B100-625E49A2641C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{3AD99FB6-303E-43AC-9F76-266C0D7BED55}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{3AF152F0-92CD-4C61-B7ED-C3E6FFF32C28}" = dir=out | name=fingertapps instruments recommended by asus | "{3D5908F5-6E5A-48CC-A3D9-839D52738E6B}" = dir=out | name=dropbox | "{3FA2B474-92E5-4165-B136-A4E66AFADD26}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3507\agent.exe | "{3FD2D95E-6683-4C6B-88D7-47930E046497}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | "{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | "{445EBCBD-9149-4167-B4CE-4398D9457E81}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{45FFD0BC-3722-4082-A782-0DB91A85B07F}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3507\agent.exe | "{4A60C89D-B97E-416D-8B7F-A83E2C7437ED}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3478\agent.exe | "{4BB66E9F-8A9C-4E3F-B91E-4E14C2C54F97}" = protocol=17 | dir=in | app=d:\wow\diablo iii\diablo iii.exe | "{4D2CF1A2-FE60-47E0-8FFC-9A96022C1128}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe | "{4FA8A8BC-115A-4833-85B8-70234285459F}" = dir=in | name=asus webstorage | "{50BDE0CF-E37A-4593-A1D7-8BAC9A913096}" = dir=in | app=c:\programdata\pennybee\pennybee.exe | "{51F8BC3C-F5CF-4218-BF1A-63B60E1EE471}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3427\agent.exe | "{528259CE-4C3E-4BBA-AEB8-F5728DF5096A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3332\agent.exe | "{528397E7-A0F2-43E8-841B-7CA9CC6B217C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe | "{54016AF2-739A-46C7-982A-3A6FD814CB71}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3526\agent.exe | "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{54C17FD8-6818-4712-AFAE-025A3103C89B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | "{5621C1D8-1979-418D-B4BB-156B84FCA6CF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe | "{56B1A878-15CB-4912-927E-D3F5F217EDA9}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{581DD765-B218-4D92-B606-B70A766C4AF1}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.313_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{5A12722E-1539-4DAE-A720-2F37CF878ABF}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{5A3052CD-2CEF-46EE-979D-FA5792952C1C}" = dir=out | name=onenote | "{5D0D63A4-258B-48D9-8D6B-01F54BBE2A3F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe | "{5F2BD161-85E9-4C60-A6EA-29D6C998E09E}" = dir=in | name=vlc for windows 8 | "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | "{64032C9C-C6ED-4C3B-8718-CF325E1B8BC0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{69EF80DB-F223-4BB0-8DEA-13BEFA43F68D}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{69F32272-2648-49D3-BE80-CEFCFA287DCC}" = dir=in | name=mcafee® central for asus | "{6C2345B3-E376-48E0-A62B-38084D07487A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3427\agent.exe | "{7420FB00-07B6-421B-992A-E93C827B69A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{74F60A17-A22D-442F-A0DE-CB69E3844BC6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe | "{768A4DC3-DE37-4869-A925-DD7E79DEF373}" = dir=out | name=@{microsoft.bingfinance_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | "{78BB6A46-9601-429D-8416-3A0F9703967D}" = dir=out | name=@{microsoft.zunevideo_2.6.434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{7BAA946A-9C07-4312-83F1-8439C4597B1D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{7C2C87EE-D8C4-49EF-8702-59B55D4D0731}" = protocol=6 | dir=in | app=d:\steam\steam.exe | "{7C8187B9-7A5C-4F3F-96EF-DF5206890923}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe | "{7D5E1A44-2816-48C2-A379-E8F4CB982916}" = dir=out | name=mcafee® central for asus | "{7EA8DD0E-3700-4320-BAD9-88BB21DF648A}" = protocol=17 | dir=in | app=c:\programdata\pennybee\pennybee.exe | "{7ED1DAC9-E5FB-4215-8385-AA3BDCA0E4B1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{7F4D4026-95BC-408E-B84F-873D9579B486}" = dir=out | name=@{microsoft.bingnews_3.0.4.268_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | "{85D20337-CDA7-4BFD-9497-2514AC2FBFDC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe | "{88E17684-CE26-4007-A801-A20A4F8661D4}" = dir=out | name=windows_ie_ac_001 | "{8B13F579-0F20-40EB-9AC7-C0F29CE9D851}" = protocol=6 | dir=out | app=system | "{8E7C6776-1058-413D-A482-C80F33027EA9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe | "{8EB97301-99C8-4325-8A10-2B098A775A2B}" = dir=out | name=@{microsoft.bingtravel_3.0.4.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | "{917538B6-C405-4566-B76A-9318D388153C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe | "{91EB76A2-0D1F-4F60-A1D1-0A430B04872B}" = protocol=17 | dir=in | app=d:\steam\bin\steamwebhelper.exe | "{92949301-43D4-462A-BF8A-A35E233684B7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3478\agent.exe | "{95259089-ECCD-49FB-BC1F-20F856B7F3F6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3322\agent.exe | "{9878AD98-2FB4-4D60-A9FF-42CFA3857945}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3454\agent.exe | "{98F32510-BB50-4FCA-8A2B-7ACF16BFA743}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{99C91B91-F617-40BB-B2CF-B9E5569EA661}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe | "{9BCF1A94-7A68-4655-AA36-E6E0D8E3E3AE}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{9C717C3C-B5AB-469E-A488-D30AB602A496}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3323\agent.exe | "{9D20A201-1718-4CD9-BB76-E11BAB697C6D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3526\agent.exe | "{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{A14B2AA1-9214-468E-8B97-19033023CBD8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe | "{A2000CE8-8E70-4955-92F2-2834DE10141C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | "{A29BB609-3CEB-44F3-BBDD-C108638DA09B}" = protocol=17 | dir=in | app=d:\steam\steam.exe | "{A29D347A-E533-495D-8431-73EA6A340D54}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3346\agent.exe | "{A4EE625E-DAFA-464E-B298-0E9870311BCB}" = dir=out | name=radyo | "{A8A3FA2E-DCAD-495C-A8E8-7521D800E0B0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3507\agent.exe | "{A8A4134B-E7F5-4E75-9E9D-9C6289B7C832}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | "{A8BA1BE2-38B8-41E7-8867-BF6790C3E33E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3322\agent.exe | "{A8CE658F-B3EA-4781-B0CD-DFECB2DA9837}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe | "{AFC0E147-642F-4DBB-99FC-780306C65768}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | "{B035C544-21BE-40B4-A0FE-93C683554B3E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{B4E635D4-EE70-4FF1-8911-97BB8CF6A21E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | "{B9DD296B-3302-4940-914F-4B49A59C9DFD}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{BB78EF69-BA40-495E-A8F8-F7606585F999}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BF177A9D-8D82-4416-8093-5A8FDEA0C78B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3526\agent.exe | "{C0E43413-F252-4CAB-879D-AD6E11265759}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{C2D620A1-D218-4117-B24E-BE5441759330}" = dir=in | name=onenote | "{C36C18BD-B449-4D37-8FDE-47F8661CF28B}" = dir=in | name=skype | "{C6B8696F-5276-450B-9358-3DD8DCEA8FC0}" = dir=out | name=@{magix.musicmakerjam_2.1.1032.2_x64__a2t3txkz9j1jw?ms-resource://magix.musicmakerjam/resources/app_name} | "{CA17AE9E-C71E-49EE-9F46-AAE535805E86}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | "{CCB7DB4E-67CB-4E3A-BA77-E7DD9DBC802B}" = dir=out | name=fresh paint | "{CF0B8EBF-6604-469D-B8A8-B24629BE14AC}" = dir=in | name=radyo | "{CF7D105C-A3EA-445C-ABAF-793180500857}" = dir=in | app=c:\program files\cyberlink\powerdirector10\pdr10.exe | "{D07CDAD8-1F3E-47DC-9584-7CB37F4C39A4}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{D0F9C290-9A64-43D5-A6C9-1041CA1728C6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe | "{D177BB74-BE5A-4C7A-8B5A-2A4230D212A3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3334\agent.exe | "{D2C049BE-E296-405B-A7B3-0DE8EAA90411}" = dir=out | name=vlc for windows 8 | "{D391110F-9115-476F-A33D-EBDB61E5D047}" = protocol=17 | dir=in | app=c:\programdata\pennybee\pennybee.exe | "{D5E0D8F2-DBBE-4E10-AF31-E3827286E4D5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{D5E2C736-2F93-4937-A965-6EE18B77DC0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D62DA40C-B2FB-40B3-9749-04DD79531350}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | "{D8432A5D-AE23-4763-8B11-B0C624A1F2B8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe | "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | "{DB93E3F1-8D32-47B8-A71A-E8FF15B22FD9}" = dir=out | name=fingertapps organizer recommended by asus | "{DE797F69-F48C-4F9C-AB71-44D3C9AA5606}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe | "{DF3FD37F-663C-45FF-A313-E0BA10B39A8E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe | "{DF46E7D6-7EEC-4A44-9BEF-7211EF04BE98}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{DF9F36ED-4A8F-4678-B857-9F1C42C5A702}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3372\agent.exe | "{DFDD0C5A-9BB8-4607-BF19-BE5D648704A3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe | "{DFE4CAA0-063E-40E8-B5F1-25CDE3694FFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E41CE21E-4B79-4C22-A463-2E3142E8D733}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E7BDD28B-C13F-4549-BF89-11721B39E192}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{E8812107-62B4-4494-BC56-01F62164C0AA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{E94338A6-207D-428D-A218-D6CB2F63EA39}" = dir=in | name=fingertapps organizer recommended by asus | "{EA456881-AE9B-4029-A23C-ED2775CFE5ED}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{EA9DA5B7-B195-446B-9122-EF3ED28A0DAB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3372\agent.exe | "{EAA1D897-B37A-4AB6-A547-AC31F8A3F396}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3332\agent.exe | "{EB80CC32-F224-4804-84A8-B97801DBC301}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | "{EC47CB54-D27D-4BCD-BAF8-3CB41DB819D2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3372\agent.exe | "{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | "{EED04578-72AF-4A93-AC4C-B2049B4AAD03}" = dir=out | name=skype | "{F1DDE31F-9E32-4AAA-833F-D202BE80D736}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3346\agent.exe | "{F24A6CC7-6D4A-42F3-B39C-7D30C85B4198}" = dir=out | name=@{microsoft.bingsports_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | "{F337F7D6-63BB-4D8B-8B4C-D434F58E6460}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3346\agent.exe | "{F3409D87-0313-4464-8F58-77A65E0E80E7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3454\agent.exe | "{F3727E2D-06F8-4498-9BFB-A552E41BB0A2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe | "{F4253AEC-E74F-4433-A342-3D5CE46063C1}" = protocol=17 | dir=in | app=d:\wow\battle.net\battle.net.exe | "{F58471B9-16DE-427C-848F-039477B85059}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3689\agent.exe | "{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | "{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | "{FA5A6BC4-CC14-48FA-9D44-72579B1999F6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3346\agent.exe | "{FBD39155-15A1-4EAE-B09E-C05325064850}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{FC23D6CF-2FCD-4319-82F4-DC7E0C14A630}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{FC4CA7CB-577B-475B-A527-6D1243412DA8}" = dir=out | name=jigswar recommended by asus | "{FCD67135-4DBD-4FFA-A457-79430F18648E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FD3FB14E-E2B3-423F-8AF1-093270B2B4E2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{FDFC9CAD-8286-4116-AFFE-272C9F36D142}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3526\agent.exe | "{FE5ACF22-F5C0-4870-9297-340499D0B6F1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3478\agent.exe | "{FEE47D91-AF28-4DC2-906D-2BA73C89FC1D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe | "{FFA42B66-6C35-4933-81F8-D2D57E5E6188}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology "{4B5B6BB3-DA04-4B56-AE17-DDBF3F446888}" = Intel(R) Network Connections 18.5.54.0 "{54F2237F-018C-483B-8884-9FC0D88840C3}" = VC_CRT_x64 "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89AFB053-A343-46EF-97E4-D593AD7184E6}" = Intel® Trusted Connect Service Client "{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component "{93F692D4-0C4D-4EED-9BFE-657C1D5959FE}" = Intel(R) Rapid Storage Technology "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}" = ASUS Music Maker "{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 350.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 350.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 350.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.4.1.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 349.95 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.15.0324 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.4.1.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.33.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio" = NVIDIA Miracast Virtueller Ton 350.12 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.4.1.21 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.27 "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "O365HomePremRetail - de-de" = Microsoft Office 365 - de-de "PROSetDX" = Intel(R) Network Connections 18.5.54.0 "Reimage Repair" = Reimage Repair "TeamSpeak 3 Client" = TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{032CB0D7-FDBF-4CA9-901B-A4C1B01B1777}" = Συλλογή φωτογραφιών "{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform "{03EC56DE-6424-43D7-A020-1EEE3E8159DE}" = PDF Architect 2 Create Module "{06BBCA29-E177-44BB-901E-BA318CF064FD}" = Alcor Micro USB Card Reader Driver "{0BC399ED-8482-413D-B77F-DE105FF6FB8D}" = PDF Architect 2 Forms Module "{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}" = eManual "{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse "{0EB158FA-41B3-49CF-8AE5-6C6F470AD29D}" = Photo Common "{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery "{0FD2B9C6-DB91-48EA-9518-AB5B68CA1E28}" = Movie Maker "{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}" = Fotogalerie "{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions "{10640F6D-6AB0-401E-9FC6-A94D19C580BC}" = Windows Live UX Platform Language Pack "{119A44B5-6237-4D56-8424-5DAE70ED3F4E}" = Windows Live UX Platform Language Pack "{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 "{147FBA18-A6BB-4AD5-8F0A-37380AAABD76}" = Photo Common "{18C928E6-31F0-4DD5-BD4D-55FBCF599712}" = Windows Live UX Platform Language Pack "{1931C916-6CB8-4E4D-8561-EA20C426AE19}" = ASUS Manager - USB Lock "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2020C08E-74F5-4E9F-BD2A-41F8CB6EBA10}" = Photo Gallery "{23B93929-FAD4-40E5-96C6-0E977BB87204}" = Windows Live Essentials "{25716F85-7DB7-4CB4-8BD3-1992DBA3F59C}" = 照片库 "{26886AFE-394D-4875-827B-04379487921D}" = Photo Common "{268F956D-2FE7-4D10-8070-A4AC3BEF54EF}" = Movie Maker "{28B1238E-1C18-4637-A2B7-95315E94EB29}_is1" = diclovit's mod pack 1.12.1 "{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack "{2DCE446C-D090-4458-8782-8F16DF94351E}" = ASUS Manager - Ai Booting "{3206854C-84DC-4BB0-9CDF-25BC3826810B}" = Windows Live UX Platform Language Pack "{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3 "{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}" = Firebird SQL Server - MAGIX Edition "{3C5F91EF-5C0B-4D13-BCBE-0FC6FC3ED7F9}" = Movie Maker "{3C60C40A-934A-4008-B68B-E70F58420AA1}" = Windows Live Essentials "{3C98F340-D42C-4D75-8C96-5CC1E24F5599}" = PDF Architect 2 OCR Module "{40376CD0-67E0-4190-86CA-8BD8CBAC331C}" = ASUS Launcher "{4224D19D-2E7D-4E90-97A4-20C654B28AB8}" = Windows Live Essentials "{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker "{49DC9658-D26A-4AAB-A83A-2655B8033056}" = Photo Common "{4FB56489-F34B-42AA-9437-FB9E0B0543F7}" = Movie Maker "{4fcf070a-daac-45e9-a8b0-6850941f7ed8}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 "{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer "{5A5B6AA4-8849-4038-9A8D-D7F9947EE8FE}" = Photo Common "{5C601EA8-D519-4010-8CD0-BD3B94A6DD58}" = Photo Common "{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials "{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}" = Movie Maker "{6141DFFC-17B5-4B20-B9F2-B7675F29E057}" = PDF Architect 2 Secure Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66500393-97E6-417B-93A7-43A6B7506E7F}" = Windows Live 软件包 "{675BBE8A-0ED3-4048-8723-BA51EAB8E1A8}" = ASUS Manager - Update "{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE "{6BA68C11-0B63-4192-B880-0B5E3F7949F9}" = Windows Live UX Platform Language Pack "{6DFF6F1B-F876-4007-AC82-42D5DDF0E090}" = Galeria de Fotografias "{722CD95C-98C7-4E73-925A-68D2D4F651A6}" = Photo Common "{74A43682-C44A-42F2-B161-2C7C359745A0}" = PDF Architect 2 Convert Module "{7693587D-5D66-4208-ABEA-C370217D1D9B}" = Movie Maker "{780291FE-0D39-441E-BE3D-7A820951C3D4}" = Photo Common "{7DB15F28-5E38-476A-A773-EA07EAEAB1B3}" = 影像中心 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8528EEBC-9EBE-44A7-9DFB-EE401BA916C7}" = PDF Architect 2 Edit Module "{877454F9-FD7F-49A4-A8BB-4519F6899ABA}" = PDF Architect 2 Insert Module "{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8DD7ECD5-FE54-4E15-B5AA-DA3F89CA439A}" = Windows Live UX Platform Language Pack "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component "{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component "{936D4074-6A57-45ED-AF5A-F7CF5A56DE6F}" = Windows Live Essentials "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AF45D7C-34F1-4BA0-B799-825C8C04494C}" = ASUS Manager - Ai Charger II "{A52DB080-D445-49EB-90D2-03B9CD794511}" = Photo Common "{AA806DB1-E882-4834-8102-B5F256BE9A2F}" = Windows Live Essentials "{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Deutsch "{ADEB1E6F-1C01-4EEB-A551-8E3F8CD2F35F}" = Windows Live UX Platform Language Pack "{B1865FCC-BE34-4800-AF2F-FB0120821B6A}" = Movie Maker "{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B524274D-5B48-4DCC-8C1D-3D66A35B3685}" = Windows Live 程式集 "{BA69CEF3-309F-43ED-80C8-512A16620897}" = PDF Architect 2 Review Module "{BDD0222F-D1C2-47DB-ABBE-62EB4F887A56}" = Windows Live UX Platform Language Pack "{BDDC2D1F-092F-476F-A7D7-819AA5F434DF}" = Windows Live UX Platform Language Pack "{C0018D63-C33C-4515-9CE8-3BC8830F79A1}" = Photo Gallery "{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common "{C960FF38-431D-429D-AD1F-FBD12A45B7C5}" = PDF Architect 2 View Module "{CCC7C18E-1BEA-409F-B7A9-6C9740B99119}" = Windows Live UX Platform Language Pack "{CF4A14CB-C4CB-4241-B659-7C58517515CF}" = ASUS Manager - Recovery "{DD248BEE-E925-4720-A775-9A42276BB6EA}" = ASUS Manager - Power Manager "{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common "{DE7D8CF9-9C52-4BE0-B3E0-D4F116C524A8}" = Windows Live "{DE9C585C-8578-4A8A-B92A-BA8DF2540E21}" = Movie Maker "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E169436E-49D8-419B-A5C0-D245EAF99611}" = Movie Maker "{E22A19AE-7DDB-4959-B1DB-A0996294352A}" = ASUS Manager - PC Cleanup "{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform "{EC5E0CAF-BC28-401C-B8BE-89C496D6D66F}" = Windows Live Essentials "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F25C8769-16B6-4B19-BB0B-76F213829AC6}" = Movie Maker "{F4D99A13-F63A-4FC1-8799-CFFDB78DDFB3}" = Galerie de photos "{F5E5AD85-4A90-4604-A887-464D3818D8FD}" = ASUS Manager "{F7314CA2-F900-46D7-9EA1-FBDD9D73F765}" = Galería de fotos "{F875E135-31C5-4C4D-929F-D49E6332E7F1}" = Photo Common "{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 "{FA6BC7A5-85B3-4DC2-825C-D508E386151A}" = Raccolta foto "{FF2DE2F0-A25E-4AE6-A2E0-056665520F1C}" = Windows Live Essentials "Adobe Flash Player NPAPI" = Adobe Flash Player 17 NPAPI "AmUStor" = Alcor Micro USB Card Reader Driver "Asus Vibe2.0" = AsusVibe2.0 "Battle.net" = Battle.net "Diablo III" = Diablo III "ElsterFormular" = ElsterFormular "InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}" = CyberLink PhotoDirector 3 "InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10 "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD "MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}" = ASUS Music Maker "Mozilla Firefox 37.0.1 (x86 de)" = Mozilla Firefox 37.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSC" = McAfee Internet Security "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Overwolf" = Overwolf "PDF Architect 2" = PDF Architect 2 "Steam" = Steam "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "WindowsProtectManger" = WindowsProtectManger20.0.0.401 "WinLiveSuite" = Windows Live Essentials "World of Warcraft" = World of Warcraft "World of Warcraft Public Test" = World of Warcraft Public Test "ZRwTINhSZfduKONYrSCTiCiGPggQZdcLRvoAVxyCOXXpkHeC~1DC3968F_is1" = Aslain's XVM Mod Version 4.2.2 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3412733107-315020943-3521016687-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "OneDriveSetup.exe" = Microsoft OneDrive ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 17.04.2015 14:05:25 | Computer Name = Ricks | Source = NvStreamSvc | ID = 133073 Description = Error - 17.04.2015 15:02:09 | Computer Name = Ricks | Source = Application Hang | ID = 1002 Description = Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 27240 Startzeit: 01d079403e306094 Endzeit: 4294967295 Anwendungspfad: C:\Windows\syswow64\wwahost.exe Berichts-ID: 34f4eb18-e534-11e4-829f-e03f494bdcb8 Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error - 17.04.2015 16:32:09 | Computer Name = Ricks | Source = Application Hang | ID = 1002 Description = Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2836c Startzeit: 01d0794cd93abc7b Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: cd4a4c56-e540-11e4-829f-e03f494bdcb8 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error - 17.04.2015 17:16:56 | Computer Name = Ricks | Source = Application Hang | ID = 1002 Description = Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 29348 Startzeit: 01d079531b033a7a Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 0fc5e4de-e547-11e4-829f-e03f494bdcb8 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error - 17.04.2015 17:16:57 | Computer Name = Ricks | Source = Application Hang | ID = 1002 Description = Programm wwahost.exe, Version 6.3.9600.17031 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 291fc Startzeit: 01d079531adc7101 Endzeit: 4294967295 Anwendungspfad: C:\Windows\syswow64\wwahost.exe Berichts-ID: 1178ed28-e547-11e4-829f-e03f494bdcb8 Vollständiger Name des fehlerhaften Pakets: Microsoft.SkypeApp_3.1.0.1007_x86__kzf8qxf38zg5c Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App Error - 18.04.2015 16:57:38 | Computer Name = Ricks | Source = NvStreamSvc | ID = 133073 Description = Error - 18.04.2015 17:04:09 | Computer Name = Ricks | Source = OverwolfUpdater | ID = 0 Description = Der Dienst kann nicht gestartet werden. Das Handle ist ungültig Error - 18.04.2015 18:49:43 | Computer Name = Ricks | Source = Application Hang | ID = 1002 Description = Programm LiveComm.exe, Version 17.5.9600.20689 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2a42c Startzeit: 01d07a29365f4ae2 Endzeit: 4294967295 Anwendungspfad: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Berichts-ID: 2b621f89-e61d-11e4-829f-e03f494bdcb8 Vollständiger Name des fehlerhaften Pakets: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Anwendungs-ID, die relativ zum fehlerhaften Paket ist: ppleae38af2e007f4358a809ac99a64a67c1 Error - 20.04.2015 12:42:55 | Computer Name = Ricks | Source = NvStreamSvc | ID = 133073 Description = Error - 20.04.2015 12:48:35 | Computer Name = Ricks | Source = OverwolfUpdater | ID = 0 Description = Der Dienst kann nicht gestartet werden. Das Handle ist ungültig [ System Events ] Error - 13.04.2015 13:34:08 | Computer Name = Ricks | Source = DCOM | ID = 10010 Description = Error - 13.04.2015 13:35:03 | Computer Name = Ricks | Source = DCOM | ID = 10010 Description = Error - 13.04.2015 13:35:33 | Computer Name = Ricks | Source = DCOM | ID = 10010 Description = Error - 16.04.2015 15:51:19 | Computer Name = Ricks | Source = DCOM | ID = 10010 Description = Error - 16.04.2015 15:51:21 | Computer Name = Ricks | Source = DCOM | ID = 10010 Description = Error - 16.04.2015 15:51:21 | Computer Name = Ricks | Source = DCOM | ID = 10010 Description = Error - 17.04.2015 16:32:41 | Computer Name = Ricks | Source = DCOM | ID = 10010 Description = Error - 17.04.2015 16:36:43 | Computer Name = Ricks | Source = DCOM | ID = 10010 Description = Error - 17.04.2015 18:22:19 | Computer Name = Ricks | Source = DCOM | ID = 10010 Description = Error - 20.04.2015 15:45:52 | Computer Name = Ricks | Source = Service Control Manager | ID = 7034 Description = Dienst "Device Handle Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > OTL OTL logfile created on: 20.04.2015 21:48:51 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rick\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17239) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,94 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 30,39% Memory free 9,19 Gb Paging File | 3,22 Gb Available in Paging File | 35,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 150,00 Gb Total Space | 84,23 Gb Free Space | 56,15% Space Free | Partition Type: NTFS Drive D: | 764,71 Gb Total Space | 651,54 Gb Free Space | 85,20% Space Free | Partition Type: NTFS Computer Name: RICKS | User Name: Rick | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Rick\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Overwolf\0.84.95.0\OverwolfHelper.exe (Overwolf LTD) PRC - C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf LTD) PRC - C:\Program Files (x86)\Overwolf\0.84.95.0\OverwolfTSHelper.exe (Overwolf LTD) PRC - C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) PRC - D:\World_of_Tanks\WorldOfTanks.exe (Wargaming.net) PRC - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.) PRC - C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\PDF Architect 2\creator-ws.exe (pdfforge GmbH) PRC - C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe (Microsoft) PRC - C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe (ASUSTeK) PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\ASUS Manager\Ai Charger II\Ai_ChargerII_TrayIcon(ASUS_Manager).exe (ASUSTeK) PRC - C:\Program Files (x86)\InstallShield Installation Information\{9AF45D7C-34F1-4BA0-B799-825C8C04494C}\AiChargerDT.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Windows\vVX3000.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - c:\users\rick\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm8ovor.dll () MOD - C:\Program Files (x86)\Overwolf\0.84.95.0\teamspeak_control_win32.dll () MOD - C:\Program Files (x86)\Overwolf\0.84.95.0\UltraID3Lib.dll () MOD - C:\Program Files (x86)\Overwolf\0.84.95.0\CoreAudioApi.dll () MOD - C:\Program Files (x86)\Overwolf\0.84.95.0\libcef.DLL () MOD - C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll () MOD - C:\Users\Rick\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll () MOD - C:\Users\Rick\AppData\Roaming\Dropbox\bin\libGLESv2.dll () MOD - C:\Users\Rick\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll () MOD - C:\Users\Rick\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll () MOD - C:\Users\Rick\AppData\Roaming\Dropbox\bin\libEGL.dll () MOD - C:\Users\Rick\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll () MOD - C:\Users\Rick\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll () MOD - D:\World_of_Tanks\voip.dll () MOD - C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll () MOD - D:\World_of_Tanks\librsync.dll () MOD - C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll () MOD - D:\World_of_Tanks\NxCooking.dll () MOD - D:\World_of_Tanks\ortp.dll () MOD - D:\World_of_Tanks\libcurl.dll () MOD - D:\World_of_Tanks\PhysXLoader.dll () ========== Services (SafeList) ========== SRV:64bit: - (GfExperienceService) -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) SRV:64bit: - (McODS) -- C:\Program Files\mcafee\VirusScan\mcods.exe (McAfee, Inc.) SRV:64bit: - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation) SRV:64bit: - (mccspsvc) -- C:\Program Files\Common Files\McAfee\CSP\1.3.374.0\McCSPServiceHost.exe (McAfee, Inc.) SRV:64bit: - (ReimageRealTimeProtector) -- C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe (Reimage®) SRV:64bit: - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) SRV:64bit: - (MSK80Service) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mcpltsvc) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McOobeSv2) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (HomeNetSvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation) SRV:64bit: - (WdNisSvc) -- C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation) SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel(R) Corporation) SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV:64bit: - (RichVideo64) -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe () SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (OverwolfUpdater) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf LTD) SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) SRV - (Razer Game Scanner Service) -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe () SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (0002801429214145mcinstcleanup) -- C:\Windows\Temp\0002801429214145mcinst.exe (McAfee, Inc.) SRV - (PDF Architect 2) -- C:\Program Files (x86)\PDF Architect 2\ws.exe (pdfforge GmbH) SRV - (pdfforge CrashHandler) -- C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe (pdfforge GmbH) SRV - (PDF Architect 2 Creator) -- C:\Program Files (x86)\PDF Architect 2\creator-ws.exe (pdfforge GmbH) SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation) SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe () SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Device Handle Service) -- C:\Windows\SysWOW64\AsHookDevice.exe () SRV - (McAWFwk) -- c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe (McAfee, Inc.) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation) DRV:64bit: - (rzpmgrk) -- C:\Windows\SysNative\drivers\rzpmgrk.sys (Razer, Inc.) DRV:64bit: - (rzjstk) -- C:\Windows\SysNative\drivers\rzjstk.sys (Razer Inc) DRV:64bit: - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer Inc) DRV:64bit: - (rzendpt) -- C:\Windows\SysNative\drivers\rzendpt.sys (Razer Inc) DRV:64bit: - (rzpnk) -- C:\Windows\SysNative\drivers\rzpnk.sys (Razer, Inc.) DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mfeelamk) -- C:\Windows\SysNative\drivers\mfeelamk.sys (McAfee, Inc.) DRV:64bit: - (mfencrk) -- C:\Windows\SysNative\drivers\mfencrk.sys (McAfee, Inc.) DRV:64bit: - (mfencbdc) -- C:\Windows\SysNative\drivers\mfencbdc.sys (McAfee, Inc.) DRV:64bit: - (Wof) -- C:\Windows\SysNative\drivers\wof.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - ({9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64) -- C:\Windows\SysNative\drivers\{9a9157bb-003e-4fef-8bd1-c09bc4586a28}Gw64.sys (StdLib) DRV:64bit: - ({f64c1459-b911-4fd8-a74e-36a496bf26e3}Gw64) -- C:\Windows\SysNative\drivers\{f64c1459-b911-4fd8-a74e-36a496bf26e3}Gw64.sys (StdLib) DRV:64bit: - (rzkeypadendpt) -- C:\Windows\SysNative\drivers\rzkeypadendpt.sys (Razer Inc) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ReFS) -- C:\Windows\SysNative\drivers\refs.sys (Microsoft Corporation) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\drivers\BthLEEnum.sys (Microsoft Corporation) DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation) DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation) DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation) DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation) DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\TeeDriverx64.sys (Intel Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation) DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation) DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation) DRV:64bit: - (e1dexpress) -- C:\Windows\SysNative\drivers\e1d64x64.sys (Intel Corporation) DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\drivers\e1i63x64.sys (Intel Corporation) DRV:64bit: - (VX3000) -- C:\Windows\SysNative\drivers\VX3000.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3412733107-315020943-3521016687-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-3412733107-315020943-3521016687-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-3412733107-315020943-3521016687-1002\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found IE - HKU\S-1-5-21-3412733107-315020943-3521016687-1002\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} IE - HKU\S-1-5-21-3412733107-315020943-3521016687-1002\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M0809D83C-93A7-4FAB-A7E7-43C3823E93F4&SearchSource=58&CUI=&UM=2&UP=SP8F851441-4169-4E82-B4FB-CFAAB7789BBE&q={searchTerms}&SSPV= IE - HKU\S-1-5-21-3412733107-315020943-3521016687-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.countryCode: "DE" FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.search.region: "DE" FF - prefs.js..browser.search.selectedEngine: "Trovi search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://googel.de/" FF - prefs.js..extensions.enabledAddons: %7Bdd3d7613-0246-469d-bc65-2a3cc1668adc%7D:1.1.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\PDF Architect 2: C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2015.04.16 21:57:00 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.06.21 03:25:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\mozilla\Extensions [2015.04.04 23:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rick\AppData\Roaming\mozilla\Firefox\Profiles\ctld6cim.default-1404318921268\extensions [2014.07.05 12:29:59 | 000,000,000 | ---D | M] (Block site) -- C:\Users\Rick\AppData\Roaming\mozilla\Firefox\Profiles\ctld6cim.default-1404318921268\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015.04.03 18:06:15 | 000,970,672 | ---- | M] () (No name found) -- C:\Users\Rick\AppData\Roaming\mozilla\firefox\profiles\ctld6cim.default-1404318921268\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014.08.20 18:14:57 | 000,000,643 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\mozilla\firefox\profiles\ctld6cim.default-1404318921268\searchplugins\trovi-search.xml [2015.04.12 12:37:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2015.04.12 12:37:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.08.22 15:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [fst_de_59] File not found O4 - HKLM..\Run: [fst_de_60] File not found O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (McAfee, Inc.) O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-3412733107-315020943-3521016687-1002..\Run: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe (Overwolf LTD) O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk = C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rick\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1362B59-9637-439A-9FF1-BFF68156BE93}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\osf - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\MCSNIE~1.DLL (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2015.04.20 20:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2015.04.16 21:56:48 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys [2015.04.14 21:52:13 | 018,178,736 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2015.04.13 18:28:16 | 000,560,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [2015.04.13 18:21:32 | 001,895,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6435012.dll [2015.04.13 18:21:32 | 001,557,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6435012.dll [2015.04.13 18:21:29 | 031,570,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2015.04.13 18:21:29 | 030,397,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2015.04.13 18:21:29 | 025,375,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2015.04.13 18:21:29 | 024,053,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2015.04.13 18:21:29 | 015,818,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2015.04.13 18:21:29 | 015,716,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2015.04.13 18:21:29 | 014,006,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2015.04.13 18:21:29 | 012,852,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2015.04.13 18:21:29 | 011,380,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2015.04.13 18:21:29 | 002,896,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2015.04.13 18:21:29 | 002,573,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2015.04.13 18:21:29 | 001,086,424 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2015.04.13 18:21:29 | 001,047,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll [2015.04.13 18:21:29 | 001,037,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll [2015.04.13 18:21:29 | 000,970,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll [2015.04.13 18:21:29 | 000,962,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll [2015.04.13 18:21:29 | 000,927,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2015.04.13 18:21:29 | 000,499,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll [2015.04.13 18:21:29 | 000,402,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll [2015.04.13 18:21:29 | 000,390,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll [2015.04.13 18:21:29 | 000,346,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll [2015.04.13 18:21:29 | 000,175,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2015.04.13 18:21:29 | 000,154,256 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2015.04.13 18:21:29 | 000,150,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll [2015.04.13 18:21:29 | 000,128,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll [2015.04.12 12:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015.04.20 21:55:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\pennybee Runner.job [2015.04.20 21:50:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015.04.20 19:04:03 | 000,007,812 | ---- | M] () -- C:\Windows\SysNative\ScanResults.xml [2015.04.20 18:58:21 | 000,000,464 | ---- | M] () -- C:\Windows\SysNative\ScannerSettings [2015.04.20 18:42:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015.04.17 21:08:52 | 000,007,608 | ---- | M] () -- C:\Users\Rick\AppData\Local\Resmon.ResmonCfg [2015.04.14 21:52:13 | 018,178,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe [2015.04.13 18:30:17 | 001,768,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2015.04.13 18:30:17 | 000,741,062 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2015.04.13 18:30:17 | 000,731,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015.04.13 18:30:17 | 000,155,730 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2015.04.13 18:30:17 | 000,143,714 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2015.04.11 11:58:11 | 000,001,187 | ---- | M] () -- C:\Users\Rick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015.04.11 11:58:00 | 000,001,069 | ---- | M] () -- C:\Users\Rick\Desktop\Dropbox.lnk [2015.04.09 02:58:18 | 031,570,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2015.04.09 02:58:18 | 030,397,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2015.04.09 02:58:18 | 025,375,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2015.04.09 02:58:18 | 024,053,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2015.04.09 02:58:18 | 017,176,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2015.04.09 02:58:18 | 015,818,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2015.04.09 02:58:18 | 015,716,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2015.04.09 02:58:18 | 014,617,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2015.04.09 02:58:18 | 014,006,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2015.04.09 02:58:18 | 012,852,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2015.04.09 02:58:18 | 012,689,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2015.04.09 02:58:18 | 011,380,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2015.04.09 02:58:18 | 003,317,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2015.04.09 02:58:18 | 002,935,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2015.04.09 02:58:18 | 002,896,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2015.04.09 02:58:18 | 002,573,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2015.04.09 02:58:18 | 001,895,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6435012.dll [2015.04.09 02:58:18 | 001,557,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6435012.dll [2015.04.09 02:58:18 | 001,086,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2015.04.09 02:58:18 | 001,047,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll [2015.04.09 02:58:18 | 001,037,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll [2015.04.09 02:58:18 | 000,970,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll [2015.04.09 02:58:18 | 000,962,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll [2015.04.09 02:58:18 | 000,927,440 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2015.04.09 02:58:18 | 000,849,552 | ---- | M] () -- C:\Windows\SysNative\nvmcumd.dll [2015.04.09 02:58:18 | 000,499,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll [2015.04.09 02:58:18 | 000,402,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll [2015.04.09 02:58:18 | 000,390,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFROpenGL.dll [2015.04.09 02:58:18 | 000,346,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFROpenGL.dll [2015.04.09 02:58:18 | 000,175,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2015.04.09 02:58:18 | 000,154,256 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2015.04.09 02:58:18 | 000,150,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll [2015.04.09 02:58:18 | 000,128,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll [2015.04.09 02:58:18 | 000,078,480 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2015.04.09 02:58:18 | 000,066,704 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2015.04.09 02:58:18 | 000,029,329 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2015.04.08 23:30:18 | 006,841,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2015.04.08 23:30:18 | 003,478,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2015.04.08 23:30:14 | 002,558,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2015.04.08 23:30:14 | 000,062,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2015.04.08 23:30:13 | 000,385,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2015.04.08 22:32:32 | 000,560,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe [2015.04.08 19:52:00 | 004,336,074 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2015.04.05 14:59:51 | 000,000,025 | -HS- | M] () -- C:\Windows\SysWow64\ReadTag.ini [2015.04.05 14:59:41 | 000,577,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2015.04.05 14:59:32 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2015.04.05 14:59:26 | 2526,052,351 | -HS- | M] () -- C:\hiberfil.sys [2015.03.31 21:47:13 | 000,001,400 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk [2015.03.28 05:44:01 | 001,316,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll [2015.03.28 05:44:01 | 001,316,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspbridge.dll [2015.03.28 05:43:39 | 001,756,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspbridge64.dll [2015.03.28 05:43:39 | 001,570,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2015.04.13 18:21:29 | 000,849,552 | ---- | C] () -- C:\Windows\SysNative\nvmcumd.dll [2015.03.17 23:28:00 | 000,007,608 | ---- | C] () -- C:\Users\Rick\AppData\Local\Resmon.ResmonCfg [2014.12.03 09:29:30 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2014.12.03 09:29:30 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2014.11.26 11:46:51 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2014.11.26 11:46:51 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2014.08.20 15:58:36 | 000,000,182 | ---- | C] () -- C:\Windows\Reimage.ini [2014.06.24 08:27:45 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini [2014.06.21 04:12:48 | 000,449,848 | ---- | C] () -- C:\Windows\ASUSUpdater.exe [2014.06.20 21:09:08 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2014.01.26 22:59:53 | 000,000,025 | -HS- | C] () -- C:\Windows\SysWow64\ReadTag.ini [2014.01.26 22:55:38 | 000,207,160 | ---- | C] () -- C:\Windows\SysWow64\AsHookDevice.exe [2014.01.26 22:55:29 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2014.01.26 22:54:41 | 000,015,232 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2014.01.26 22:54:41 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2014.01.26 22:54:41 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2014.01.26 22:49:22 | 008,515,180 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014.01.09 11:28:16 | 000,879,104 | ---- | C] () -- C:\Windows\AsusLauncherContextMenu64.dll [2014.01.09 11:28:16 | 000,246,784 | ---- | C] () -- C:\Windows\AsusLauncherContextMenu32.dll [2014.01.09 11:28:16 | 000,005,350 | ---- | C] () -- C:\Windows\alglist.ini [2014.01.09 11:28:16 | 000,002,434 | ---- | C] () -- C:\Windows\alglist_Commercial.ini [2014.01.09 11:14:19 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2014.01.09 11:01:08 | 000,006,749 | ---- | C] () -- C:\Windows\Ascd_log.ini [2014.01.09 11:01:08 | 000,002,761 | ---- | C] () -- C:\Windows\Ascd_HDI_log.ini [2014.01.09 11:01:08 | 000,002,476 | ---- | C] () -- C:\Windows\scd.ini [2014.01.09 11:01:08 | 000,000,000 | ---- | C] () -- C:\Windows\Ascd_err.ini [2014.01.09 11:00:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2014.01.09 11:00:32 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2014.01.09 11:00:32 | 000,003,728 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2013.08.22 17:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2013.08.22 17:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2013.08.22 16:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2013.08.22 09:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2013.08.22 05:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2013.08.22 01:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2013.08.22 01:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2013.05.12 03:17:52 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2014.06.20 22:27:51 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014.04.06 18:31:39 | 021,268,952 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014.04.06 17:22:20 | 018,755,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 11:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 04:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 11:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2014.06.21 04:12:05 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Battle.net [2014.06.21 04:44:04 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Curse Advertising [2015.04.20 18:43:39 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Dropbox [2014.12.28 18:47:17 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\elsterformular [2014.08.07 16:12:15 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\PDF Architect 2 [2014.08.07 16:05:19 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\pdfforge [2015.04.20 21:54:00 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\TS3Client [2014.12.23 00:40:35 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\Wargaming.net [2015.03.11 21:22:45 | 000,000,000 | ---D | M] -- C:\Users\Rick\AppData\Roaming\WebStorage ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 237 bytes -> C:\Users\Rick\SkyDrive:ms-properties < End of report > |
Hallo und :hallo: Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Zudem bitte auch ein Log mit Farbars Tool machen: Scan mit Farbar's Recovery Scan Tool (FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
|
FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015 |
1.) Was ist mit meiner Frage nach bisherigen Funden und wenn es welche gab, den Logs dazu? 2.) Du hast 2x die FRST.txt gepostet - Addition.txt bitte nachreichen 3.) Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter. FRST jetzt nicht nochmal starten, es war nur ein Hinweis, dass du bitte fortan alle unsere Tools auf den Desktop ablegst! |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 02:01 Uhr. |
Copyright ©2000-2025, Trojaner-Board