Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "C:\Windows\SysWOW64" öffnet sich bei Systemstart

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.04.2013, 18:40   #1
Adler-Wolf
 

"C:\Windows\SysWOW64" öffnet sich bei Systemstart - Standard

"C:\Windows\SysWOW64" öffnet sich bei Systemstart



Guten Tag liebe Trojaner-Board Helfer!

Ich habe Aktuell ein Problem mit meinem Windows.
Wenn ich mein Rechner starte öffnet sich Aktuell der oder "C:\Windows\SysWOW64". Das ist schon sehr merkwürdig und auch lästig. Habe schon im Autostart Ordner und in msconfig.exe geschaut aber nichts gefunden.


Zu meinem System ich nutzte Kubuntu und Windows 7 Professional 64-Bit ( bin Student habe es über Dreamspark). Ich nutzte Gdata Total Protection 2014


So dann folgen mal die gewünschten Logs für alle neuen Posts:
Defogger wurde ausgeführt.

OTL.txt
Code:
ATTFilter
OTL logfile created on: 18.04.2013 19:20:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Adler-Wolf\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 51,95% Memory free
8,00 Gb Paging File | 5,53 Gb Available in Paging File | 69,12% Paging File free
Paging file location(s): f:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 19,26 Gb Free Space | 34,52% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 120,22 Gb Free Space | 51,62% Space Free | Partition Type: NTFS
Drive E: | 1171,90 Gb Total Space | 366,19 Gb Free Space | 31,25% Space Free | Partition Type: NTFS
Drive F: | 341,82 Gb Total Space | 249,30 Gb Free Space | 72,93% Space Free | Partition Type: NTFS
Drive G: | 349,17 Gb Total Space | 142,59 Gb Free Space | 40,84% Space Free | Partition Type: NTFS
 
Computer Name: ADLER-WOLF-PC | User Name: Adler-Wolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.18 19:19:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Adler-Wolf\Downloads\OTL.exe
PRC - [2013.04.11 22:08:10 | 001,104,280 | ---- | M] (Spotify Ltd) -- D:\Users\Adler-Wolf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.04.09 21:56:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.04.05 02:06:38 | 001,631,144 | ---- | M] (Valve Corporation) -- E:\Program Files (x86)\Steam\Steam.exe
PRC - [2013.04.05 02:06:38 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.04.05 00:41:44 | 025,863,280 | ---- | M] (Dropbox, Inc.) -- D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.03.11 13:32:00 | 006,873,600 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe
PRC - [2013.03.04 11:09:17 | 001,956,304 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2013.02.27 10:32:11 | 001,942,480 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
PRC - [2013.02.26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013.02.26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013.02.26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2013.02.25 05:01:04 | 001,444,304 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe
PRC - [2013.02.25 04:52:49 | 001,854,416 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe
PRC - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
PRC - [2013.01.23 08:12:42 | 000,166,968 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
PRC - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.22 18:57:30 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2011.08.22 18:52:46 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2011.02.11 05:34:22 | 000,664,944 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2010.12.19 04:50:30 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2010.11.23 18:33:22 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2010.08.02 21:13:12 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2010.03.31 01:37:34 | 000,309,848 | ---- | M] (TechniSat Digital, S.A.) -- C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe
PRC - [2010.02.18 19:27:40 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009.11.10 19:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
PRC - [2009.11.04 17:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razertra.exe
PRC - [2009.10.05 13:06:46 | 000,036,864 | ---- | M] () -- C:\Programme\MagicTune Premium\GammaTray.exe
PRC - [2007.08.16 18:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files (x86)\Razer\Lachesis\OSD.exe
PRC - [2007.06.05 11:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.05 02:06:38 | 001,114,024 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013.03.26 00:23:34 | 000,651,776 | ---- | M] () -- E:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.01.23 08:12:42 | 000,166,968 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
MOD - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
MOD - [2013.01.16 18:01:08 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
MOD - [2013.01.16 18:01:06 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
MOD - [2013.01.16 18:01:00 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll
MOD - [2013.01.16 18:00:58 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll
MOD - [2013.01.16 18:00:56 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll
MOD - [2013.01.16 12:58:54 | 008,626,176 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2013.01.16 12:58:52 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2013.01.16 12:58:50 | 002,408,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2013.01.11 04:22:32 | 003,547,136 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.11.30 12:48:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll
MOD - [2012.11.30 12:45:56 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll
MOD - [2012.11.30 12:26:54 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll
MOD - [2012.11.30 12:24:00 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011.08.22 18:57:32 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll
MOD - [2011.04.30 21:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
MOD - [2011.04.30 21:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll
MOD - [2010.03.30 14:25:38 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\TechniSat DVB\bin\LIBBZ2.dll
MOD - [2009.11.10 19:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
MOD - [2009.11.04 17:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razertra.exe
MOD - [2009.10.05 13:06:46 | 000,036,864 | ---- | M] () -- C:\Programme\MagicTune Premium\GammaTray.exe
MOD - [2009.03.26 15:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.04.09 21:56:13 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.04.06 16:22:31 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.05 02:06:38 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.19 00:06:41 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.18 23:59:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013.03.18 23:58:54 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013.03.15 00:08:30 | 001,871,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV - [2013.03.04 11:09:17 | 001,956,304 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2013.02.27 10:32:11 | 001,942,480 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2013.02.26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013.02.26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013.02.26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2013.02.25 15:00:02 | 000,257,512 | ---- | M] (G Data Software) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService)
SRV - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2013.02.25 13:30:26 | 000,178,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2013.02.25 05:06:17 | 001,711,568 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2013.02.25 04:48:22 | 002,656,800 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2013.02.25 04:41:37 | 002,249,944 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.16 13:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2012.11.22 07:12:46 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2012.10.11 17:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012.01.05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2011.02.11 05:34:22 | 000,664,944 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010.12.19 04:50:30 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010.11.23 18:33:22 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.08 14:07:19 | 000,062,808 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013.04.08 14:07:00 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT)
DRV:64bit: - [2013.04.08 14:07:00 | 000,077,656 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gddcd64.sys -- (gddcd)
DRV:64bit: - [2013.04.08 14:07:00 | 000,058,712 | ---- | M] (G Data Software AG) [File_System | System | Running] -- C:\Windows\SysNative\drivers\gddcv64.sys -- (gddcv)
DRV:64bit: - [2013.04.08 14:06:59 | 000,064,856 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013.04.08 14:06:58 | 000,064,856 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013.04.08 14:06:56 | 000,133,976 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013.04.08 14:06:56 | 000,060,248 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2013.02.26 03:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013.02.26 03:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013.02.26 03:27:48 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2013.02.26 03:27:48 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2013.02.26 03:27:44 | 000,033,360 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.10.24 15:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012.10.24 15:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012.10.11 17:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012.10.08 20:52:52 | 000,031,968 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.08.22 20:26:46 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2011.08.22 20:26:34 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2011.08.22 20:26:24 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2011.08.22 20:26:12 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2011.08.22 20:26:02 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2011.08.22 20:25:50 | 000,687,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2011.08.22 20:25:40 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2011.08.22 20:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2011.08.22 20:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2011.08.22 20:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2011.08.22 20:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2011.08.22 20:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2011.08.22 20:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 05:19:58 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.25 03:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2010.10.25 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.05.10 10:09:36 | 000,617,048 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SkyNET_AMD64.sys -- (SKYNET)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.10.16 22:09:14 | 000,029,952 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr)
DRV:64bit: - [2009.09.28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2013.01.23 08:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2012.12.16 13:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003.09.12 08:46:25 | 000,011,376 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 26 8F E1 E3 23 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:05:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:05:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.03.18 16:56:04 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Extensions
[2013.04.18 19:03:41 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions
[2013.03.19 01:00:53 | 000,123,385 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\elemhidehelper@adblockplus.org.xpi
[2013.04.12 20:42:04 | 000,667,481 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi
[2013.03.19 00:59:18 | 000,539,014 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\toolbar@web.de.xpi
[2013.04.10 21:12:40 | 000,350,097 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013.04.18 19:03:41 | 000,532,430 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.03.19 01:00:44 | 000,817,280 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.19 01:05:19 | 000,434,392 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.04.11 22:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.11 22:05:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.11 22:22:55 | 000,049,459 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 00aaf101a7.gougava.asia # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 1a2e115593.efacen.pro # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 1f1.fr # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 4672ee0bc8.laibritec.waw.pl # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 4990usd.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 4xp.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 74.80.131.123 # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 78031d2298.tradorad.waw.pl # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 80323fcc6e.starsogor.waw.pl # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 8e47c22037.temavi.pro # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 96910cbcd4.nicero.pro # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 96fb625592.tysofque.waw.pl:82 # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 98eu.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ack.cdnperformance.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 acking.conversionads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 825 more lines...
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll File not found
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Programme\MagicTune Premium\MagicTuneLauncher.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [G Data ASM] C:\Program Files (x86)\G Data\TotalProtection\DelayLoader\AutorunDelayLoader.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [Steam] E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82F2DF93-C7C7-4878-A9A6-522DC005C2C1}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5B329FC-51AC-4FAF-9053-E3F0FB7D6587}: DhcpNameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F02D95A8-51C7-48D9-AADD-A32E53498649}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\PROGRAM FILES\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\PROGRAM FILES\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e2767a0-9191-11e2-8665-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2e2767a0-9191-11e2-8665-806e6f6e6963}\Shell\AutoRun\command - "" = J:\START.EXE
O33 - MountPoints2\{55701481-93dd-11e2-8390-00d0d7015dd1}\Shell - "" = AutoRun
O33 - MountPoints2\{55701481-93dd-11e2-8390-00d0d7015dd1}\Shell\AutoRun\command - "" = K:\pushinst.exe
O33 - MountPoints2\{f3c13ad9-8fd1-11e2-afe7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f3c13ad9-8fd1-11e2-afe7-806e6f6e6963}\Shell\AutoRun\command - "" = I:\wubi.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.04.16 12:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.04.15 19:19:09 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\LolClient
[2013.04.15 18:57:24 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013.04.15 17:15:48 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\lol
[2013.04.15 17:15:30 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\.swt
[2013.04.14 20:12:22 | 000,023,096 | ---- | C] (Samsung Electronics, Inc. ) -- C:\Windows\SysNative\drivers\MTiCtwl.sys
[2013.04.14 20:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Electronics Ltd
[2013.04.14 20:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\MagicTune Premium
[2013.04.11 22:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.11 19:25:38 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\SmashLand-Final-1-1
[2013.04.11 19:24:12 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Canneverbe Limited
[2013.04.11 19:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2013.04.11 19:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2013.04.11 16:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
[2013.04.11 16:09:59 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\Hausarbeit PM
[2013.04.10 21:54:44 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\vserver
[2013.04.10 19:56:39 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\sw
[2013.04.10 19:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechnoMage
[2013.04.10 18:49:58 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\Diagnostics
[2013.04.08 17:34:38 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\GOG.com Downloads
[2013.04.08 17:33:59 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\GOG.com
[2013.04.08 16:17:55 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\Skyrim
[2013.04.08 14:27:32 | 000,000,000 | -HSD | C] -- C:\#GDATA.Trash.Store#
[2013.04.08 14:14:33 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\G DATA
[2013.04.08 14:14:31 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\G Data
[2013.04.08 14:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data TotalProtection 2014
[2013.04.08 14:07:00 | 000,098,760 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys
[2013.04.08 14:07:00 | 000,077,656 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gddcd64.sys
[2013.04.08 14:07:00 | 000,058,712 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gddcv64.sys
[2013.04.08 14:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA Software
[2013.04.07 15:25:43 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2013.04.07 15:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2013.04.07 15:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SteamLibrary
[2013.04.07 00:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IKARION Software
[2013.04.07 00:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DEMONWORLD
[2013.04.07 00:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Melbourne House
[2013.04.06 19:01:49 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\CrashRpt
[2013.04.06 18:59:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls
[2013.04.06 17:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX
[2013.04.06 17:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hex-Editor MX
[2013.04.06 16:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2013.04.06 16:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2013.04.02 17:40:28 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\ownCloud
[2013.04.02 16:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Putty
[2013.04.01 23:14:09 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
[2013.04.01 23:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPU-Z
[2013.04.01 22:09:02 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\RadeonPro Benchmarks
[2013.04.01 22:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RadeonPro
[2013.04.01 21:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sapphire TRIXX
[2013.04.01 21:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.04.01 21:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.04.01 21:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.04.01 21:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.04.01 21:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013.04.01 21:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.04.01 21:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.04.01 21:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013.04.01 18:23:10 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\pbsetup
[2013.04.01 17:35:40 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\FileZilla
[2013.04.01 17:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013.04.01 17:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013.04.01 16:30:51 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\FFsplit
[2013.04.01 16:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013.04.01 16:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FFsplit
[2013.04.01 16:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FFsplit
[2013.03.31 20:58:48 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\ESN Sonar
[2013.03.30 22:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
[2013.03.30 22:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.03.30 22:22:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2013.03.30 22:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.03.30 14:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.03.30 14:46:02 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\.minecraft
[2013.03.30 01:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
[2013.03.29 22:40:25 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\Darkspore
[2013.03.29 22:40:24 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\DarksporeData
[2013.03.29 22:31:02 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ToshibaEdit
[2013.03.29 22:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToshibaEdit
[2013.03.29 22:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ToshibaEdit
[2013.03.29 22:00:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2013.03.29 13:21:03 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\Streaming Video Recorder
[2013.03.29 13:17:58 | 000,031,968 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys
[2013.03.29 13:17:48 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Apowersoft
[2013.03.28 16:36:24 | 000,000,000 | --SD | C] -- D:\Users\Adler-Wolf\Documents\Meine Shapes
[2013.03.28 16:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.03.28 16:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.03.28 16:33:37 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013.03.28 16:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.03.28 16:33:01 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\Microsoft Help
[2013.03.28 16:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.03.28 16:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.03.28 16:32:51 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013.03.28 16:11:51 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\VMware
[2013.03.28 16:11:48 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\VMware
[2013.03.28 16:11:38 | 000,070,296 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys
[2013.03.28 16:11:38 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll
[2013.03.28 16:11:38 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll
[2013.03.28 16:11:37 | 000,067,664 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2013.03.28 16:11:37 | 000,033,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2013.03.28 16:11:13 | 000,357,456 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2013.03.28 16:11:10 | 000,436,304 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2013.03.28 16:11:10 | 000,030,800 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2013.03.28 16:11:08 | 000,933,968 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2013.03.28 16:11:06 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2013.03.28 16:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2013.03.28 16:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2013.03.28 16:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2013.03.28 16:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2013.03.28 16:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2013.03.27 18:41:56 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\e-academy Inc
[2013.03.27 18:41:56 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\e-academy Inc
[2013.03.27 18:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[2013.03.27 18:34:59 | 000,588,144 | ---- | C] (Juniper Networks) -- C:\Windows\SysNative\dsNcSmartCardProv.dll
[2013.03.27 18:34:59 | 000,419,696 | ---- | C] (Juniper Networks) -- C:\Windows\SysNative\dsNcCredProv.dll
[2013.03.27 18:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Juniper Networks
[2013.03.27 18:34:27 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Juniper Networks
[2013.03.26 19:58:29 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\Neuer Ordner
[2013.03.25 23:17:26 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Malwarebytes
[2013.03.25 23:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.25 23:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirusTotalUploader2
[2013.03.25 23:07:19 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
[2013.03.25 23:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.03.25 23:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.03.25 22:48:57 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2013.03.25 22:42:40 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.25 22:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.03.25 22:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.03.25 22:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2013.03.25 22:17:53 | 000,000,000 | R--D | C] -- C:\Sandbox
[2013.03.25 22:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2013.03.25 22:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2013.03.25 21:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software2000
[2013.03.25 20:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nGlide
[2013.03.25 20:54:03 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bleifuss Fun
[2013.03.25 20:47:24 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\WinRAR
[2013.03.25 20:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.03.25 18:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inno Setup 5
[2013.03.25 18:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inno Setup 5
[2013.03.24 04:59:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.03.24 04:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altitude
[2013.03.24 04:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Altitude
[2013.03.24 04:40:50 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Armagetron
[2013.03.24 04:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament G.O.T.Y. Edition
[2013.03.24 04:34:14 | 000,000,000 | ---D | C] -- C:\UnrealTournament
[2013.03.24 04:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Armagetron Advanced
[2013.03.24 04:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Armagetron Advanced
[2013.03.24 04:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Armagetron
[2013.03.24 04:11:14 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\snes
[2013.03.24 03:50:10 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\Stronghold Crusader
[2013.03.24 03:38:48 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Super Castle Attack
[2013.03.24 03:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Castle Attack
[2013.03.24 03:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Super Castle Attack
[2013.03.24 02:17:23 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\Stronghold
[2013.03.24 02:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com
[2013.03.24 02:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2013.03.24 01:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2013.03.24 01:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III
[2013.03.24 01:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013.03.24 00:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2013.03.23 23:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.03.23 22:53:42 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Petroglyph
[2013.03.23 22:52:54 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2013.03.23 22:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts
[2013.03.23 20:00:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013.03.23 20:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2013.03.23 20:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.03.23 19:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
[2013.03.23 19:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avmwlanstick
[2013.03.23 19:24:18 | 000,714,368 | ---- | C] (AVM GmbH) -- C:\Windows\SysNative\drivers\fwlanusbn.sys
[2013.03.23 19:24:18 | 000,099,328 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\fwusbnci.dll
[2013.03.23 19:24:18 | 000,014,120 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmeject.sys
[2013.03.23 19:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVM_update
[2013.03.23 19:19:07 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver
[2013.03.23 19:18:59 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AVM_Driver
[2013.03.23 17:05:04 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\2013
[2013.03.22 20:22:46 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\SavedGames
[2013.03.22 20:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2013.03.21 22:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NSIS
[2013.03.21 22:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WVS
[2013.03.21 22:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2013.03.20 22:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Trek Armada II
[2013.03.20 22:31:54 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\Adobe
[2013.03.20 21:54:32 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.03.20 21:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Trek - Armada
[2013.03.20 21:36:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2013.03.20 21:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2013.03.20 21:25:31 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\Cyberlink
[2013.03.20 21:25:03 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2013.03.20 21:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2013.03.20 21:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2013.03.20 21:21:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2013.03.20 21:13:22 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\MediaServer
[2013.03.20 21:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD
[2013.03.20 21:13:17 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\CyberLink
[2013.03.20 21:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013.03.20 21:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2013.03.20 21:08:29 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\Alcohol 52%
[2013.03.20 21:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 52%
[2013.03.20 21:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2013.03.20 21:04:57 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013.03.20 20:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013.03.20 00:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.03.20 00:10:33 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2013.03.20 00:10:33 | 000,070,144 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_9.012.dll
[2013.03.20 00:10:32 | 000,550,912 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2013.03.20 00:10:32 | 000,240,640 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2013.03.20 00:10:32 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2013.03.20 00:09:49 | 000,000,000 | ---D | C] -- C:\AMD
[2013.03.19 23:44:37 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\PunkBuster
[2013.03.19 23:36:52 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\ESN
[2013.03.19 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2013.03.19 23:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.18 19:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.18 19:22:18 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 19:22:18 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 19:21:10 | 001,620,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.18 19:21:10 | 000,699,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.18 19:21:10 | 000,654,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.18 19:21:10 | 000,149,164 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.18 19:21:10 | 000,122,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.18 19:18:02 | 000,001,068 | ---- | M] () -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.18 19:15:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.18 19:14:30 | 000,061,904 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-00000005-002C1102}.rfx
[2013.04.18 19:14:30 | 000,061,904 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-00000005-002C1102}.rfx
[2013.04.18 19:14:30 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-00000005-002C1102}.rfx
[2013.04.18 19:13:47 | 000,000,020 | ---- | M] () -- D:\Users\Adler-Wolf\defogger_reenable
[2013.04.17 14:05:41 | 000,001,700 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013.04.15 15:40:15 | 000,000,600 | ---- | M] () -- D:\Users\Adler-Wolf\AppData\Local\PUTTY.RND
[2013.04.14 20:12:16 | 000,001,495 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk
[2013.04.14 16:35:27 | 000,000,292 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\minecraft-server.conf
[2013.04.14 16:06:39 | 000,003,727 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\ts3server_startscript.sh
[2013.04.14 15:30:41 | 000,009,939 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\minecraft.sh
[2013.04.13 22:54:55 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.04.13 22:54:55 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.13 22:41:53 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.04.13 19:54:21 | 000,004,273 | ---- | M] () -- C:\test.spr
[2013.04.13 02:52:30 | 000,007,669 | ---- | M] () -- D:\Users\Adler-Wolf\AppData\Local\Resmon.ResmonCfg
[2013.04.11 22:22:55 | 000,049,459 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.11 19:23:07 | 000,006,064 | ---- | M] () -- D:\Users\Adler-Wolf\Documents\ax_files.xml
[2013.04.11 13:44:01 | 000,002,166 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\install.sh
[2013.04.11 13:27:18 | 000,444,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.10 19:10:28 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013.04.10 19:10:28 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2013.04.10 19:10:28 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2013.04.09 21:56:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.04.08 14:27:43 | 000,524,288 | -HS- | M] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2013.04.08 14:27:43 | 000,524,288 | -HS- | M] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2013.04.08 14:27:43 | 000,065,536 | -HS- | M] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TM.blf
[2013.04.08 14:27:32 | 000,262,144 | ---- | M] () -- C:\Windows\SysWow64\18
[2013.04.08 14:07:19 | 000,062,808 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2013.04.08 14:07:00 | 000,098,760 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys
[2013.04.08 14:07:00 | 000,077,656 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gddcd64.sys
[2013.04.08 14:07:00 | 000,058,712 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gddcv64.sys
[2013.04.08 14:07:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_gddcd64_01007.Wdf
[2013.04.08 14:06:59 | 000,064,856 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2013.04.08 14:06:58 | 000,064,856 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2013.04.08 14:06:56 | 000,133,976 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2013.04.08 14:06:56 | 000,060,248 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2013.04.08 14:05:01 | 000,235,230 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Unbenannt.PNG
[2013.04.08 13:57:55 | 001,034,977 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.04.08 13:57:55 | 000,053,768 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.04.07 21:38:04 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2013.04.07 21:38:04 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2013.04.07 15:25:43 | 000,000,966 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\MSI Afterburner.lnk
[2013.04.07 00:38:45 | 000,005,480 | ---- | M] () -- C:\undo.hex
[2013.04.02 00:11:48 | 000,131,072 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Cypress.bin
[2013.03.31 17:36:17 | 000,447,752 | ---- | M] (On2.com) -- C:\Windows\SysWow64\vp6vfw.dll
[2013.03.30 01:38:25 | 000,049,459 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\hosts
[2013.03.29 22:31:02 | 000,001,819 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\ToshibaEdit.lnk
[2013.03.28 17:15:46 | 003,513,078 | ---- | M] () -- D:\Users\Adler-Wolf\Documents\16-14. Nik Page - Your Bad Temptation (2).mp3
[2013.03.28 17:14:08 | 000,138,380 | ---- | M] () -- D:\Users\Adler-Wolf\Documents\16-14. Nik Page - Your Bad Temptation.mp3
[2013.03.28 16:11:04 | 001,640,718 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.27 18:41:56 | 000,003,179 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Secure Download Manager.lnk
[2013.03.26 20:09:03 | 000,000,063 | ---- | M] () -- D:\Users\Adler-Wolf\Documents\listen.pls
[2013.03.25 23:07:19 | 000,001,919 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\VirusTotal Uploader 2.0.lnk
[2013.03.25 22:15:47 | 000,000,914 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Sandboxed Web Browser.lnk
[2013.03.25 20:54:10 | 000,048,537 | ---- | M] () -- C:\Windows\SysWow64\nglide_uninst.exe
[2013.03.25 20:54:03 | 000,000,746 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Bleifuss Fun.lnk
[2013.03.25 20:27:13 | 000,001,903 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\JDownloader.lnk
[2013.03.25 17:54:48 | 000,000,583 | ---- | M] () -- C:\Windows\vampire.INI
[2013.03.23 22:52:54 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll
[2013.03.23 18:22:44 | 006,220,854 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Neue Bitmap.bmp
[2013.03.22 22:40:11 | 000,000,000 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Neues Textdokument.xml
[2013.03.20 22:39:57 | 000,000,935 | ---- | M] () -- C:\Windows\STA2.ini
[2013.03.20 21:04:57 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
 
========== Files Created - No Company Name ==========
 
[2013.04.18 19:18:02 | 000,001,068 | ---- | C] () -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.18 19:13:47 | 000,000,020 | ---- | C] () -- D:\Users\Adler-Wolf\defogger_reenable
[2013.04.14 20:12:16 | 000,001,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk
[2013.04.14 16:34:42 | 000,000,292 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\minecraft-server.conf
[2013.04.14 16:06:38 | 000,003,727 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\ts3server_startscript.sh
[2013.04.14 15:30:41 | 000,009,939 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\minecraft.sh
[2013.04.11 19:24:09 | 000,001,694 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2013.04.11 13:33:49 | 000,002,166 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\install.sh
[2013.04.10 19:10:28 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013.04.10 19:10:28 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2013.04.10 19:10:28 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2013.04.08 14:27:32 | 000,524,288 | -HS- | C] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TMContainer00000000000000000002.regtrans-ms
[2013.04.08 14:27:32 | 000,524,288 | -HS- | C] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TMContainer00000000000000000001.regtrans-ms
[2013.04.08 14:27:32 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\18
[2013.04.08 14:27:32 | 000,065,536 | -HS- | C] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TM.blf
[2013.04.08 14:07:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_gddcd64_01007.Wdf
[2013.04.08 14:05:01 | 000,235,230 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Unbenannt.PNG
[2013.04.07 15:25:43 | 000,000,966 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\MSI Afterburner.lnk
[2013.04.07 00:37:52 | 000,005,480 | ---- | C] () -- C:\undo.hex
[2013.04.02 17:15:23 | 000,000,600 | ---- | C] () -- D:\Users\Adler-Wolf\AppData\Local\PUTTY.RND
[2013.04.02 00:11:48 | 000,131,072 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Cypress.bin
[2013.03.30 01:37:58 | 000,049,459 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\hosts
[2013.03.29 22:31:02 | 000,001,819 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\ToshibaEdit.lnk
[2013.03.28 17:14:18 | 003,513,078 | ---- | C] () -- D:\Users\Adler-Wolf\Documents\16-14. Nik Page - Your Bad Temptation (2).mp3
[2013.03.28 17:14:05 | 000,138,380 | ---- | C] () -- D:\Users\Adler-Wolf\Documents\16-14. Nik Page - Your Bad Temptation.mp3
[2013.03.27 18:41:56 | 000,003,179 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Secure Download Manager.lnk
[2013.03.26 20:09:03 | 000,000,063 | ---- | C] () -- D:\Users\Adler-Wolf\Documents\listen.pls
[2013.03.25 23:07:19 | 000,001,919 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\VirusTotal Uploader 2.0.lnk
[2013.03.25 22:15:55 | 000,000,914 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Sandboxed Web Browser.lnk
[2013.03.25 22:15:53 | 000,001,700 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.03.25 21:30:13 | 000,004,273 | ---- | C] () -- C:\test.spr
[2013.03.25 20:54:10 | 000,048,537 | ---- | C] () -- C:\Windows\SysWow64\nglide_uninst.exe
[2013.03.25 20:54:03 | 000,000,746 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Bleifuss Fun.lnk
[2013.03.25 20:27:13 | 000,001,903 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\JDownloader.lnk
[2013.03.25 20:27:12 | 000,001,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.03.25 20:27:12 | 000,001,819 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.03.25 20:27:12 | 000,001,802 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.03.25 17:54:48 | 000,000,583 | ---- | C] () -- C:\Windows\vampire.INI
[2013.03.23 20:00:07 | 000,001,346 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2013.03.23 19:24:18 | 000,015,565 | ---- | C] () -- C:\Windows\SysNative\drivers\fwlanusbn.bin
[2013.03.23 18:22:37 | 006,220,854 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Neue Bitmap.bmp
[2013.03.22 22:40:11 | 000,000,000 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Neues Textdokument.xml
[2013.03.21 22:50:50 | 000,000,861 | ---- | C] () -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NSIS.lnk
[2013.03.20 22:31:39 | 000,000,935 | ---- | C] () -- C:\Windows\STA2.ini
[2013.03.20 00:10:33 | 003,093,792 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2013.03.20 00:10:33 | 003,061,872 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2013.03.20 00:10:33 | 000,228,528 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik_nd.dat
[2013.03.20 00:10:33 | 000,228,528 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik.dat
[2013.03.20 00:10:33 | 000,076,660 | ---- | C] () -- C:\Windows\SysNative\ativce02.dat
[2013.03.20 00:10:32 | 000,662,786 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2013.03.20 00:10:32 | 000,327,960 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2013.03.20 00:10:32 | 000,327,960 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2013.03.20 00:10:32 | 000,042,719 | ---- | C] () -- C:\Windows\atiogl.xml
[2013.03.19 23:44:41 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.03.19 21:57:37 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm
[2013.03.19 21:57:37 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm
[2013.03.19 17:37:05 | 001,640,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.19 16:02:22 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.19 16:02:06 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.03.19 01:11:14 | 000,007,669 | ---- | C] () -- D:\Users\Adler-Wolf\AppData\Local\Resmon.ResmonCfg
[2013.03.19 00:22:16 | 001,034,977 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2013.03.19 00:00:28 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.03.19 00:00:28 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.03.18 23:56:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.03.18 17:10:43 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2013.03.18 17:10:42 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2013.03.18 17:10:42 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2013.03.18 17:10:42 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2013.03.18 17:10:39 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2013.03.18 17:10:39 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2013.03.18 17:10:39 | 000,028,649 | ---- | C] () -- C:\Windows\SysWow64\tweaks.ini
[2013.03.18 17:10:39 | 000,028,263 | ---- | C] () -- C:\Windows\SysWow64\speaker.ini
[2013.03.18 17:10:39 | 000,024,160 | ---- | C] () -- C:\Windows\SysWow64\dolby.ini
[2013.03.18 17:10:39 | 000,023,366 | ---- | C] () -- C:\Windows\SysWow64\dts.ini
[2013.03.18 17:10:39 | 000,022,509 | ---- | C] () -- C:\Windows\SysWow64\EntertainmentMode.ini
[2013.03.18 17:10:39 | 000,022,509 | ---- | C] () -- C:\Windows\SysWow64\AudioCreationMode.ini
[2013.03.18 17:10:39 | 000,022,491 | ---- | C] () -- C:\Windows\SysWow64\GameMode.ini
[2013.03.18 17:10:39 | 000,021,599 | ---- | C] () -- C:\Windows\SysWow64\decoder.ini
[2013.03.18 17:10:39 | 000,021,465 | ---- | C] () -- C:\Windows\SysWow64\encoder.ini
[2013.03.18 17:10:39 | 000,021,208 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2013.03.18 17:10:39 | 000,019,430 | ---- | C] () -- C:\Windows\SysWow64\mids.ini
[2013.03.18 17:10:39 | 000,013,276 | ---- | C] () -- C:\Windows\SysWow64\subwoofer.ini
[2013.03.18 17:10:39 | 000,011,807 | ---- | C] () -- C:\Windows\SysWow64\treble.ini
[2013.03.18 17:10:39 | 000,011,508 | ---- | C] () -- C:\Windows\SysWow64\bass.ini
[2013.03.18 17:10:39 | 000,005,776 | ---- | C] () -- C:\Windows\SysWow64\headphone.ini
[2013.03.18 17:10:39 | 000,003,769 | ---- | C] () -- C:\Windows\SysWow64\eq.ini
[2013.03.18 17:10:39 | 000,001,591 | ---- | C] () -- C:\Windows\SysWow64\microphone.ini
[2013.03.18 17:10:39 | 000,001,203 | ---- | C] () -- C:\Windows\SysWow64\7.1surroundsound.ini
[2013.03.18 17:10:39 | 000,001,203 | ---- | C] () -- C:\Windows\SysWow64\5.1surroundsound.ini
[2013.03.18 17:10:39 | 000,001,203 | ---- | C] () -- C:\Windows\SysWow64\4.1surroundsound.ini
[2013.03.18 17:10:39 | 000,001,203 | ---- | C] () -- C:\Windows\SysWow64\2.1surroundsound.ini
[2013.03.18 17:10:39 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2013.03.18 17:10:39 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2013.03.14 22:22:42 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.03.14 22:22:42 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.07 14:51:00 | 001,286,144 | ---- | C] () -- C:\Windows\SysWow64\glide3x.dll
[2011.07.25 22:18:42 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\nglide_config.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.15 15:39:56 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\.minecraft
[2013.04.15 21:10:03 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\AIMP3
[2013.03.29 13:17:48 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Apowersoft
[2013.03.24 04:41:49 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Armagetron
[2013.04.11 19:24:12 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Canneverbe Limited
[2013.03.29 22:59:21 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\DarksporeData
[2013.04.18 19:18:12 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Dropbox
[2013.03.27 18:41:56 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\e-academy Inc
[2013.04.14 16:53:10 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\FileZilla
[2013.04.11 18:54:48 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Free Download Manager
[2013.04.08 14:14:31 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\G Data
[2013.04.11 22:16:29 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Juniper Networks
[2013.03.18 17:12:51 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Leadertech
[2013.04.15 19:19:09 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\LolClient
[2013.03.25 22:53:02 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2013.03.19 01:20:56 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\minmaxgames
[2013.04.13 02:01:03 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Notepad++
[2013.03.19 15:58:28 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Origin
[2013.03.23 22:53:42 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Petroglyph
[2013.03.19 00:08:28 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Razer
[2013.04.15 20:36:25 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Spotify
[2013.04.15 15:40:26 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 18.04.2013, 18:42   #2
Adler-Wolf
 

"C:\Windows\SysWOW64" öffnet sich bei Systemstart - Standard

"C:\Windows\SysWOW64" öffnet sich bei Systemstart



Und hier die Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 18.04.2013 19:20:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Users\Adler-Wolf\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 51,95% Memory free
8,00 Gb Paging File | 5,53 Gb Available in Paging File | 69,12% Paging File free
Paging file location(s): f:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 19,26 Gb Free Space | 34,52% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 120,22 Gb Free Space | 51,62% Space Free | Partition Type: NTFS
Drive E: | 1171,90 Gb Total Space | 366,19 Gb Free Space | 31,25% Space Free | Partition Type: NTFS
Drive F: | 341,82 Gb Total Space | 249,30 Gb Free Space | 72,93% Space Free | Partition Type: NTFS
Drive G: | 349,17 Gb Total Space | 142,59 Gb Free Space | 40,84% Space Free | Partition Type: NTFS
 
Computer Name: ADLER-WOLF-PC | User Name: Adler-Wolf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.ini[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.txt[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.ini [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.txt [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008667C0-8C51-4838-8F27-E29BCBFCF9C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1D7D4D36-C573-4131-B298-ACF09F63B1BC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{34288E6F-245B-4884-BF07-4FD3755B3ECF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50CE03C9-5D79-49E6-92D5-9B585D58FFB5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{51CEDB4B-5792-42CD-AC83-077ABCA4FC9F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{540C6119-6F44-4122-A67B-2C2471744881}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{58292853-9FE8-442C-9C1A-98BB3080B3D5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6A7FE4BA-8824-4A3C-B024-086175B17D08}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{870B7A50-96EA-46AC-8BCC-ECDB6B3F53AA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{896BA736-BFEA-4D3F-934F-E06986958845}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{899A4433-0F6A-4735-AD0C-63F716197B4D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9514B098-EF30-46DB-B965-DFDA265AC8B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A47DE6DF-53FD-4A6E-A7B4-E55886052C0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AC8A2CCC-3C53-4B7E-803E-BC0EC683D170}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AE080829-297C-4067-86B6-84C431FFA228}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AF2E1CB1-480E-4114-A67A-DE490CB25B7E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AF890367-C85B-47A4-83C1-6098657E43F8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D56DF426-3F44-4BD7-B245-C347EFC2DBF1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E5590F76-E9E7-4501-8B78-B3F77A53CBB8}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EE0840B7-56CF-46E0-A0DA-7CF707B92DFC}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F1C003AE-F341-4992-8934-03DD7DFBD6A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F70C488B-FE48-472E-83E0-32403D1E06D3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F9AD9DAA-946A-40EF-8CD6-22C75AEAAB4D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{FD58A967-1479-45C7-9705-029F7C06097F}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0218CE28-4747-4E54-97DC-FBB5C368CE14}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{031BBCCE-9373-4512-96CC-2CF98D5F9AC6}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{033469D7-83EC-40C1-AE05-C62DA81E7611}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftsrv.dll | 
"{04B279F4-5DA4-4F39-9220-8A6BC11C3641}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0A7C223B-141F-473A-A4CF-9B8878328C79}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\streaming video recorder.exe | 
"{0B9D5F96-6A99-43FA-92A9-C655A44D28BC}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftdump.dll | 
"{0BDF4509-3EDB-4CDB-89E7-A8133E3CC773}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{1036DE54-B9AA-47AF-A7A6-8D124F892BD8}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\half-life\hl.exe | 
"{15C4E164-7A8A-488C-A4ED-FBC14DA7F040}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | 
"{1786E1E0-ADFF-45B1-820C-B242BBD6ED97}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{19A50441-7CDB-4A86-9929-AA0CBF877DF0}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | 
"{1B82681A-E1D3-447E-B995-5D070AF9C67D}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{1C8154F3-58EF-44E9-ADC9-E3E73304228D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{20DFFB1C-9847-4D17-9605-27CC2FE8C0B4}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
"{22846037-B841-451C-B045-F09A3835E6F3}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{2350948B-436C-481D-B03E-9CF12D1A10F0}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{2420580F-413E-49A2-B702-35FC453BA38A}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\rochard\rochard.exe | 
"{29943552-CE8F-4495-90DD-02475038F6A6}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | 
"{2BF20FC7-AF82-495A-85E9-8FD45B3706B8}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\anna\anna.exe | 
"{2DB8E59F-8C36-40B3-8C38-C7ABAF1B5354}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{34AD646E-F874-4458-B01D-CB45D5413715}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{35DB17E3-1E24-4E9B-A567-AAA619BE9AB4}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\maniaplanet_tmstadium\maniaplanetlauncher.exe | 
"{396093E6-E54F-4CC7-9EFE-8E15F96B23B5}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\half-life\hl.exe | 
"{396F2010-1B41-4033-A8C0-7B591AFFEFC8}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{3CA1F445-A3DC-41FA-B473-FAB84BBED6A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3E8F5296-2F23-403F-AC86-701045F708D2}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{3EDF2B12-0AD4-4F5E-931E-F8327D01DCDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{41212074-2C64-488A-B7D9-69742C238BB8}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{41957B3F-57F1-48D2-94BA-1888EA6BF4B7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{41D63AFE-43D1-4739-8C11-D4BA89282102}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{423DD573-E252-40A7-B3B5-C49E993BD41F}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\east india company\eastindia.exe | 
"{4290CDF0-3DBA-471E-84B4-45481430868A}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{42BDBD6A-6C34-4BEF-A94E-DAA27BD56224}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | 
"{4915C18D-3148-49A0-993F-C0B5C8ABD921}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{4990E8EA-7DCF-4CA4-A0A2-6B9030493E97}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{49DC76FA-8A1A-46EC-8C4D-881E407B4B49}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{4D6A65CB-5BA6-41A2-986A-4C4B1C89DCBD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{55A8C526-A706-4414-B8A1-7CF116CC54E8}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{5648C49D-F275-4D78-A371-0CF9BFC1E410}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\rochard\rochard.exe | 
"{5A638ADE-B42A-4942-BE9D-0BAA9F66B64D}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{5BF4F525-9F2C-4842-B27F-BF429F620BCC}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{622E7C12-0ADA-402D-A4F7-ED959FA84A7A}" = protocol=6 | dir=in | app=f:\program files (x86)\origin games\command and conquer generals zero hour\generals.exe | 
"{674152EC-D4B1-4A3F-ADEC-81E052F3B1CB}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{68EA7190-AD26-4FDA-AEC8-3595D4DB4402}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\crazy machines\crazymachines.exe | 
"{6E11D90B-86F0-4F7A-B9F4-D02AB2028673}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\maniaplanet_tmstadium\maniaplanetlauncher.exe | 
"{6E9EE935-A350-4657-8125-550928F99D46}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{6F3AF8FF-50C1-4514-9EA3-FF9EA9303FC5}" = protocol=17 | dir=in | app=f:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{6F418B60-F05D-40E2-B1F1-CE64178EAC77}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\crazy machines\crazymachines.exe | 
"{6F8DD525-5E8F-46CE-8D7F-0D427B9BB10B}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{7172F5F7-9110-40EB-BBE2-391DE0C98D89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{77EFD485-7900-43F6-AE71-EAFBD07794CE}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\dlc quest\dlc.exe | 
"{78D10B09-A51B-457B-A37F-4DE71B26609A}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftplayer.dll | 
"{7DD754BD-BA14-4756-AA12-F2FD8B45147E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{7FE80CD2-F5F8-46E0-B2A1-9B28EAAB2644}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{81E09846-6591-4157-810C-C2C0CDBB91E5}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{8820A551-877C-4331-8F85-83444D0E32AA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{8A330054-CFA4-44F8-B779-C479EC0A351D}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | 
"{8DD4A367-7463-44EC-8F67-5A11D8381716}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{8F58D332-47BE-4C03-AF6C-C3AB691C882D}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\east india company\eastindia.exe | 
"{8FE2AE7A-EEBD-4002-984B-421CB9816E03}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\anna\anna.exe | 
"{900BDBDE-0022-44C3-B9BA-FB4A66B05C0B}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe | 
"{96C59E5F-47BA-4AB5-B25F-86D92C6B22C9}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{96D80E2E-FDCF-4473-9AD7-E4818CCF6C61}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{97DEB3E8-DD4A-4A3A-8C74-B94A1C6AD128}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{98C8BAF2-7F60-45A1-BB3D-E12B5B417BDB}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | 
"{98DE361B-78EC-44DD-A006-C8B5FADC3306}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{9A7A5DAF-F90B-4840-999D-BED6B648E3F2}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\arnos_the_empero\counter-strike source\hl2.exe | 
"{9B91F430-C7EC-4E06-9382-10B7E8C1ED43}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\arnos_the_empero\day of defeat source\hl2.exe | 
"{9D34CA4B-2A6E-4293-9565-AEA721997EBC}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | 
"{9D603D9F-A855-4CB4-97FF-310B75BDED9C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A1C44105-0286-40EB-AA76-DCCBD71EDD4A}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{A34CB27E-366C-47BE-8927-6E17492B8265}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A75D9A21-9198-4299-B066-101347BA81A1}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | 
"{AABDB3C3-7B90-4364-9C87-DEEB42E02277}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\dlc quest\dlc.exe | 
"{ABE5ACCD-B6BA-49CF-AA7E-4BC6A5FE78E4}" = protocol=17 | dir=in | app=f:\program files (x86)\origin games\command and conquer generals zero hour\generals.exe | 
"{ACC274FE-8FA1-4FEB-A84F-E45A128CBF72}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | 
"{B1A7CF80-BA93-4934-9481-CF042C447159}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe | 
"{B5F28858-1776-46DD-9AD4-0C84E1660100}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steam.exe | 
"{B840EECE-796E-4EB0-9E7F-DCA88CC99C2F}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe | 
"{B92FC9D7-E627-41D6-BF2D-B360F6E69337}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{C0F987FE-CBC9-4645-B4C1-7ECDE634FD24}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"{C12C4270-ED3D-42AB-84C9-EDAB41790AAA}" = protocol=6 | dir=in | app=d:\users\adler-wolf\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C2939DDD-9810-441A-8279-2A44079C7BBF}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{CAD98644-BC42-4F0C-B730-C5B9F1C85BBF}" = protocol=17 | dir=in | app=d:\users\adler-wolf\appdata\roaming\dropbox\bin\dropbox.exe | 
"{CD8286E6-D3BF-4FE9-9D71-376E7164B927}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{CFFF2E21-29DD-4C1D-9859-984CDFCCB958}" = protocol=6 | dir=in | app=d:\users\adler-wolf\appdata\roaming\dropbox\bin\dropbox.exe | 
"{D0A40A70-5C0A-4F8F-811F-904BEE18256C}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftac.dll | 
"{D24965F2-2A9E-48CC-855D-BC524B78A93A}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{D3BE184C-DA75-46EC-BE90-F54551D6E3C0}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steam.exe | 
"{D3CB1C83-6957-4E36-983E-7B872E1245A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC3EDB03-5C0B-455F-A41B-5322853F785B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DC927F07-09A5-44F2-BECD-9649DF2A014A}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\arnos_the_empero\counter-strike source\hl2.exe | 
"{DDF5BF52-7B03-4A6D-9D44-675F7DA37FD6}" = protocol=6 | dir=in | app=f:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{DE32E104-277B-4FEF-90FA-078F76ED2A5E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DF9FF9B3-53B2-4663-A2F7-C775E0AA4442}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 
"{DFECB480-2EE7-48E4-9D0F-38CFD4C94A53}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E04DD22D-78B3-48A7-955C-AF6FA3926113}" = protocol=17 | dir=in | app=d:\users\adler-wolf\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E0B77A26-6F50-4835-9FDD-2A17E8E9B437}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E17626B4-7225-49D1-90AF-5DA8E2727B02}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\arnos_the_empero\day of defeat source\hl2.exe | 
"{E2FC9B73-D504-4A03-BD3C-8BD9A359C6DB}" = protocol=17 | dir=in | app=f:\program files (x86)\origin games\darkspore\darksporebin\darkspore.exe | 
"{E3137008-A664-4927-AC00-AC918774B156}" = protocol=6 | dir=in | app=f:\program files (x86)\origin games\darkspore\darksporebin\darkspore.exe | 
"{E36B2C90-6131-4FE1-9C66-B332457F1D54}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{E416A495-2314-4E85-A314-DA6E5148A159}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | 
"{EDBCBFDA-9DB5-4268-98F0-73174E7CBCAD}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{EFEA84BE-E04B-4C8B-AF92-85D587FD056D}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{F21156C9-4C3A-40BB-BA40-B422EF755A09}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{F2F03CED-367C-449A-AE37-DB9CA0ADCE03}" = protocol=6 | dir=out | app=system | 
"{F6F26387-5DE8-47A0-B54A-5B98F32CA529}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F80C787D-FFDD-4A53-86E2-11C923D36897}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe | 
"{F9BECDD5-C667-46CD-ACF0-EEA547D5F2EC}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{F9E7A2DD-91F8-4AEA-BA43-F51BFB0ECC53}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FC8F457B-65D6-4062-8BEA-825978E14D07}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{FF4D7BBA-4400-4F73-A508-7AF4DF4CC603}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{FFD099AA-A487-4723-B871-B2AD21A11EFA}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}" = AMD Catalyst Install Manager
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{477D05CA-C151-9CF5-22A1-9DF6DF543CD4}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90150000-007E-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90150000-008C-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-1000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2B47795-9ABC-37C1-0633-68B1B7104543}" = AMD Drag and Drop Transcoding
"{C1ACBDBF-6F86-185A-E158-AB07893968FC}" = AMD Accelerated Video Transcoding
"{D61EB116-6878-9676-F28F-54F6B647023C}" = ccc-utility64
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProPlusRetail - de-de" = Microsoft Office Professional Plus 2013 - de-de
"Sandboxie" = Sandboxie 3.76 (64-bit)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009B1E9D-38AB-8B9E-DB07-8318DAAE1941}" = CCC Help Greek
"{022BC727-ACB7-4C1D-109C-177515714A32}" = Catalyst Control Center
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07E46A4A-F2BA-FE48-9464-E11250502C6A}" = CCC Help Swedish
"{07E5C16F-9194-E31B-BB6C-C3E8FBD79C30}" = CCC Help English
"{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = Die Sims Mittelalter Piraten und Edelleute
"{0F2CF890-D101-6CFA-8D99-0CFBF7EF4AD0}" = CCC Help Chinese Standard
"{10CFB5DF-985A-8320-B4D8-461CC1F83CBF}" = CCC Help Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{22D071EF-A06A-6341-DFDA-FE448659A63C}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{30909F74-4B46-2842-DECF-1C66F355338C}" = CCC Help Turkish
"{365E16A2-FE3B-EA13-4EE0-88D570F82497}" = CCC Help Korean
"{3D8AB6C1-3932-F551-2AF0-ED0612AD4B26}" = CCC Help Dutch
"{40AD5E62-A31A-C414-01BA-310100577C7E}" = CCC Help Chinese Traditional
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.4.8
"{4AA62353-C8D9-4A05-A425-D9DFC4646B99}_is1" = FFsplit version Alpha
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4F9E0D27-5525-E8C8-43D0-BA15C1A22E03}" = CCC Help Czech
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{63DEADD1-C032-4F1F-AF76-26B166D6AC30}" = G Data TotalProtection 2014
"{647E62F0-F1BC-E0C3-EDF5-67716EE75014}" = CCC Help Hungarian
"{667DB2C0-AF52-021A-7CF6-DA8DD27AC215}" = CCC Help Italian
"{6A4C6C0F-8791-B753-742E-06C40A6E023C}" = CCC Help Polish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6E839820-0BBA-4310-9D06-4463BAEA6641}" = Secure Download Manager
"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{793FCE60-DE5E-4977-A942-A7B69A45B17D}" = MainConcept DTV Decoder Pro
"{79C61902-F44E-4190-A2B9-9B467B0380CE}" = CCC Help French
"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die Sims Mittelalter
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8F0F5689-6900-425B-A8C2-0DBD10DAB694}" = Command & Conquer™: Generals and Zero Hour
"{8FDBE1E8-2922-4750-9E4B-6B28CA67DBBB}" = Unreal
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{91A3CEFE-A2C1-3E83-3789-F2BF8EC82106}" = CCC Help Thai
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{96CAEB1D-7BFB-2A98-EBB2-414C894F694F}" = CCC Help Danish
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A664A708-E454-4416-7D19-D0F10879522C}" = CCC Help German
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B1AAE4BF-C98E-467E-94C7-4E1F51DD86E0}" = Darkspore™
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis
"{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D6F46E2D-4FE2-5FAB-5C30-230E99563DEE}" = Catalyst Control Center InstallProxy
"{D9DA23F5-CE0B-EE04-B498-7EC8AFC9F232}" = CCC Help Finnish
"{DA47ABC4-52DF-468D-988D-B9E768A3DF52}" = Pizza Connection 2
"{DF5182CB-192B-A6C8-9707-D7214557691C}" = CCC Help Norwegian
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6757654-CE6A-0D0B-BBE6-F6247F05B7CD}" = Catalyst Control Center Localization All
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{E8759AD8-3A58-77F1-D16D-F3C8F9E98722}" = Catalyst Control Center Graphics Previews Common
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132000C-1CBA-458F-BF2F-FD43D59410F9}" = LightScribe System Software
"{F1C39CBE-4521-BEC8-5238-4A8B55FEB6B7}" = CCC Help Russian
"{FBFA39D2-C55A-56DC-7EBB-767FC31B04A3}" = CCC Help Spanish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"4578-0181-0549-1546" = Altitude 
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 2.5b
"Activision_StarTrekArmadaUninstallKey" = Star Trek: Armada
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.3.1
"AIMP3" = AIMP3
"ALchemy" = Creative ALchemy
"Armagetron Advanced" = Armagetron Advanced 0.2.8.3.2
"AudioCS" = Creative Audio-Systemsteuerung
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"Console Launcher" = Creative Konsole Starter
"Creative AutoMode Switcher" = Creative AutoMode Switcher
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Creative Volume Panel" = Lautstärkefenster
"DEMONWORLD" = DEMONWORLD
"DVBViewer Pro_is1" = DVBViewer Pro
"DVBViewer TE2_is1" = DVBViewer TE2
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.6.0.2
"Free Download Manager_is1" = Free Download Manager 3.9.2
"GOGPACKRCT2_is1" = RollerCoaster Tycoon 2 Triple Thrill Pack
"GOGPACKSTRONGHOLDCRUSADERHD_is1" = Stronghold Crusader Extreme HD
"GOGPACKSTRONGHOLDHD_is1" = Stronghold HD
"Halo" = Microsoft Halo
"Inno Setup 5_is1" = Inno Setup Version 5.5.3
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"KKND Krossfire" = KKND Krossfire
"lavfilters_is1" = LAV Filters 0.55.3
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"nGlide" = nGlide 0.97
"Notepad++" = Notepad++
"NSIS" = Nullsoft Install System
"Office14.VISIOR" = Microsoft Visio Professional 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Star Trek Armada II" = Star Trek Armada II
"Steam App 105600" = Terraria
"Steam App 18420" = Crazy Machines
"Steam App 203850" = Microsoft Flight
"Steam App 221380" = Age of Empires II: HD Edition
"Steam App 230050" = DLC Quest
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 570" = Dota 2
"Super Castle Attack" = Super Castle Attack
"TechnoMage" = TechnoMage
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"THX_Console_Unicode" = THX-Einrichtungskonsole
"ToshibaEdit" = ToshibaEdit (remove only)
"VirusTotalUploader2.0" = VirusTotal Uploader 2.0
"VMware_Player" = VMware Player
"Warcraft III" = Warcraft III
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.04.2013 06:30:05 | Computer Name = Adler-Wolf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.04.2013 06:32:18 | Computer Name = Adler-Wolf-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Users\Adler-Wolf\Downloads\esetsmartinstaller_deu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 16.04.2013 06:32:20 | Computer Name = Adler-Wolf-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Users\Adler-Wolf\Downloads\esetsmartinstaller_deu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 17.04.2013 08:06:39 | Computer Name = Adler-Wolf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.04.2013 11:41:15 | Computer Name = Adler-Wolf-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 17.04.2013 12:04:25 | Computer Name = Adler-Wolf-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 18.04.2013 08:11:49 | Computer Name = Adler-Wolf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.04.2013 08:30:26 | Computer Name = Adler-Wolf-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 18.04.2013 13:17:03 | Computer Name = Adler-Wolf-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.04.2013 13:20:09 | Computer Name = Adler-Wolf-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Users\Adler-Wolf\Downloads\esetsmartinstaller_deu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 16.04.2013 07:13:49 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 16.04.2013 07:14:23 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 16.04.2013 07:23:56 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 16.04.2013 07:24:11 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 16.04.2013 07:46:40 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 17.04.2013 08:05:11 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 17.04.2013 08:06:07 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 18.04.2013 08:10:36 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 18.04.2013 08:10:57 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 18.04.2013 13:14:16 | Computer Name = Adler-Wolf-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Und gemer.txt

Code:
ATTFilter
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-04-18 19:57:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-VERTEX2 rev.1.37 55,90GB
Running: gmer_2.1.19163.exe; Driver: D:\Users\Adler-Wolf\AppData\Local\Temp\kgldipob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                                                           fffff80002ffe000 63 bytes [00, 00, 1C, 02, 4D, 49, 63, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 624                                                                                                                           fffff80002ffe040 22 bytes [98, F7, 15, 07, 80, FA, FF, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                     0000000075141465 2 bytes [14, 75]
.text     C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                    00000000751414bb 2 bytes [14, 75]
.text     ...                                                                                                                                                                                          * 2
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2200] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                                                      0000000074031a22 2 bytes [03, 74]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2200] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                                                      0000000074031ad0 2 bytes [03, 74]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2200] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                                                      0000000074031b08 2 bytes [03, 74]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2200] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                                                      0000000074031bba 2 bytes [03, 74]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2200] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                                                      0000000074031bda 2 bytes [03, 74]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                               0000000075141465 2 bytes [14, 75]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                              00000000751414bb 2 bytes [14, 75]
.text     ...                                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  0000000075141465 2 bytes [14, 75]
.text     C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                 00000000751414bb 2 bytes [14, 75]
.text     ...                                                                                                                                                                                          * 2
.text     C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26                                                                                                   0000000071d713c6 2 bytes [D7, 71]
.text     C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74                                                                                                   0000000071d713f6 2 bytes [D7, 71]
.text     C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257                                                                                                  0000000071d714ad 2 bytes [D7, 71]
.text     C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303                                                                                                  0000000071d714db 2 bytes [D7, 71]
.text     ...                                                                                                                                                                                          * 2
.text     C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79                                                                                                   0000000071d71577 2 bytes [D7, 71]
.text     C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175                                                                                                  0000000071d715d7 2 bytes [D7, 71]
.text     C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620                                                                                                  0000000071d71794 2 bytes [D7, 71]
.text     C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921                                                                                                  0000000071d718c1 2 bytes [D7, 71]
.text     C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                   0000000075141465 2 bytes [14, 75]
.text     C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                  00000000751414bb 2 bytes [14, 75]
.text     ...                                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Free Download Manager\fdm.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                           0000000075141465 2 bytes [14, 75]
.text     C:\Program Files (x86)\Free Download Manager\fdm.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          00000000751414bb 2 bytes [14, 75]
.text     ...                                                                                                                                                                                          * 2
.text     E:\Program Files (x86)\Steam\Steam.exe[5232] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                                                                                   0000000074f9549c 5 bytes JMP 0000000100080800
.text     C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                      0000000075141465 2 bytes [14, 75]
.text     C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                     00000000751414bb 2 bytes [14, 75]
.text     ...                                                                                                                                                                                          * 2
.text     C:\Program Files (x86)\Common Files\Steam\SteamService.exe[7172] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                                                               0000000074f9549c 5 bytes JMP 00000001000f0800
.text     C:\Program Files (x86)\Common Files\Steam\SteamService.exe[7172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                     0000000075141465 2 bytes [14, 75]
.text     C:\Program Files (x86)\Common Files\Steam\SteamService.exe[7172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                    00000000751414bb 2 bytes [14, 75]
.text     ...                                                                                                                                                                                          * 2
.text     D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe[4596] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                    0000000075141465 2 bytes [14, 75]
.text     D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe[4596] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                   00000000751414bb 2 bytes [14, 75]
.text     ...                                                                                                                                                                                          * 2

---- User IAT/EAT - GMER 2.1 ----

IAT       C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord]      [7fef83f741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT       C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet]                   [7fef83f5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT       C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession]            [7fef83f5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT       C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession]          [7fef83f5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT       C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload]           [7fef83f7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT       C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion]         [7fef83f6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT       C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId]          [7fef83f6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT       C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId]  [7fef83f7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT       C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId]           [7fef83f7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT       C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId]   [7fef83f78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT       C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession]            [7fef83f4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT       C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId]              [7fef83f5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT       C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString]     [7fef83f7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                                                             
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                          C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                          0
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                       0xDE 0x4F 0x69 0x68 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                                                                    
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                 0xA0 0x02 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                              0x60 0xC7 0xD7 0xE6 ...
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                                                                             
Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                                                       0xBB 0xAD 0x38 0xCD ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                                                         
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                                                              C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                                                              0
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                                                           0xDE 0x4F 0x69 0x68 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                                                                
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                                                     0xA0 0x02 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                                                                  0x60 0xC7 0xD7 0xE6 ...
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)                                                                         
Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                                                           0xBB 0xAD 0x38 0xCD ...

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                                                        unknown MBR code

---- EOF - GMER 2.1 ----
         
__________________


Antwort

Themen zu "C:\Windows\SysWOW64" öffnet sich bei Systemstart
adobe, adobe flash player, antivirus, bho, excel, explorer, firefox, firewall, flash player, format, free download, ftp, gdata, installation, launch, logfile, mozilla, problem, programme, registry, scan, software, stick, super, system, totalprotection, trojaner-board, usb, windows, öffnet



Ähnliche Themen: "C:\Windows\SysWOW64" öffnet sich bei Systemstart


  1. Fenster "Startmenü wurde aktualisiert öffnet sich" bei Windows 8.1
    Log-Analyse und Auswertung - 08.08.2015 (13)
  2. "Öffnen mit"-Fenster öffnet sich nach Windows-Start.
    Plagegeister aller Art und deren Bekämpfung - 16.07.2015 (12)
  3. Nach "Microsoft Anruf" Gerät gesperrt -> "Kennwort für Systemstart"
    Log-Analyse und Auswertung - 04.07.2015 (14)
  4. Windows 7: Windows Explorer stürzt immer ab und "Unbekanter Fehler" öffnet sich unendlich oft
    Plagegeister aller Art und deren Bekämpfung - 03.01.2015 (17)
  5. Windows 8: Pop up Fenster nach Systemstart: "Ihr computer ist bereit zur Sicherung"
    Log-Analyse und Auswertung - 24.10.2014 (14)
  6. Fehlermeldung bei Systemstart von WINDOWS 7 64-bit: RegSvr32 "Fehler beim Laden des Moduls ""."
    Log-Analyse und Auswertung - 17.08.2014 (10)
  7. Windows 7: Fehlermeldung bei Systemstart- RegSvr32 "Fehler beim Laden des Moduls ""."
    Alles rund um Windows - 12.08.2014 (18)
  8. Win7 - Ordner "Computer" öffnet sich automatisch bei Systemstart
    Log-Analyse und Auswertung - 14.07.2014 (3)
  9. Windows 7: Fehlermeldung bei Systemstart- RegSvr32 "Fehler beim Laden des Moduls ""."
    Log-Analyse und Auswertung - 16.06.2014 (11)
  10. Bei benutzung des Browesers "FirerFox" öffnet sich sich die Suchseite "Qvo6.com
    Plagegeister aller Art und deren Bekämpfung - 02.07.2013 (10)
  11. "C:\Windows\System32\cmd.exe" wird bei Systemstart ausgeführt
    Log-Analyse und Auswertung - 19.12.2012 (11)
  12. RUNDLL "Fehler beim Laden von C:/WINDOWS/shomsr.dll" öffnet sich von alleine + Hiloti.D.1419 = Virus
    Plagegeister aller Art und deren Bekämpfung - 09.05.2011 (7)
  13. Windows 7 : Taskbar / Browser nach Systemstart im "Windows Classic" Format , Sound ausgeschaltet
    Plagegeister aller Art und deren Bekämpfung - 22.01.2011 (24)
  14. "Trojan.Vundo-Variant/F" in Datei "C:\Windows\Syswow64\avsredirect.dll" + vorher weitere Schädlinge
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (15)
  15. "Fehler beim Laden von C:\Windows\system32\sshnas.dll" bei jedem Systemstart
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (7)
  16. iexplorer öffnet sich von allein mit warnfenster "Anweisung "0x77bd19ef" verweist..
    Log-Analyse und Auswertung - 07.04.2010 (7)
  17. "Fehler beim Laden von C:\Windows\system32\sshnas21.dll" bei Systemstart
    Plagegeister aller Art und deren Bekämpfung - 21.01.2010 (0)

Zum Thema "C:\Windows\SysWOW64" öffnet sich bei Systemstart - Guten Tag liebe Trojaner-Board Helfer! Ich habe Aktuell ein Problem mit meinem Windows. Wenn ich mein Rechner starte öffnet sich Aktuell der oder "C:\Windows\SysWOW64". Das ist schon sehr merkwürdig und - "C:\Windows\SysWOW64" öffnet sich bei Systemstart...
Archiv
Du betrachtest: "C:\Windows\SysWOW64" öffnet sich bei Systemstart auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.