| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Belastung durch Viren vorhanden ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.05.2013, 11:55
| #1 |
| Gesperrt |  Belastung durch Viren vorhanden ? Ich bin momentan unsicher das mein Rechner rein ist. Er läuft auf jeden Fall langsamer als im normal Fall =/ Code:
ATTFilter OTL Extras logfile created on: 30.03.2013 13:37:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,98 Gb Total Physical Memory | 14,27 Gb Available Physical Memory | 89,34% Memory free
31,95 Gb Paging File | 30,09 Gb Available in Paging File | 94,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 21,10 Gb Free Space | 18,89% Space Free | Partition Type: NTFS
Drive D: | 630,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 100,00 Mb Total Space | 65,84 Mb Free Space | 65,84% Space Free | Partition Type: NTFS
Drive G: | 931,41 Gb Total Space | 372,08 Gb Free Space | 39,95% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "G:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "G:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1452A6D2-D8DC-49E2-90D3-C3280D59A53D}" = lport=138 | protocol=17 | dir=in | app=system |
"{2074BA0E-124D-4E81-A93E-CC5049BF8399}" = rport=139 | protocol=6 | dir=out | app=system |
"{39B7D0D9-992F-468A-94E0-5C920C18A8B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BB397B4-96F1-4BB0-A63B-9CBA3D00E700}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F50C8AE-B4E2-4AD6-AE4D-7C5A4D50F48C}" = rport=445 | protocol=6 | dir=out | app=system |
"{540CAE1D-BE9E-4FB3-96D6-284AAF902FC2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B0AC2A0-AE21-40EB-A28B-41016D9BF60F}" = lport=139 | protocol=6 | dir=in | app=system |
"{5C960D43-D1B0-4542-85C6-0010DC729EEB}" = lport=445 | protocol=6 | dir=in | app=system |
"{65B210C9-7145-48A3-8944-581FA5D2F775}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6C35C6DD-43A4-4CED-94DE-2F1050AD6C52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70617BF2-58EC-426F-B092-8B6C80C2B6F5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{830A57C5-B709-4134-8614-9893A8F34298}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{847545C4-95E9-440A-828E-5EA1A1BC5C33}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{86D067DC-50CE-4765-BBE9-0536AB230DFD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9A4BB342-DE35-42FA-BD34-B53315EC9EAF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A61A9034-A6DF-4B18-A1A8-4CAE00728D60}" = lport=137 | protocol=17 | dir=in | app=system |
"{AEDB7691-0F95-460C-A35D-791029B58732}" = rport=137 | protocol=17 | dir=out | app=system |
"{C19D44FA-3D69-4676-8DF4-4693D503CC01}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E829CAC8-C89D-4AE4-AA71-28BCA5540D45}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F95F6FB9-4492-4E0E-B24F-57BB5E3E26B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF8F7EB5-2E54-4C7D-B3DB-839DD1838DA9}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AF1B38-3AE0-4EC5-A26A-3785EF5CC937}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{0214BD04-A61A-4B17-AD63-E25ED1D2EAAB}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steam.exe |
"{026C403D-2DE8-4C6B-BB96-08801D7EA753}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{07002F48-CF80-415D-923A-DCBA63D99A9C}" = protocol=17 | dir=in | app=g:\games\fc3\bin\fc3updater.exe |
"{0D291349-97B5-44FD-B583-8C5D6AABF828}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\magicka\magicka.exe |
"{0DC84828-2193-4F1E-85B4-C69C8DD9A3A7}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{111C8314-04B6-4B52-A055-171F7C1CB4AF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe |
"{145A4111-131E-489D-BAFA-C1658981D40F}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{1589BE9D-70A3-49D4-8463-E5666CF2C8C3}" = protocol=17 | dir=in | app=g:\program files (x86)\vivox\c3\c3.exe |
"{17FFCE2C-1089-43C7-B1E5-E1DC2E8DD597}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 3\arma3.exe |
"{1F3CA22B-1FEE-4DC0-A6F0-154EB9CC51D3}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{25CEDEAB-92BC-435E-9BE1-711403E96745}" = protocol=17 | dir=in | app=g:\games\diablo iii\diablo iii.exe |
"{26434D25-38A5-4572-BC6A-3C9699CA3F4B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{27AE3357-8FA2-4F4D-B1F8-46D399E2EE96}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\dota 2 beta\dota.exe |
"{27F6FD26-785A-4453-9DE1-FC045C236A50}" = protocol=6 | dir=in | app=g:\games\diablo iii\diablo iii.exe |
"{2949C427-68A0-49E3-AD56-07CD7534DE69}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2\arma2.exe |
"{29B85969-91C0-4603-825B-E62530AAC0A4}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\painkiller hell & damnation\binaries\win32\pkhdgame-win32-shipping.exe |
"{2B07B61B-4F28-46A0-A5FB-38B93CBC5C8B}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{2B0FE247-764F-4991-82A0-F4F0B3A450BD}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{2F3A4D74-20FD-4F96-A5D4-8707F015C8D0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{31323E6C-935B-4885-BC0D-6B09EEF9BAE4}" = protocol=17 | dir=in | app=g:\games\fc3\bin\fc3editor.exe |
"{32534EA7-D487-4400-AFEC-0B689C6AE654}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{326BD33E-0864-41CE-954E-E90FBAFCCBD8}" = protocol=17 | dir=in | app=g:\games\fc3\bin\farcry3_d3d11.exe |
"{327723C8-5B23-4568-9F55-D17AE075192D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{3A0762DD-D2C4-405C-8363-6F6B0D0246DC}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3D2DDB28-4AB4-48A4-9BC8-A1F8EF1F2B1E}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 3 alpha lite\arma3demo.exe |
"{3E7131BE-2B5B-4D26-9545-F2DE2462783F}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steam.exe |
"{40E186AD-8710-43F9-B89F-F3ABF4F9B15E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe |
"{40E414EC-429C-445D-8895-082B13E8B332}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{43B190D4-78BA-4579-A81F-012421258ED8}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{447F25A9-CBBA-4318-A80F-E287163D51E2}" = dir=in | app=g:\program files (x86)\the war z\warz.exe |
"{450353D7-77A6-4DE7-B679-76929556C366}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47003DE7-F59B-42DD-8A29-5909C5A344FE}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{47BDCC1F-515A-4EBF-8D03-182F9A0384D4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe |
"{4A8CE146-DDB2-4956-8E56-09A18A598339}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{4BE192C4-8384-4A74-97F6-18675021F85C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{4F906F4D-2362-4040-B93D-536794DE1CFC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe |
"{5BCAB434-8734-489B-BECB-E0C4F3B92B72}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{5CDA4351-B725-43C9-9D09-D7A1A97EAF21}" = protocol=6 | dir=in | app=g:\games\fc3\bin\farcry3.exe |
"{5D7E3B89-2194-4B79-B3AB-0B30A23509E0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{5F2B2123-C634-4348-963A-975F40C8AC84}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\anno4web.exe |
"{62040EDB-2BF5-4BAE-84D8-DEEB6C1045A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64009B28-5724-4884-A075-63459B582265}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{66D09370-0383-4680-B3F0-29AE9DCAC59E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{678E6437-00E5-4B4C-9461-E58EA7306984}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\dota 2 beta\dota.exe |
"{68A3DE2B-3C69-4CA3-87F4-5404BEA43314}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{69295413-6052-4BD9-AD2C-6B9EC464671A}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\magicka\magicka.exe |
"{712DAC87-696E-4F41-B042-9C55B9E76E4A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\benchmark.exe |
"{7254B17F-2270-49F8-BECE-3D985479E927}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73417645-9845-43EF-82E0-87990724C47F}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe |
"{74C13B84-E512-478D-A510-6E9862E3CFC2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7622442C-809B-4570-A24C-945B297AD302}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{76EB0C4D-C43D-422D-B8CB-557665175647}" = protocol=17 | dir=in | app=g:\games\fc3\bin\farcry3.exe |
"{775CDEA4-4CF1-4B3C-9350-9D38944A5293}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\just cause 2\justcause2.exe |
"{7A3408CF-B9D8-4100-81C0-9690EFFBE9E5}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2\arma2.exe |
"{7A42326F-F625-4E9A-AA9E-767A04DC17AD}" = protocol=6 | dir=in | app=g:\games\fc3\bin\fc3updater.exe |
"{7DC16C7C-3E21-41E2-B6BF-C3F376711A04}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{7E5E2F73-F703-463D-9FE7-FB23A9E153E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8001B480-4408-45C7-BC59-24C39EB6E0A7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{815DD436-1B86-44E2-9189-D35F2E98EDCA}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{817EB6B2-2C56-4482-8702-3BDCA3545639}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{833FFED1-1766-4391-BEE8-B8651684DDEB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{84A97355-54E4-46E9-8EE7-911FEB88D351}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe |
"{85EC9E4A-6233-49C3-B802-4F0C35611979}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{87135DE2-B4C0-4BF3-BC6B-8D6B6960AA51}" = protocol=17 | dir=in | app=g:\games\dragon next install\dragon nest europe\dragonnest.exe |
"{87CD8A89-A5C2-4418-A331-676A27CE4E71}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{89324F4A-2652-4447-9817-CE18F7FF3710}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8AE0E40F-D26A-4503-AA5C-56019A731CE5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8B132B2D-06CD-4867-B2EF-1F02ABFC07DB}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{8B32BF4F-7D72-4A04-BA88-ABDD4BB2B583}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8C5E8241-C81B-47B9-8FAF-9C51733B240F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8CB71F4A-CF6D-49D5-9BAA-B822C50C8B2D}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{8D20D1F8-0104-4440-B0CB-96A1BAFAB70E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9006F142-A30A-40D1-999F-0C28C7AFCE02}" = protocol=6 | dir=in | app=g:\games\fc3\bin\fc3editor.exe |
"{90E581BF-199E-4AE5-93C6-D13D3FAB3758}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{96292F44-51A7-4752-9E1D-80535A1DF1CD}" = protocol=6 | dir=in | app=g:\games\stc2\starcraft ii\starcraft ii.exe |
"{96F162EC-B284-4B92-91A3-5B857F0AFD30}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{98737CD4-8A10-4AB0-8665-01A90A64A502}" = protocol=6 | dir=in | app=g:\program files (x86)\bf333\battlefield 3\bf3.exe |
"{9915D028-8DF1-4503-AD38-89E73A0925FC}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\just cause 2\justcause2.exe |
"{9FC8CED7-228A-41CB-B131-FB12C7F105D6}" = protocol=6 | dir=in | app=g:\games\utorrent\utorrent.exe |
"{A0AD2568-60EE-4957-968D-275BB91E0828}" = protocol=17 | dir=in | app=g:\games\stc2\starcraft ii\starcraft ii public test.exe |
"{A17476E2-98F3-46E7-AE61-5B186244268E}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{A45C413A-37B5-47B2-A733-E87AE2F390A0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\anno4.exe |
"{A472365A-4EFD-4CFC-91EC-9092C61072E3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A4BABAFE-4695-4702-A734-6D2514A8758D}" = protocol=6 | dir=out | app=system |
"{A6857A54-7D31-4A98-A210-822306BA11EB}" = protocol=6 | dir=in | app=g:\games\war thunder\launcher.exe |
"{A9185D5A-105A-4529-BF80-F9672F443DE3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{ABB3E7F0-6A58-4523-BA5B-6F7DE10A91F1}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{B010A4E2-AA92-4513-ACD1-87E92C4C6891}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |
"{B460B112-DDDC-4A76-B5AF-0E42A21C22FD}" = protocol=17 | dir=in | app=g:\games\stc2\starcraft ii\starcraft ii.exe |
"{B6DE891F-34FF-4BB9-BF07-D26A5DF4B84F}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{B8E4194C-CF7D-4848-BE73-A9E76E1B9DC4}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |
"{B967BE3D-6563-4155-A07D-70F053099C70}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 3 alpha lite\arma3demo.exe |
"{BAB6B462-6CC5-4B1E-9F0C-42473ADE8403}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD29D73E-3769-49DB-8E73-C9AD5F843DBF}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{BEC66D8A-DD3F-45A9-92E3-B1E2DB2C2297}" = protocol=6 | dir=in | app=g:\games\stc2\starcraft ii\starcraft ii public test.exe |
"{C11B8BEB-8A46-4685-A3EE-0100F5119AA8}" = protocol=17 | dir=in | app=g:\program files (x86)\bf333\star wars - the old republic\launcher.exe |
"{C2D249ED-B3EA-4842-BF8E-F20FA24B5B38}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C2F3CF3B-E258-46FE-B2BC-08C80F0905C8}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{C379AA5C-C587-46EE-B9B7-A526F8A04150}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C45C1833-900F-49AE-93AB-49C7BE747A64}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 3\arma3.exe |
"{C6EA3705-99F1-44BA-B1BF-18B4F420B59D}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\painkiller hell & damnation\binaries\win32\pkhdgame-win32-shipping.exe |
"{CBD5EBE0-4E33-41CB-AA9F-06DFF43FFBA9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{D230DBB5-4E2C-4CE2-A9DD-539729B7611C}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\counter-strike global offensive\bin\sdklauncher.exe |
"{D641DE0F-D50E-40AE-A194-F5793127278A}" = protocol=17 | dir=in | app=g:\games\war thunder\launcher.exe |
"{D8212FA8-7C37-4F93-A37D-021A9009C0A4}" = protocol=17 | dir=in | app=g:\program files (x86)\bf333\battlefield 3\bf3.exe |
"{D96D1B66-DFC2-4BF1-BA75-BCA9174A3A76}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\addon.exe |
"{DD5488E5-5348-44AF-B0BE-B7687892C299}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{DF79A960-3291-4313-8768-82E7C71D3106}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404 - königsedition\tools\addonweb.exe |
"{E2127ECB-A63F-4875-ABB1-102B8CF10335}" = protocol=6 | dir=in | app=g:\program files (x86)\bf333\star wars - the old republic\launcher.exe |
"{E2FE1113-FD4C-4847-8986-970CF11593EB}" = protocol=17 | dir=in | app=g:\games\utorrent\utorrent.exe |
"{E4407C54-7154-4D13-A7F2-C84FCD891101}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E57F74F5-7ABD-4247-ADE2-EC2C46217101}" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{E845612E-FC93-4687-824D-4CC8E4823FD5}" = protocol=6 | dir=in | app=g:\games\dragon next install\dragon nest europe\dragonnest.exe |
"{E87451D5-C978-414A-A009-AA7DD6581B0E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{EF9BC9DC-9B62-48CD-8C10-739FE5F3EA84}" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{F01C534D-3B0A-40F1-AF0C-954CA138CF8B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{F3FDF440-9BC3-46C5-8A90-B0E0B646F218}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F422707A-59C9-43D4-B92F-31B62B69ECC7}" = protocol=6 | dir=in | app=g:\games\fc3\bin\farcry3_d3d11.exe |
"{F5D067A5-4833-4D9C-BF33-F43B85D1F291}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{F9478A01-72A4-43B4-839D-23707B8B12E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD8647D6-ECAB-426F-A8BC-CFDBB02DF2FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFF53CE4-3036-45F8-9664-450453FDE77F}" = protocol=6 | dir=in | app=g:\program files (x86)\vivox\c3\c3.exe |
"TCP Query User{1F43478D-CE58-4E72-BB8D-952E8D98A585}G:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"TCP Query User{24F02338-7A82-442E-87C9-83971D44234A}G:\games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=g:\games\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{309C9187-F92F-4B24-8C1B-2AB409B0C07F}G:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"TCP Query User{316508E5-06F6-4190-B483-3F3399968261}G:\games\guildwars2!\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=g:\games\guildwars2!\guild wars 2\gw2.exe |
"TCP Query User{34729172-9BE2-4A5E-BCA2-9643F79C76D9}G:\games\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=g:\games\guild wars 2\gw2.exe |
"TCP Query User{35A67D0F-6BC5-4A01-8478-F746983E59EE}C:\users\user\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe |
"TCP Query User{4B00B17E-8B50-45E9-9C57-C9FFBFF53821}G:\program files (x86)\steam\steam\steamapps\sgteaglegg\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\sgteaglegg\counter-strike source\hl2.exe |
"TCP Query User{4E7F561F-7924-4031-9596-CF79C36AFF8D}C:\program files (x86)\network camera\ip discovery\ipdis.exe" = protocol=6 | dir=in | app=c:\program files (x86)\network camera\ip discovery\ipdis.exe |
"TCP Query User{51E217A1-97FF-4091-A7D4-BE8B1862ADC8}G:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=g:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{644D7C2C-074B-499A-B018-5AA0A720D773}G:\program files (x86)\steam\steam\steam.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steam.exe |
"TCP Query User{6C187D48-A837-4E22-9E65-D3AE9AEE10AA}G:\games\stc2\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=g:\games\stc2\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{85BC4735-4E7A-4188-9641-2D54DD5FA846}G:\games\tera\tera-launcher.exe" = protocol=6 | dir=in | app=g:\games\tera\tera-launcher.exe |
"TCP Query User{8FB08D29-410E-4FF3-BC5B-BF1B72C44ADB}G:\games\gps\pcgps.exe" = protocol=6 | dir=in | app=g:\games\gps\pcgps.exe |
"TCP Query User{9D207DED-2DB3-4078-B62C-48CF8D7DD917}G:\program files (x86)\steam\steam\steamapps\sgteaglegg\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\sgteaglegg\team fortress 2\hl2.exe |
"TCP Query User{A1A09623-2A31-41B5-8232-E89382329A2D}C:\program files (x86)\nvr\nvr\mainconsole.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nvr\nvr\mainconsole.exe |
"TCP Query User{A5884FF5-7BA0-496F-8CF8-BBBC39921085}C:\program files (x86)\network camera\ip discovery\ipdis.exe" = protocol=6 | dir=in | app=c:\program files (x86)\network camera\ip discovery\ipdis.exe |
"TCP Query User{A8591FEE-E4B7-4D09-95D3-045A1558BAED}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B8B9CA81-E5DB-4FFF-9A50-BBF71E867FA2}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{BAE6A435-23F2-4133-914E-A443CEDCA98F}C:\program files (x86)\nvr\nvr\mainconsole.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nvr\nvr\mainconsole.exe |
"TCP Query User{D1EBC4FF-ECB5-44CA-AB4E-663577EEB84B}G:\users\user\desktop\desktop [2]\some games\empire earth\empire earth.exe" = protocol=6 | dir=in | app=g:\users\user\desktop\desktop [2]\some games\empire earth\empire earth.exe |
"TCP Query User{E5A1A435-0DCF-46B7-BF75-D5EABDD0A875}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{EBC849D0-5ABA-4075-8F11-88EC0D4B65D4}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{EC75AEE8-3927-4698-BFB5-8C5AA2867CF5}G:\program files (x86)\vivox\c3\c3.exe" = protocol=6 | dir=in | app=g:\program files (x86)\vivox\c3\c3.exe |
"UDP Query User{051315FE-F483-4ECB-9BB8-406109D39ACA}C:\program files (x86)\nvr\nvr\mainconsole.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nvr\nvr\mainconsole.exe |
"UDP Query User{058F100F-8550-4AE8-B5A7-12A19998CD10}C:\program files (x86)\network camera\ip discovery\ipdis.exe" = protocol=17 | dir=in | app=c:\program files (x86)\network camera\ip discovery\ipdis.exe |
"UDP Query User{0B714DD4-3DF2-45B0-80AA-43104F030597}G:\program files (x86)\steam\steam\steamapps\sgteaglegg\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\sgteaglegg\team fortress 2\hl2.exe |
"UDP Query User{0DBA3891-29F9-4103-A07F-4C5625E0BA07}G:\games\tera\tera-launcher.exe" = protocol=17 | dir=in | app=g:\games\tera\tera-launcher.exe |
"UDP Query User{19DC92FB-A597-4D5F-A361-C9083B780AF4}G:\games\guildwars2!\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=g:\games\guildwars2!\guild wars 2\gw2.exe |
"UDP Query User{1F206595-4719-47D5-B577-A8B59FA1D598}C:\program files (x86)\network camera\ip discovery\ipdis.exe" = protocol=17 | dir=in | app=c:\program files (x86)\network camera\ip discovery\ipdis.exe |
"UDP Query User{210F348E-B671-4DB6-A0F1-A9C00C0D9C7D}G:\users\user\desktop\desktop [2]\some games\empire earth\empire earth.exe" = protocol=17 | dir=in | app=g:\users\user\desktop\desktop [2]\some games\empire earth\empire earth.exe |
"UDP Query User{24F7247B-27D5-482B-B7AD-3761962F22A1}G:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv episodes from liberty city\eflc\eflc.exe |
"UDP Query User{3661B1D7-C572-4BFD-9E4C-F2DAC4E7AA08}C:\users\user\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe |
"UDP Query User{3BB4445B-51B6-4BA6-AEE9-D78B78191060}G:\program files (x86)\steam\steam\steamapps\sgteaglegg\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\sgteaglegg\counter-strike source\hl2.exe |
"UDP Query User{4B087C21-F2B0-410D-BC91-A08FD189D474}G:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe |
"UDP Query User{4F25392B-89BA-4B31-9CD0-92AE5FF78AC1}G:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=g:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{55984343-603F-46BA-859E-985A84608496}G:\games\stc2\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=g:\games\stc2\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{6382E31E-4A82-45B3-81A5-AFCCEAA4AD3E}G:\games\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=g:\games\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{63B0CEA8-1851-437F-96F2-B6224166233F}G:\program files (x86)\steam\steam\steam.exe" = protocol=17 | dir=in | app=g:\program files (x86)\steam\steam\steam.exe |
"UDP Query User{75DAEFCF-E575-42C2-BD9F-B2E6C64B8D79}C:\program files (x86)\nvr\nvr\mainconsole.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nvr\nvr\mainconsole.exe |
"UDP Query User{9A2FE63A-27FB-4CD0-A1F1-931B8991540D}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{AE0A6914-525D-4446-A280-FF4FC7365F12}G:\program files (x86)\vivox\c3\c3.exe" = protocol=17 | dir=in | app=g:\program files (x86)\vivox\c3\c3.exe |
"UDP Query User{B12EAB14-F43C-4D75-8F88-E086DEDE387E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{B5DC6EC8-56F3-4DF8-A95B-44FC65FEE1B5}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"UDP Query User{D65F2702-3D53-4992-ADD0-F0BDDAFB3E29}G:\games\gps\pcgps.exe" = protocol=17 | dir=in | app=g:\games\gps\pcgps.exe |
"UDP Query User{E278D0C8-51B4-44FD-B717-0460E4AE825A}G:\games\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=g:\games\guild wars 2\gw2.exe |
"UDP Query User{ED053CD4-D2FA-48EA-AF6D-013E4AB7EE2F}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = ASUS Bluetooth Suite
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{91C4D79C-3579-48E8-ADFA-8818042AEB73}" = Logitech G930
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.0.1 (BETA)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.47.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24570B2F-3937-47F0-A16A-E82B480A7699}" = XSplit
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2DB72FFA-884E-4BD6-B326-4F89865CB113}_is1" = CCleaner Business
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{30D6B6ED-E039-4D62-8E07-E058D17A9372}" = AVerMedia RECentral
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A62FED1-759A-11E0-8248-0013D3D69929}" = Vegas Movie Studio HD Platinum 11.0
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5B80AE2E-759D-11E0-A27D-005056C00008}" = MSVCRT Redists
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{AEC41C2D-ED98-4D21-A354-05593C9D75BE}" = IP Discovery
"{aec97477-921a-4289-985a-9e29506625b6}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{B217B8BC-8543-46DB-B049-89660B8BFADD}_is1" = CCleaner Professional
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version 1.0
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron Version SRWare Iron 18.0.1050.0
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D70F0FA2-DF44-48EF-949A-EDBE764DDBC9}" = NVR
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.164
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4D34EBA-83D6-49E3-A6D6-6889C4A639A3}" = DayZ Commander
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A New Dawn" = NVIDIA A New Dawn demo
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"ASIO4ALL" = ASIO4ALL
"ATC_is1" = Advanced Tactical Center™ 1.12
"AVerMedia C985 PCIe Live Gamer HD" = AVerMedia C985 PCIe Live Gamer HD 3.3.64.20
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Blue Byte Game Channel" = Blue Byte Game Channel
"Borderlands 2_is1" = Borderlands 2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"CPUCooL" = CPUCooL (remove only)
"Crysis 3 incl. Update v1.1_is1" = Crysis 3
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"FightMouse Elite 3" = FightMouse Elite
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.0.2
"Google Maps With GPS Tracker 38.0_is1" = 38.0
"Guild Wars" = GUILD WARS
"Guild Wars 2" = Guild Wars 2
"InstallShield_{30D6B6ED-E039-4D62-8E07-E058D17A9372}" = AVerMedia RECentral
"IrfanView" = IrfanView (remove only)
"LOLReplay" = LOLReplay
"MagniDriver" = marvell 91xx driver
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network Camera Document" = Network Camera Document 2011-04-26
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PrecisionX" = EVGA Precision X 3.0.2
"PunkBusterSvc" = PunkBuster Services
"S4Uninst" = Die Siedler IV
"ShiftWindow_is1" = ShiftWindow 1.02
"StarCraft II" = StarCraft II
"Steam App 107410" = Arma 3 Alpha
"Steam App 12210" = Grand Theft Auto IV
"Steam App 200710" = Torchlight II
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 214870" = Painkiller Hell & Damnation
"Steam App 219540" = Arma 2: Operation Arrowhead Beta
"Steam App 228800" = Arma 3 Alpha Lite
"Steam App 240" = Counter-Strike: Source
"Steam App 33905" = ARMA 2 Dedicated Server
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 42910" = Magicka
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 745" = Counter-Strike: Global Offensive - SDK
"Steam App 8190" = Just Cause 2
"TeamViewer 8" = TeamViewer 8
"Tunngle beta_is1" = Tunngle beta
"Uplay" = Uplay
"uTorrent" = µTorrent
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.03.2013 04:33:19 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "G:\Games\xSplit\XSplitBroadcasterSrc.exe".
Die
abhängige Assemblierung "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.03.2013 03:40:07 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "G:\Games\xSplit\XSplitBroadcasterSrc.exe".
Die
abhängige Assemblierung "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.03.2013 23:36:04 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = Programm arma2oa.exe, Version 1.62.102.591 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1fb0 Startzeit:
01ce2c2e83db3460 Endzeit: 1 Anwendungspfad: G:\Program Files (x86)\Steam\Steam\SteamApps\common\arma
2 operation arrowhead\expansion\beta\arma2oa.exe Berichts-ID: c6822483-9821-11e2-a19e-0026832f02e6
Error - 28.03.2013 23:43:14 | Computer Name = User-PC | Source = .NET Runtime | ID = 1026
Description =
Error - 28.03.2013 23:43:15 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DayZCommander.exe, Version: 0.9.1.69,
Zeitstempel: 0x512eb8e7 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
Zeitstempel: 0x50b83c8a Ausnahmecode: 0xe0434352 Fehleroffset: 0x0000c41f ID des fehlerhaften
Prozesses: 0x14a4 Startzeit der fehlerhaften Anwendung: 0x01ce2c2de8e4d1fe Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Dotjosh Studios\DayZ Commander\Temp\3628a073-682e-4a8e-8ce8-250788f37113\DayZCommander.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: c8ef4e40-9822-11e2-a19e-0026832f02e6
Error - 28.03.2013 23:45:19 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = Programm arma2oa.exe, Version 1.62.102.591 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1a9c Startzeit:
01ce2c2fcf267cbe Endzeit: 20 Anwendungspfad: G:\Program Files (x86)\Steam\Steam\SteamApps\common\arma
2 operation arrowhead\expansion\beta\arma2oa.exe Berichts-ID: 11b8f24a-9823-11e2-a19e-0026832f02e6
Error - 29.03.2013 02:45:47 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 2.0.2.12610,
Zeitstempel: 0x4c00573a Name des fehlerhaften Moduls: Air.dll, Version: 0.0.0.0,
Zeitstempel: 0x511c7eb4 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000b027 ID des fehlerhaften
Prozesses: 0x1fc4 Startzeit der fehlerhaften Anwendung: 0x01ce2c40e3bf924f Pfad der
fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.255\deploy\LolClient.exe
Pfad
des fehlerhaften Moduls: G:\Program Files (x86)\LOLReplay\Air.dll Berichtskennung:
48d7cccd-983c-11e2-a19e-0026832f02e6
Error - 29.03.2013 11:35:10 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "G:\Games\xSplit\XSplitBroadcasterSrc.exe".
Die
abhängige Assemblierung "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.03.2013 04:34:47 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "G:\Games\xSplit\XSplitBroadcasterSrc.exe".
Die
abhängige Assemblierung "Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 30.03.2013 08:31:47 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1040 Startzeit:
01ce2d3f309e279d Endzeit: 49413 Anwendungspfad: C:\Users\User\Desktop\OTL.exe Berichts-ID:
aa1f22d8-9935-11e2-9a93-0026832f02e6
Error - 30.03.2013 08:34:19 | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1380 Startzeit:
01ce2d429548486a Endzeit: 54444 Anwendungspfad: C:\Users\User\Desktop\OTL.exe Berichts-ID:
00d91607-9936-11e2-9a93-0026832f02e6
[ System Events ]
Error - 30.03.2013 08:50:22 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 30.03.2013 08:50:25 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 30.03.2013 08:50:29 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 30.03.2013 08:50:32 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 30.03.2013 08:50:35 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 30.03.2013 08:50:39 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 30.03.2013 08:50:48 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 30.03.2013 08:50:57 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 30.03.2013 08:51:06 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 30.03.2013 08:51:15 | Computer Name = User-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
< End of report >
Code:
ATTFilter GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-30 14:21:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-AGILITY3 rev.2.15 111,79GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\User\AppData\Local\Temp\kxldapob.sys
---- User code sections - GMER 2.1 ----
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtReadFile 000000007720f8d0 5 bytes JMP 000000010051c520
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtWriteFile 000000007720f908 5 bytes JMP 000000010051ba10
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007720f9c0 5 bytes JMP 000000010051c27c
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryObject 000000007720f9d8 5 bytes JMP 000000010051bae4
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationFile 000000007720f9f0 5 bytes JMP 000000010051c468
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 000000007720fa08 5 bytes JMP 000000010051ae60
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007720fa20 5 bytes JMP 000000010051a580
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 000000007720fa70 5 bytes JMP 000000010051a640
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007720fa88 5 bytes JMP 000000010051a6f8
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryInformationProcess 000000007720fab8 5 bytes JMP 0000000100519eac
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 000000007720fb20 5 bytes JMP 000000010051ab3c
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007720fc18 5 bytes JMP 000000010051c3b0
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 000000007720fc30 5 bytes JMP 000000010051c9d8
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection 000000007720fc60 5 bytes JMP 000000010051c844
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007720fc90 5 bytes JMP 000000010051b9a8
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 000000007720fd2c 5 bytes JMP 000000010051a7dc
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007720fd44 5 bytes JMP 000000010051cc88
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007720fd78 5 bytes JMP 000000010051bbc4
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 000000007720fda8 5 bytes JMP 000000010051bcac
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtFsControlFile 000000007720fdd8 5 bytes JMP 000000010051a244
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007720fe24 5 bytes JMP 000000010051be3c
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007720fe3c 5 bytes JMP 000000010051ceac
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryVolumeInformationFile 000000007720ff6c 5 bytes JMP 000000010051c048
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 000000007720ff84 5 bytes JMP 000000010051cb60
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtFlushBuffersFile 000000007720ff9c 5 bytes JMP 000000010051a304
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcessEx 000000007720ffcc 5 bytes JMP 0000000100519cdc
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007720ffe4 5 bytes JMP 0000000100519df0
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQuerySection 0000000077210030 5 bytes JMP 000000010051c920
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077210048 5 bytes JMP 0000000100519ecc
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077210094 5 bytes JMP 000000010051c5f8
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000772101a4 5 bytes JMP 000000010051a89c
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtAccessCheck 0000000077210208 5 bytes JMP 000000010051a4a8
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateProcess 00000000772107f4 5 bytes JMP 0000000100519bc8
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtCreateUserProcess 00000000772108fc 5 bytes JMP 0000000100519f2c
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000772109c4 5 bytes JMP 000000010051c100
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000772109dc 5 bytes JMP 000000010051aa04
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077210a24 5 bytes JMP 000000010051a960
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtExtendSection 0000000077210afc 5 bytes JMP 000000010051a3e4
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077210b60 5 bytes JMP 000000010051aaa0
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtLoadKey 0000000077210dec 5 bytes JMP 000000010051afdc
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtLoadKey2 0000000077210e04 5 bytes JMP 000000010051b16c
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtLockFile 0000000077210e34 5 bytes JMP 000000010051c110
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeDirectoryFile 0000000077210f38 5 bytes JMP 000000010051a134
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077210f50 5 bytes JMP 000000010051b304
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077210ff8 5 bytes JMP 000000010051acdc
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 000000007721131c 5 bytes JMP 000000010051d038
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 000000007721145c 5 bytes JMP 000000010051b3e4
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077211508 5 bytes JMP 000000010051a068
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtReplaceKey 0000000077211728 5 bytes JMP 000000010051b4a4
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtRestoreKey 00000000772117c0 5 bytes JMP 000000010051b624
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtSaveKey 0000000077211854 5 bytes JMP 000000010051b6cc
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077211a38 5 bytes JMP 000000010051b770
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077211b7c 5 bytes JMP 0000000100519f90
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtSetVolumeInformationFile 0000000077211c7c 5 bytes JMP 000000010051bf44
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtUnloadKey 0000000077211e50 5 bytes JMP 000000010051b820
.text G:\CPUCooL\CooLSrv.exe[1936] C:\Windows\SysWOW64\ntdll.dll!NtUnlockFile 0000000077211e98 5 bytes JMP 000000010051c1d0
.text C:\Windows\SysWOW64\PnkBstrA.exe[1528] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000070ef1a22 2 bytes [EF, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1528] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000070ef1ad0 2 bytes [EF, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1528] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000070ef1b08 2 bytes [EF, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1528] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000070ef1bba 2 bytes [EF, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1528] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000070ef1bda 2 bytes [EF, 70]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075971465 2 bytes [97, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759714bb 2 bytes [97, 75]
.text ... * 2
.text C:\Users\User\AppData\Local\Akamai\netsession_win.exe[3148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075971465 2 bytes [97, 75]
.text C:\Users\User\AppData\Local\Akamai\netsession_win.exe[3148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759714bb 2 bytes [97, 75]
.text ... * 2
.text C:\Users\User\AppData\Local\Akamai\netsession_win.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075971465 2 bytes [97, 75]
.text C:\Users\User\AppData\Local\Akamai\netsession_win.exe[3360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759714bb 2 bytes [97, 75]
.text ... * 2
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [3812:1968] 000007fef2519688
---- Processes - GMER 2.1 ----
Library C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1020] 00000000746e0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0026832f02e6
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0026832f02e6 (not active ControlSet)
---- EOF - GMER 2.1 ----
Code:
ATTFilter OTL logfile created on: 30.03.2013 13:37:18 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,98 Gb Total Physical Memory | 14,27 Gb Available Physical Memory | 89,34% Memory free 31,95 Gb Paging File | 30,09 Gb Available in Paging File | 94,18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 21,10 Gb Free Space | 18,89% Space Free | Partition Type: NTFS Drive D: | 630,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 100,00 Mb Total Space | 65,84 Mb Free Space | 65,84% Space Free | Partition Type: NTFS Drive G: | 931,41 Gb Total Space | 372,08 Gb Free Space | 39,95% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.03.30 13:06:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.03.12 17:53:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.01.26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\User\AppData\Local\Akamai\netsession_win.exe PRC - [2013.01.19 03:51:31 | 001,129,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.08.08 15:24:41 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.31 03:08:58 | 000,339,456 | ---- | M] (AVerMedia) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe PRC - [2012.05.08 15:23:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 15:23:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.12.01 17:11:48 | 000,743,936 | ---- | M] () -- G:\CPUCooL\CooLSRV.exe PRC - [2011.10.31 19:30:00 | 000,167,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe PRC - [2011.03.23 10:42:52 | 001,516,888 | ---- | M] (Logitech(c)) -- G:\Program Files (x86)\Logitech 930\G930.exe PRC - [2010.06.09 05:36:50 | 001,273,856 | ---- | M] () -- G:\RazerMaus\Gaming 3.exe ========== Modules (No Company Name) ========== MOD - [2010.06.09 05:36:50 | 001,273,856 | ---- | M] () -- G:\RazerMaus\Gaming 3.exe ========== Services (SafeList) ========== SRV - [2013.03.15 17:29:10 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.03.13 15:53:18 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.12 17:53:34 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.03.09 12:21:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.04 10:02:07 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.01.19 03:50:09 | 002,070,304 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.11.26 18:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2012.07.31 03:08:58 | 000,339,456 | ---- | M] (AVerMedia) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRECentral.exe -- (AVerRECentral) SRV - [2012.05.15 11:59:00 | 004,687,672 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2012.05.08 15:23:01 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 15:23:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.01 17:11:48 | 000,743,936 | ---- | M] () [Auto | Running] -- G:\CPUCooL\CooLSRV.exe -- (CPUCooLServer) SRV - [2011.10.31 19:30:00 | 000,167,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Auto | Running] -- C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe -- (AVerUpdateServer) SRV - [2011.05.31 08:42:06 | 000,210,024 | ---- | M] (DTS) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\DTSAudioService64.exe -- (DTSAudioService) SRV - [2011.03.01 14:43:52 | 000,076,448 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.03.11 20:00:47 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.12.29 11:34:47 | 000,447,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB) DRV:64bit: - [2012.12.19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.09 06:38:36 | 002,271,360 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer330.sys -- (AVer330) DRV:64bit: - [2012.06.18 03:09:12 | 000,097,792 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd) DRV:64bit: - [2012.06.18 03:09:10 | 000,021,504 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzendpt.sys -- (rzendpt) DRV:64bit: - [2012.05.08 15:23:01 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.08 15:23:01 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.16 15:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.06.02 09:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011.06.02 09:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2011.05.16 22:15:12 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2011.03.18 16:20:22 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly) DRV:64bit: - [2011.03.18 13:33:48 | 000,335,688 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.01 14:44:08 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.03.01 14:44:06 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.03.01 14:44:06 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.03.01 14:44:06 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.03.01 14:44:06 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.03.01 14:44:06 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.03.01 14:44:06 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.03.01 14:44:04 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2010.11.22 08:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.11 20:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp) DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8133db2e-151a-420a-aa91-6d77b94065c0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8133db2e-151a-420a-aa91-6d77b94065c0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8133db2e-151a-420a-aa91-6d77b94065c0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=5c7151d600000000000000ffb4d425d0 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 38 F8 25 4F 21 CD 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8133db2e-151a-420a-aa91-6d77b94065c0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8133db2e-151a-420a-aa91-6d77b94065c0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {8CC3E3A7-D488-4711-BA8C-0E800247F4C9} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8133db2e-151a-420a-aa91-6d77b94065c0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112542&tt=010812_906_cln_3212_5&babsrc=SP_ss&mntrId=5c7151d60000000000000026832f02e6 IE - HKCU\..\SearchScopes\{8CC3E3A7-D488-4711-BA8C-0E800247F4C9}: "URL" = hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=5c7151d600000000000000ffb4d425d0&q={searchTerms}&r=446 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\User\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: G:\Flyff\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.13 21:03:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 12:21:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 12:21:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.11 07:01:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2013.02.13 14:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\pqxy4g0i.default\extensions [2013.02.13 14:00:26 | 000,001,435 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pqxy4g0i.default\searchplugins\spamfreesearch.xml [2013.03.09 12:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.09 12:21:57 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.12.31 22:54:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.31 22:54:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.12.31 22:54:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.12.31 22:54:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.12.31 22:54:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.12.31 22:54:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Gaming 3] G:\RazerMaus\Gaming 3.exe () O4 - HKLM..\Run: [Logitech G930] G:\Program Files (x86)\Logitech 930\G930.exe (Logitech(c)) O4 - HKLM..\Run: [NVR] C:\Program Files (x86)\NVR\NVR\MainConsole.exe () O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {1384A8DE-7296-49DA-B7F8-8A9A5984BE52} hxxp://192.168.178.30/AxRTSP.cab (RTSPCtl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4D425D0-3865-43DF-AF2B-E731192CCD1C}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C778B360-3265-47DB-B2D9-8D29735EF536}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C778B360-3265-47DB-B2D9-8D29735EF536}: NameServer = 8.8.8.8,8.8.4.4 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - AppInit_DLLs: (G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured_x64.dll) - File not found O20:64bit: - AppInit_DLLs: (G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured_x64.dll) - File not found O20 - AppInit_DLLs: (G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured.dll) - File not found O20 - AppInit_DLLs: (G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2003.10.21 12:05:21 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ] O32 - AutoRun File - [2002.11.12 16:39:16 | 000,258,048 | R--- | M] () - D:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2002.01.29 10:43:23 | 000,000,096 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{1fe80fb0-20cb-11e2-9a5a-0026832f02e6}\Shell - "" = AutoRun O33 - MountPoints2\{1fe80fb0-20cb-11e2-9a5a-0026832f02e6}\Shell\AutoRun\command - "" = L:\Setup.exe O33 - MountPoints2\{922771af-63e4-11e2-9ce4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{922771af-63e4-11e2-9ce4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2002.11.12 16:39:16 | 000,258,048 | R--- | M] () O33 - MountPoints2\{9c93de7d-8a19-11e2-8550-0026832f02e6}\Shell - "" = AutoRun O33 - MountPoints2\{9c93de7d-8a19-11e2-8550-0026832f02e6}\Shell\AutoRun\command - "" = H:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.30 13:36:44 | 000,000,000 | R--D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2013.03.30 13:06:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.03.30 13:03:58 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\System! [2013.03.26 10:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA [2013.03.26 10:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA [2013.03.26 07:55:55 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\DragonNest [2013.03.26 07:07:34 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eFusion [2013.03.15 13:24:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Sophos [2013.03.15 13:20:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.03.15 13:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2013.03.14 13:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubi Soft [2013.03.14 13:06:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blue Byte [2013.03.14 13:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Byte [2013.03.13 20:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare [2013.03.12 14:37:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Crysis 3 [2013.03.12 14:31:29 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs [2013.03.12 13:14:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\EA Games [2013.03.11 20:10:46 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\ANNO 1404 Venedig [2013.03.11 20:07:31 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Tunngle [2013.03.11 20:06:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ubisoft [2013.03.11 20:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2013.03.11 10:01:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013.03.09 12:21:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.06 18:14:47 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Arma 3 Alpha - Other Profiles [2013.03.06 18:06:58 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Arma 3 Alpha [2013.03.06 18:06:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Arma 3 Alpha [2013.03.06 07:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.04 22:07:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\WarThunder [2013.03.04 22:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WarThunder [2013.03.04 22:07:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\War Thunder [2012.08.16 10:51:01 | 001,178,624 | ---- | C] (CPUID) -- C:\Users\User\AppData\Roaming\siw_sdk.dll [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.30 13:43:44 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.30 13:43:44 | 000,023,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.30 13:40:47 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.03.30 13:40:47 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.03.30 13:40:47 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.03.30 13:40:47 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.03.30 13:40:47 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.03.30 13:36:39 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini [2013.03.30 13:36:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.30 13:36:28 | 4276,682,750 | -HS- | M] () -- C:\hiberfil.sys [2013.03.30 13:06:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.03.30 13:05:40 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable [2013.03.30 12:54:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1669887493-268872783-2900105303-1000UA.job [2013.03.30 12:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.30 09:54:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1669887493-268872783-2900105303-1000Core.job [2013.03.27 10:40:40 | 000,000,719 | ---- | M] () -- C:\Users\User\Desktop\TERA.lnk [2013.03.15 13:21:47 | 000,000,142 | ---- | M] () -- C:\Windows\ODBC.INI [2013.03.15 06:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2013.03.14 17:00:03 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.03.14 17:00:03 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.14 16:38:35 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.03.14 13:14:19 | 000,000,643 | ---- | M] () -- C:\Users\User\Desktop\S4.exe.lnk [2013.03.12 17:53:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.03.12 14:37:39 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\Crysis 3.lnk [2013.03.11 20:00:47 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.03.11 20:00:41 | 000,000,898 | ---- | M] () -- C:\Users\User\Desktop\DAEMON Tools Lite.lnk [2013.03.11 19:19:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2013.03.10 11:45:21 | 000,000,099 | ---- | M] () -- C:\Users\User\Desktop\Reiseapotheke für Südafrika - Checkliste für Ihre Reise.url [2013.03.06 17:57:32 | 000,000,228 | ---- | M] () -- C:\Users\User\Desktop\Arma 3 Alpha.url [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.30 13:05:40 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable [2013.03.26 10:44:33 | 000,000,719 | ---- | C] () -- C:\Users\User\Desktop\TERA.lnk [2013.03.15 13:21:47 | 000,000,142 | ---- | C] () -- C:\Windows\ODBC.INI [2013.03.14 13:14:19 | 000,000,643 | ---- | C] () -- C:\Users\User\Desktop\S4.exe.lnk [2013.03.14 13:07:07 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll [2013.03.14 13:07:07 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll [2013.03.14 13:07:07 | 000,035,840 | R--- | C] () -- C:\Windows\SysWow64\comdlg32.oca [2013.03.14 13:07:06 | 000,029,184 | R--- | C] () -- C:\Windows\SysWow64\MSINET.oca [2013.03.12 17:49:15 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.12 17:49:15 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.03.12 17:49:14 | 000,839,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013.03.12 14:37:39 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\Crysis 3.lnk [2013.03.11 20:00:37 | 000,000,898 | ---- | C] () -- C:\Users\User\Desktop\DAEMON Tools Lite.lnk [2013.03.11 19:19:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2013.03.10 11:45:21 | 000,000,099 | ---- | C] () -- C:\Users\User\Desktop\Reiseapotheke für Südafrika - Checkliste für Ihre Reise.url [2013.03.06 17:57:32 | 000,000,228 | ---- | C] () -- C:\Users\User\Desktop\Arma 3 Alpha.url [2013.01.16 18:57:15 | 000,614,400 | ---- | C] () -- C:\Windows\SysWow64\sptlib21.dll [2013.01.16 18:57:15 | 000,421,888 | ---- | C] () -- C:\Windows\SysWow64\sptlib02.dll [2013.01.16 18:57:15 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\sptlib01.dll [2013.01.16 18:57:15 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\sptlib22.dll [2013.01.16 18:57:15 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\sptlib03.dll [2013.01.16 18:57:15 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\sptlib11.dll [2013.01.16 18:57:15 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\sptlib12.dll [2012.10.30 19:48:08 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2012.08.15 20:08:17 | 000,000,413 | ---- | C] () -- C:\Users\User\AppData\Roaming\All CPU Meter_Settings.ini [2012.06.14 20:12:19 | 000,007,604 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg [2012.06.07 16:11:46 | 000,004,436 | ---- | C] () -- C:\Windows\jqxf_mg16.ini [2012.06.07 16:11:46 | 000,001,441 | ---- | C] () -- C:\Windows\cvww-tmr24.ini [2012.05.21 10:15:11 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe [2012.04.23 14:24:44 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.04.23 10:52:03 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.04.23 10:51:53 | 000,032,187 | ---- | C] () -- C:\Windows\Ascd_tmp.ini [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.31 18:39:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft [2012.07.16 16:38:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Aeria Games & Entertainment [2012.05.14 14:47:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon [2013.03.11 20:03:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite [2013.01.26 23:19:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Downloaded Installations [2012.08.09 13:59:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FOG Downloader [2012.05.06 14:46:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FreeFLVConverter [2012.12.08 20:29:50 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo [2012.07.26 21:50:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gslist [2012.05.04 17:02:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\KeePass [2013.01.16 18:46:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\KillProcess [2012.07.28 18:30:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech [2012.04.23 16:06:37 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient [2012.05.24 16:56:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LolClient2 [2013.03.30 13:52:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NetSpeedMonitor [2012.04.26 07:11:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Notepad++ [2012.10.28 14:04:09 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenCandy [2012.12.02 15:05:12 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin [2012.12.26 18:17:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PDAppFlex [2012.05.08 13:54:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Publish Providers [2012.08.24 15:16:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\RotMG.Production [2012.07.15 11:06:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\runic games [2012.07.22 13:59:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\six-zsync [2012.05.08 13:54:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Sony [2012.08.05 20:12:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spirited Machine [2012.04.25 08:55:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\SplitMediaLabs [2012.07.13 14:22:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.02.08 16:19:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer [2012.07.19 22:27:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Teeworlds [2012.05.07 21:14:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird [2013.03.30 12:02:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client [2013.03.11 22:22:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tunngle [2013.03.11 20:34:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ubisoft [2013.02.28 08:13:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity [2013.02.26 14:06:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent [2013.01.10 08:22:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wacom ========== Purity Check ========== < End of report >  |
|
31.05.2013, 12:11
| #2 |
| /// the machine /// TB-Ausbilder    | Belastung durch Viren vorhanden ? Hi,
__________________Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Systemscan mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32bit oder FRST 64bit (Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)
__________________ |
|
31.05.2013, 16:36
| #3 |
| Gesperrt | Belastung durch Viren vorhanden ?Code:
ATTFilter # AdwCleaner v2.301 - Datei am 31/05/2013 um 17:12:12 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : User - USER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : BrowserProtect
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\END
Datei Gelöscht : C:\user.js
Gelöscht mit Neustart : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browserprotect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\browserprotect.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Vid-Saver
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\5e55d9d8b13db847
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1005247F-A178-490A-8DC3-6BAF09EA427B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\blekko_1311013_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\blekko_1311013_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_nonsearch_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5e55d9d8b13db847
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKU\S-1-5-21-1669887493-268872783-2900105303-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKU\S-1-5-21-1669887493-268872783-2900105303-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=8bb30316-d6a9-4fe0-a4c9-a482ba046337&searchtype=ds&q={searchTerms}&installDate=05/04/2013 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=8bb30316-d6a9-4fe0-a4c9-a482ba046337&searchtype=ds&q={searchTerms}&installDate=05/04/2013 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=8133db2e-151a-420a-aa91-6d77b94065c0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (de)
-\\ Google Chrome v27.0.1453.94
-\\ Chromium v negative_upload_rate: 1.0
*************************
AdwCleaner[S1].txt - [17688 octets] - [31/05/2013 17:12:12]
########## EOF - C:\AdwCleaner[S1].txt - [17749 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by User on 31.05.2013 at 17:15:45,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1669887493-268872783-2900105303-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\browserprotect"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\User\appdata\local\vid-saver"
Successfully deleted: [Folder] "C:\Users\User\appdata\locallow\blekko"
Successfully deleted: [Folder] "C:\Users\User\AppData\Roaming\microsoft\windows\start menu\programs\BrowserProtect"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pqxy4g0i.default\user.js
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pqxy4g0i.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pqxy4g0i.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pqxy4g0i.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pqxy4g0i.default\searchplugins\web search.xml
Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pqxy4g0i.default\extensions\helperbar@helperbar.com
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pqxy4g0i.default\prefs.js
user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119816&tt=gc_150213_lnkry&babsrc=NT_ss&mntrId=5C7100FFB64FB84C");
user_pref("browser.search.order.1", "Delta Search");
user_pref("browser.search.selectedEngine", "Delta Search");
user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=119816&tt=gc_150213_lnkry&babsrc=HP_ss&mntrId=5C7100FFB64FB84C");
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
user_pref("extensions.spamfreesearch.hmpgUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=homepage&u=5c7151d600000000000000ffb4d425d0");
user_pref("extensions.spamfreesearch.keyWordUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=rbox&u=5c7151d600000000000000ffb4d425d0&q=");
user_pref("extensions.spamfreesearch.prtnrId", "blekko");
user_pref("extensions.spamfreesearch.srchPrvdr", "blekko");
user_pref("extensions.spamfreesearch.tlbrSrchUrl", "hxxp://blekko.com/ws/?source=5f97ddbe&tbp=main&u=5c7151d600000000000000ffb4d425d0&q=");
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\pqxy4g0i.default\minidumps [19 files]
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2013 at 17:18:37,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-05-2013 01
Ran by User at 2013-05-31 17:19:56 Run:
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe AIR (Version: 3.7.0.1860)
Adobe Community Help (Version: 3.4.980)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader XI - Deutsch (Version: 11.0.00)
Adobe Shockwave Player 12.0 (Version: 12.0.0.112)
Advanced Tactical Center™ 1.12 (Version: 1.1.2.0)
Akamai NetSession Interface
ANNO 1404 - Königsedition (Version: 3.10.0000)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
Arma 2
Arma 2: Operation Arrowhead
Arma 3 Alpha
ASIO4ALL (Version: 2.10)
Asmedia ASM104x USB 3.0 Host Controller Driver (Version: 1.12.5.0)
ASUS Bluetooth Suite (Version: 7.02.000.60)
Battlefield 3™ (Version: 1.4.0.0)
Battlelog Web Plugins (Version: 2.1.4)
BattlEye for OA Uninstall
BattlEye Uninstall
BioShock Infinite
Blue Byte Game Channel
Borderlands 2
Call of Duty: Black Ops II
Call of Duty: Black Ops II - Multiplayer
Call of Duty: Black Ops II - Zombies
CCleaner Business (Version: v3.19.1721)
CCleaner Professional (Version: v3.19.1721)
Counter-Strike: Global Offensive - SDK
Counter-Strike: Source
CPUCooL (remove only)
Crysis 3 (Version: 1.2.0.0)
Darksiders
DayZ Commander (Version: 0.91.4)
Dead Island Riptide (c) Deep Silver version 1 (Version: 1)
Dead Island Riptide DLC-Pack Plus RELOADED Crack 1.00 (Version: 1.00)
Dead Island Riptide DLC-Pack Plus Update 1 1.00 (Version: 1.00)
DEFIANCE
DefianceRuntimes (Version: 1.0.2)
Delta (Version: 1.6.1.935)
Diablo III (Version: 1.0.7.14633)
Die Siedler IV
Dota 2
Dragon's Prophet (Version: 1.0.1087.5)
ESN Sonar (Version: 0.70.4)
EVGA Precision X 3.0.2 (Version: 3.0.2)
Far Cry 3 (Version: 1.04)
FightMouse Elite
Flyff (Version: Flyff)
Free FLV Converter V 7.4.0 (Version: 7.4.0.0)
Freemake Video Converter Version 3.0.2 (Version: 3.0.2)
GIMP 2.8.4 (Version: 2.8.4)
Google Chrome (Version: 27.0.1453.94)
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
GUILD WARS
Guild Wars 2
Intel(R) Management Engine Components (Version: 8.1.0.1281)
Intel® Trusted Connect Service Client (Version: 1.24.738.1)
IP Discovery (Version: 1.0.0)
IrfanView (remove only) (Version: 4.35)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
JavaFX 2.1.1 (Version: 2.1.1)
Just Cause 2
League of Legends (Version: 1.3)
Logitech G930 (Version: 1.0.364)
Logitech GamePanel Software 3.06.109 (Version: 3.06.109)
LogMeIn Hamachi (Version: 2.1.0.362)
Magicka
marvell 91xx driver (Version: 1.2.0.1019)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office Excel Viewer (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 20.0.1 (x86 de) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSVCRT Redists (Version: 1.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MySQL Connector/ODBC 5.1 (Version: 5.1.5)
NetSpeedMonitor 2.5.4.0 x64 (Version: 2.5.4.0)
Network Camera Document 2011-04-26 (Version: 2011-04-26)
Nexon Game Manager
Notepad++ (Version: 6.1.1)
NVIDIA 3D Vision Controller-Treiber 320.18 (Version: 320.18)
NVIDIA 3D Vision Treiber 320.18 (Version: 320.18)
NVIDIA A New Dawn demo (Version: 1.05)
NVIDIA Grafiktreiber 320.18 (Version: 320.18)
NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX-Systemsoftware 9.12.1031 (Version: 9.12.1031)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.2018)
NVIDIA Systemsteuerung 320.18 (Version: 320.18)
NVIDIA Update 2.47.62 (Version: 2.47.62)
NVIDIA Update Components (Version: 2.47.62)
NVR (Version: 2.0.5)
OpenAL
Origin (Version: 9.0.13.2142)
Painkiller Hell & Damnation
Pando Media Booster (Version: 2.6.0.8)
Path of Exile (Version: 0.10.6.24140)
PDF Settings CS5 (Version: 10.0)
Play withSIX (Version: 1.30.0434)
PSE11 STI Installer (Version: 11.0)
PunkBuster Services (Version: 0.992)
QuickTime (Version: 7.71.80.42)
Realtek Ethernet Controller Driver (Version: 7.46.610.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6662)
Red Faction: Armageddon
Skype™ 6.3 (Version: 6.3.107)
Spiral Knights
SRWare Iron Version SRWare Iron 18.0.1050.0 (Version: SRWare Iron 18.0.1050.0)
Star Wars: The Old Republic (Version: 1.0.0.0)
StarCraft II (Version: 1.5.4.24540)
Steam (Version: 1.0.0.0)
Stormblade Launcher 1.1
swMSM (Version: 12.0.0.1)
System Requirements Lab CYRI (Version: 5.0.6.0)
TeamSpeak 3 Client (Version: 3.0.10.1)
TERA (Version: 19.04.02.03.hf3)
The Elder Scrolls V: Skyrim
The War Z version 1.0 (Version: 1.0)
Torchlight II
Tunngle beta
Ubisoft Game Launcher (Version: 1.0.0.0)
Unity Web Player (Version: )
Unlocker 1.9.1-x64 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Uplay (Version: 2.0)
War Thunder Launcher 1.0.1.164
WebTablet FB Plugin (Version: 2.0.0.1)
WebTablet IE Plugin (Version: 1.1.0.12)
WebTablet Netscape Plugin (Version: 1.1.0.10)
WildStar (Version: 0.5.0.6103)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
World of Warcraft (Version: 5.2.0.16826)
Worms Revolution
XSplit (Version: 1.1.1210.3101)
==================== Restore Points =========================
31-05-2013 10:23:20 SlimDrivers Installing Drivers
31-05-2013 10:27:28 SlimDrivers Installing Drivers
31-05-2013 10:29:35 SlimDrivers Installing Drivers
31-05-2013 10:31:34 SlimDrivers Installing Drivers
31-05-2013 10:32:06 SlimDrivers Installing Drivers
31-05-2013 10:32:56 SlimDrivers Installing Drivers
31-05-2013 11:07:44 Removed SlimDrivers
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2013-04-12 12:12:04.706
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Games\unlok\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-12 12:12:04.628
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Games\unlok\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-12 12:12:04.550
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Games\unlok\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-12 12:12:04.472
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Games\unlok\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-12 12:11:51.003
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Games\unlok\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-12 12:11:50.925
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Games\unlok\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-12 12:11:50.863
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Games\unlok\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-12 12:11:50.783
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Games\unlok\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-12 12:11:34.823
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Games\unlok\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-12 12:11:34.745
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume4\Games\unlok\UnlockerDriver5.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 16360.75 MB
Available physical RAM: 13912.46 MB
Total Pagefile: 32719.68 MB
Available Pagefile: 30331.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:29.66 GB) NTFS (Disk=1 Partition=2)
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive g: () (Fixed) (Total:931.41 GB) (Free:291.19 GB) NTFS (Disk=0 Partition=2)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2019D7DF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 3FE19399)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01
Ran by User (administrator) on 31-05-2013 17:19:41
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
() G:\CPUCooL\CooLSrv.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
() G:\RazerMaus\Gaming 3.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(SRWare) C:\SRWare Iron\iron.exe
(SRWare) C:\SRWare Iron\iron.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [615584 2011-03-01] (Atheros Communications)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6548112 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORDTSUPTBT [1212560 2000-01-01] (Realtek Semiconductor)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\User\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-23] (Google Inc.)
HKCU\...\Run: [RGSC] G:\Program Files (x86)\Steam\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\RGSCLauncher.exe /silent [x]
MountPoints2: {1fe80fb0-20cb-11e2-9a5a-0026832f02e6} - L:\Setup.exe
MountPoints2: {9c93de7d-8a19-11e2-8550-0026832f02e6} - H:\setup.exe
HKLM-x32\...\Run: [NVR] C:\Program Files (x86)\NVR\NVR\MainConsole.exe [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Logitech G930] G:\Program Files (x86)\Logitech 930\G930.exe [x]
HKLM-x32\...\Run: [Gaming 3] "G:\RazerMaus\Gaming 3.exe" /hide [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "G:\Games\hamachi-2-ui.exe" --auto-start [x]
HKLM-x32\...\Run: [QuickTime Task] "G:\Games\QTTask.exe" -atboottime [x]
AppInit_DLLs: ,G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured.dll,G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured.dll ,G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured_x64.dll,G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured_x64.dll [97280 2009-07-14] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
PDF: HKLM-x32 {1384A8DE-7296-49DA-B7F8-8A9A5984BE52} hxxp://192.168.178.30/AxRTSP.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pqxy4g0i.default
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - G:\Games\Videos LV\VLC\npvlc.dll No File
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
Chrome:
=======
CHR HomePage: hxxp://www.delta-search.com/?affID=119816&tt=gc_150213_lnkry&babsrc=HP_ss&mntrId=5C7100FFB64FB84C
CHR RestoreOnStartup: "hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=8bb30316-d6a9-4fe0-a4c9-a482ba046337&searchtype=hp&installDate=05/04/2013"
==================== Services (Whitelisted) =================
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-12] ()
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 CPUCooLServer; G:\CPUCooL\CooLSrv.exe [743936 2011-12-01] ()
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2000-01-01] (DTS)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4687672 2012-05-15] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-12] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)
S2 AVerUpdateServer; "C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe" [x]
S2 Hamachi2Svc; G:\Games\hamachi-2.exe -s [x]
==================== Drivers (Whitelisted) ====================
S3 AVer330; C:\Windows\System32\DRIVERS\AVer330.sys [2271360 2012-08-09] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-11] (DT Soft Ltd)
S3 LADF_BakerCOnly; C:\Windows\System32\DRIVERS\ladfBakerCamd64.sys [410184 2011-03-18] (Logitech)
S3 LADF_BakerROnly; C:\Windows\System32\DRIVERS\ladfBakerRamd64.sys [335688 2011-03-18] (Logitech)
R1 ntiopnp; C:\Windows\System32\Drivers\ntiopnp.sys [19544 2010-11-11] ()
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [21504 2012-06-18] (Razer USA Ltd)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-05-31 17:19 - 2013-05-31 17:19 - 00000000 ____D C:\FRST
2013-05-31 17:18 - 2013-05-31 17:18 - 00004236 ____A C:\Users\User\Desktop\JRT.txt
2013-05-31 17:15 - 2013-05-31 17:15 - 00000000 ____D C:\Windows\ERUNT
2013-05-31 17:15 - 2013-05-31 17:15 - 00000000 ____D C:\JRT
2013-05-31 17:14 - 2013-05-31 17:14 - 00017709 ____A C:\Users\User\Desktop\AdwCleaner[S1].txt
2013-05-31 17:12 - 2013-05-31 17:12 - 00017709 ____A C:\AdwCleaner[S1].txt
2013-05-31 17:12 - 2013-05-31 17:12 - 00000097 ____A C:\Windows\DeleteOnReboot.bat
2013-05-31 17:11 - 2013-05-31 17:11 - 00000092 ____A C:\Users\User\Desktop\Belastung durch Viren vorhanden - - Trojaner-Board.url
2013-05-31 17:10 - 2013-05-31 17:11 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\User\Desktop\JRT.exe
2013-05-31 17:10 - 2013-05-31 17:10 - 01915980 ____A (Farbar) C:\Users\User\Desktop\FRST64.exe
2013-05-31 17:10 - 2013-05-31 17:10 - 00632031 ____A C:\Users\User\Desktop\adwcleaner.exe
2013-05-31 12:32 - 2013-05-31 12:32 - 00000000 ____D C:\ProgramData\Intel
2013-05-31 12:32 - 2013-05-31 12:32 - 00000000 ____D C:\Program Files\Intel
2013-05-31 12:32 - 2000-01-01 02:00 - 00062784 ____A (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2013-05-31 12:27 - 2013-05-31 12:27 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-05-31 12:27 - 2000-01-01 02:00 - 08363864 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 05096448 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2013-05-31 12:27 - 2000-01-01 02:00 - 04065296 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2013-05-31 12:27 - 2000-01-01 02:00 - 03615888 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 02674320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 02605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 02131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 01756264 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 01568360 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2013-05-31 12:27 - 2000-01-01 02:00 - 01486952 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 01361336 ____A (TOSHIBA Corporation) C:\Windows\System32\tosade.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 01345368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 01262696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 01015640 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00869520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00836544 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00728680 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00712296 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00693352 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00603984 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00537456 ____A (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00524656 ____A (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00491112 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00449392 ____A (DTS) C:\Windows\System32\DTSU2PREC64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00432744 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00428648 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00396632 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00341336 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00318808 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
2013-05-31 12:27 - 2000-01-01 02:00 - 00242792 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00242792 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00241768 ____A (DTS) C:\Windows\System32\DTSGFXAPONS64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00221024 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00220776 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00148416 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00141152 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00123744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00105616 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00081248 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00078688 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00074592 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00074064 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00065944 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll
2013-05-31 12:09 - 2013-05-31 12:15 - 00000000 ____D C:\Users\User\Desktop\ordner der Hilfe
2013-05-31 12:04 - 2013-05-31 12:04 - 00000000 ____D C:\Users\User\AppData\Local\SlimWare Utilities Inc
2013-05-31 12:04 - 2013-05-31 12:04 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-05-31 09:37 - 2013-05-31 17:07 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2013-05-30 20:24 - 2013-05-31 15:43 - 00000000 ____D C:\Users\User\Documents\dragoon
2013-05-30 19:42 - 2013-05-30 19:42 - 00000000 ____D C:\ProgramData\Apple Computer
2013-05-30 18:08 - 2013-05-30 18:08 - 00002598 ____A C:\Users\User\AppData\Local\recently-used.xbel
2013-05-30 17:51 - 2013-05-30 17:51 - 00000000 ____D C:\Users\User\.thumbnails
2013-05-30 17:49 - 2013-05-30 18:09 - 00000000 ____D C:\Users\User\.gimp-2.8
2013-05-30 17:49 - 2013-05-30 17:49 - 00000000 ____D C:\Users\User\AppData\Local\gegl-0.2
2013-05-30 17:48 - 2013-05-30 17:49 - 00000000 ____D C:\Program Files\GIMP 2
2013-05-29 11:04 - 2013-05-29 11:04 - 00364763 ____A (hxxp://magiclauncher.com) C:\Users\User\Desktop\MagicLauncher_1.1.4.exe
2013-05-28 23:27 - 2013-05-28 23:27 - 00000784 ____A C:\Users\User\Desktop\Desktop - Verknüpfung.lnk
2013-05-28 20:54 - 2013-05-28 20:54 - 00000874 ____A C:\Users\User\Desktop\mc crap - Verknüpfung.lnk
2013-05-26 21:57 - 2010-11-20 15:25 - 00257024 ____A (Microsoft Corporation) C:\Users\User\Desktop\taskmgr.exe
2013-05-25 21:40 - 2013-05-27 10:49 - 00000000 ____D C:\Users\User\AppData\Local\LogMeIn Hamachi
2013-05-25 19:40 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-25 19:40 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-25 15:37 - 2013-05-25 15:37 - 00000797 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-05-24 23:27 - 2013-05-24 23:27 - 00000000 ____D C:\Users\User\AppData\Roaming\NCSOFT
2013-05-24 23:27 - 2013-05-24 23:27 - 00000000 ____D C:\Users\User\AppData\Local\NCSOFT
2013-05-24 23:25 - 2013-05-24 23:25 - 03325440 ____A (NCSOFT) C:\Users\User\Desktop\Wildstar.exe
2013-05-23 17:37 - 2013-05-23 17:37 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
2013-05-23 17:27 - 2013-05-12 23:42 - 27775776 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 21096736 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 15143904 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 13403168 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 12426216 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 11216160 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-05-23 17:27 - 2013-05-12 23:42 - 09233688 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 07682960 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 07641832 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 06324360 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 02942240 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 02754336 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 02363680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 02002720 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 01832224 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6432018.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 01511712 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432018.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 00550176 ____A (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 00518944 ____A (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 00443168 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 00421152 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-05-23 17:27 - 2013-02-25 07:27 - 00194848 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2013-05-23 17:27 - 2013-02-25 07:27 - 00031520 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2013-05-23 17:26 - 2013-05-12 23:42 - 25256224 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-05-23 17:26 - 2013-05-12 23:42 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-05-23 17:24 - 2013-05-23 17:24 - 00000000 ____D C:\NVIDIA
2013-05-18 17:59 - 2013-03-19 17:59 - 00000032 ___RA C:\ProgramData\hash.dat
2013-05-18 17:53 - 2013-05-18 17:53 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-18 17:53 - 2013-05-18 17:53 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-18 17:53 - 2013-05-18 17:53 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-18 17:53 - 2013-05-18 17:53 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-18 17:53 - 2013-05-18 17:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-18 17:46 - 2013-05-18 17:46 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-18 17:46 - 2013-05-18 17:46 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-18 17:46 - 2013-05-18 17:46 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-18 17:46 - 2013-05-18 17:46 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-18 17:46 - 2013-05-18 17:46 - 00000000 ____D C:\Program Files\Java
2013-05-16 19:59 - 2013-05-16 20:00 - 00000000 ____D C:\Stormblade
2013-05-16 19:59 - 2013-05-16 19:59 - 00000244 ____A C:\Windows\ODBCINST.INI
2013-05-16 19:59 - 2013-05-16 19:59 - 00000000 ____D C:\Program Files (x86)\MySQL
2013-05-16 19:59 - 2010-12-11 11:47 - 00231936 ____A (Tools & Components) C:\Windows\SysWOW64\sevXPCtl.ocx
2013-05-16 19:59 - 2010-12-05 14:15 - 00370176 ____A (Tools & Components) C:\Windows\SysWOW64\sevDataGrid2.ocx
2013-05-16 19:59 - 2010-10-08 07:49 - 00294400 ____A (Tools & Components) C:\Windows\SysWOW64\sevEin20.ocx
2013-05-16 19:59 - 2010-04-11 11:33 - 00117248 ____A (Tools & Components) C:\Windows\SysWOW64\sevClb20.ocx
2013-05-16 19:59 - 2010-02-21 13:34 - 00141824 ____A (Tools & Components) C:\Windows\SysWOW64\sevCmd3.ocx
2013-05-16 19:59 - 2009-12-03 12:21 - 00125712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-05-16 19:59 - 2006-10-07 13:04 - 00062976 ____A (Tools & Components) C:\Windows\SysWOW64\sevList32.ocx
2013-05-15 14:33 - 2013-05-05 23:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 14:33 - 2013-05-05 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 14:33 - 2013-05-05 21:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 14:33 - 2013-05-05 21:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 14:33 - 2013-04-05 03:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 14:33 - 2013-04-05 03:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 14:33 - 2013-04-05 03:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 14:33 - 2013-04-05 03:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 14:33 - 2013-04-05 02:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-15 14:33 - 2013-04-05 02:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-15 14:33 - 2013-04-05 02:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 14:33 - 2013-04-05 02:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-15 14:33 - 2013-04-05 02:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 14:33 - 2013-04-05 02:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-15 14:33 - 2013-04-05 02:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 14:33 - 2013-04-05 02:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 14:33 - 2013-04-05 02:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-15 14:33 - 2013-04-05 02:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 14:33 - 2013-04-05 00:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 14:33 - 2013-04-05 00:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 14:33 - 2013-04-05 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-15 14:33 - 2013-04-05 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 14:33 - 2013-04-05 00:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 14:33 - 2013-04-05 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-15 14:33 - 2013-04-04 23:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 14:33 - 2013-04-04 23:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 14:33 - 2013-04-04 23:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 14:33 - 2013-04-04 23:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-15 14:33 - 2013-04-04 23:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 14:33 - 2013-04-04 23:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 14:33 - 2013-04-04 23:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-15 14:33 - 2013-04-04 23:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 13:52 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 13:52 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 13:52 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 13:52 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 13:52 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 13:52 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 13:52 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 13:52 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 13:52 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 13:52 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 13:52 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 13:52 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 01:40 - 2013-05-15 01:40 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-15 01:40 - 2013-05-15 01:40 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-13 11:34 - 2013-05-13 12:28 - 00000000 ____D C:\Users\User\AppData\Local\mcpatcher
2013-05-13 11:19 - 2013-05-13 11:19 - 00000022 ____A C:\Users\User\Desktop\mc.txt
2013-05-13 11:17 - 2013-05-06 10:25 - 00263186 ____A C:\Users\User\Desktop\Minecraft.exe
2013-05-12 15:43 - 2013-05-12 15:43 - 00566048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-05-11 20:59 - 2013-05-11 20:59 - 00000000 ____D C:\Program Files\CyberGhost VPN
2013-05-11 20:59 - 2011-12-15 20:29 - 00031232 ____A (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2013-05-11 09:20 - 2013-05-11 09:20 - 00000000 ____D C:\Program Files\Logitech
2013-05-11 09:20 - 2013-05-11 09:20 - 00000000 ____D C:\Program Files (x86)\Logitech
2013-05-11 09:06 - 2013-05-11 09:19 - 00000000 ____D C:\Users\User\AppData\Local\Logitech
2013-05-01 15:21 - 2013-05-01 15:21 - 00000000 ____D C:\Users\User\Documents\My Cheat Tables
2013-05-01 10:02 - 2013-01-24 08:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-05-01 09:42 - 2013-05-01 09:42 - 00000228 ____A C:\Users\User\Desktop\Dead Island Riptide.url
==================== One Month Modified Files and Folders =======
2013-05-31 17:19 - 2013-05-31 17:19 - 00000000 ____D C:\FRST
2013-05-31 17:19 - 2012-06-05 20:47 - 00000000 ____D C:\Users\User\AppData\Roaming\NetSpeedMonitor
2013-05-31 17:19 - 2009-07-14 19:58 - 00696620 ____A C:\Windows\System32\perfh007.dat
2013-05-31 17:19 - 2009-07-14 19:58 - 00147916 ____A C:\Windows\System32\perfc007.dat
2013-05-31 17:19 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-31 17:18 - 2013-05-31 17:18 - 00004236 ____A C:\Users\User\Desktop\JRT.txt
2013-05-31 17:15 - 2013-05-31 17:15 - 00000000 ____D C:\Windows\ERUNT
2013-05-31 17:15 - 2013-05-31 17:15 - 00000000 ____D C:\JRT
2013-05-31 17:14 - 2013-05-31 17:14 - 00017709 ____A C:\Users\User\Desktop\AdwCleaner[S1].txt
2013-05-31 17:14 - 2012-04-24 18:27 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-05-31 17:14 - 2012-04-23 13:06 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-05-31 17:13 - 2013-02-21 14:00 - 00033103 ____A C:\Windows\setupact.log
2013-05-31 17:13 - 2012-04-23 12:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-31 17:13 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-31 17:12 - 2013-05-31 17:12 - 00017709 ____A C:\AdwCleaner[S1].txt
2013-05-31 17:12 - 2013-05-31 17:12 - 00000097 ____A C:\Windows\DeleteOnReboot.bat
2013-05-31 17:12 - 2012-04-23 11:38 - 01904996 ____A C:\Windows\WindowsUpdate.log
2013-05-31 17:11 - 2013-05-31 17:11 - 00000092 ____A C:\Users\User\Desktop\Belastung durch Viren vorhanden - - Trojaner-Board.url
2013-05-31 17:11 - 2013-05-31 17:10 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\User\Desktop\JRT.exe
2013-05-31 17:10 - 2013-05-31 17:10 - 01915980 ____A (Farbar) C:\Users\User\Desktop\FRST64.exe
2013-05-31 17:10 - 2013-05-31 17:10 - 00632031 ____A C:\Users\User\Desktop\adwcleaner.exe
2013-05-31 17:07 - 2013-05-31 09:37 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2013-05-31 17:00 - 2012-04-23 21:17 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1669887493-268872783-2900105303-1000UA.job
2013-05-31 16:55 - 2012-04-27 13:03 - 00000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2013-05-31 16:53 - 2012-04-23 15:11 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-31 15:43 - 2013-05-30 20:24 - 00000000 ____D C:\Users\User\Documents\dragoon
2013-05-31 14:24 - 2012-04-24 15:19 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2013-05-31 12:38 - 2009-07-14 06:45 - 00023568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-31 12:38 - 2009-07-14 06:45 - 00023568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-31 12:32 - 2013-05-31 12:32 - 00000000 ____D C:\ProgramData\Intel
2013-05-31 12:32 - 2013-05-31 12:32 - 00000000 ____D C:\Program Files\Intel
2013-05-31 12:32 - 2012-04-23 11:53 - 00000000 ____D C:\Program Files (x86)\Intel
2013-05-31 12:27 - 2013-05-31 12:27 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-05-31 12:27 - 2012-04-23 11:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-31 12:25 - 2013-02-26 08:34 - 00013562 ____A C:\Windows\PFRO.log
2013-05-31 12:15 - 2013-05-31 12:09 - 00000000 ____D C:\Users\User\Desktop\ordner der Hilfe
2013-05-31 12:04 - 2013-05-31 12:04 - 00000000 ____D C:\Users\User\AppData\Local\SlimWare Utilities Inc
2013-05-31 12:04 - 2013-05-31 12:04 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-05-31 11:34 - 2013-03-12 18:49 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-05-31 11:34 - 2012-04-24 09:17 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-05-30 21:00 - 2012-04-23 21:17 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1669887493-268872783-2900105303-1000Core.job
2013-05-30 20:18 - 2013-02-28 18:15 - 00162121 ____A C:\Windows\DirectX.log
2013-05-30 19:42 - 2013-05-30 19:42 - 00000000 ____D C:\ProgramData\Apple Computer
2013-05-30 18:09 - 2013-05-30 17:49 - 00000000 ____D C:\Users\User\.gimp-2.8
2013-05-30 18:08 - 2013-05-30 18:08 - 00002598 ____A C:\Users\User\AppData\Local\recently-used.xbel
2013-05-30 17:51 - 2013-05-30 17:51 - 00000000 ____D C:\Users\User\.thumbnails
2013-05-30 17:49 - 2013-05-30 17:49 - 00000000 ____D C:\Users\User\AppData\Local\gegl-0.2
2013-05-30 17:49 - 2013-05-30 17:48 - 00000000 ____D C:\Program Files\GIMP 2
2013-05-30 09:13 - 2012-04-24 09:14 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-05-29 11:04 - 2013-05-29 11:04 - 00364763 ____A (hxxp://magiclauncher.com) C:\Users\User\Desktop\MagicLauncher_1.1.4.exe
2013-05-29 09:47 - 2013-02-01 09:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-29 09:47 - 2012-04-24 18:27 - 00000000 ____D C:\ProgramData\Skype
2013-05-28 23:27 - 2013-05-28 23:27 - 00000784 ____A C:\Users\User\Desktop\Desktop - Verknüpfung.lnk
2013-05-28 23:26 - 2012-07-22 15:36 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2 OA
2013-05-28 20:54 - 2013-05-28 20:54 - 00000874 ____A C:\Users\User\Desktop\mc crap - Verknüpfung.lnk
2013-05-28 11:19 - 2009-07-14 06:45 - 04897912 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-27 14:31 - 2012-04-23 13:38 - 00059872 ____A C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 10:54 - 2013-01-16 18:08 - 00000000 ____D C:\Windows\Driver Cache
2013-05-27 10:50 - 2013-02-26 00:53 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2013-05-27 10:49 - 2013-05-25 21:40 - 00000000 ____D C:\Users\User\AppData\Local\LogMeIn Hamachi
2013-05-25 19:32 - 2012-10-20 18:41 - 00000000 ____D C:\Users\User\AppData\Local\PMB Files
2013-05-25 19:32 - 2012-10-20 18:41 - 00000000 ____D C:\ProgramData\PMB Files
2013-05-25 15:37 - 2013-05-25 15:37 - 00000797 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-05-25 10:04 - 2012-05-30 20:46 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-05-24 23:27 - 2013-05-24 23:27 - 00000000 ____D C:\Users\User\AppData\Roaming\NCSOFT
2013-05-24 23:27 - 2013-05-24 23:27 - 00000000 ____D C:\Users\User\AppData\Local\NCSOFT
2013-05-24 23:25 - 2013-05-24 23:25 - 03325440 ____A (NCSOFT) C:\Users\User\Desktop\Wildstar.exe
2013-05-23 18:28 - 2012-04-23 12:42 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-05-23 18:26 - 2013-01-08 16:38 - 00000000 ____D C:\Users\User\AppData\Local\NVIDIA
2013-05-23 17:37 - 2013-05-23 17:37 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
2013-05-23 17:24 - 2013-05-23 17:24 - 00000000 ____D C:\NVIDIA
2013-05-20 15:55 - 2012-10-28 12:07 - 00000000 ____D C:\Users\User\AppData\Roaming\Tunngle
2013-05-20 15:55 - 2012-10-28 12:07 - 00000000 ____D C:\ProgramData\Tunngle
2013-05-18 17:53 - 2013-05-18 17:53 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-18 17:53 - 2013-05-18 17:53 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-18 17:53 - 2013-05-18 17:53 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-18 17:53 - 2013-05-18 17:53 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-18 17:53 - 2013-05-18 17:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-18 17:53 - 2012-05-02 22:12 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-05-18 17:53 - 2012-05-02 22:12 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-05-18 17:46 - 2013-05-18 17:46 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-18 17:46 - 2013-05-18 17:46 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-18 17:46 - 2013-05-18 17:46 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-18 17:46 - 2013-05-18 17:46 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-18 17:46 - 2013-05-18 17:46 - 00000000 ____D C:\Program Files\Java
2013-05-18 17:46 - 2012-05-12 11:58 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-05-18 17:46 - 2012-05-12 11:58 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-05-18 13:20 - 2013-04-01 14:52 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-05-17 22:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-16 20:51 - 2012-04-23 14:42 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2013-05-16 20:06 - 2012-05-03 11:40 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-05-16 20:00 - 2013-05-16 19:59 - 00000000 ____D C:\Stormblade
2013-05-16 19:59 - 2013-05-16 19:59 - 00000244 ____A C:\Windows\ODBCINST.INI
2013-05-16 19:59 - 2013-05-16 19:59 - 00000000 ____D C:\Program Files (x86)\MySQL
2013-05-16 19:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2013-05-15 14:35 - 2012-04-23 14:55 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 13:53 - 2012-04-23 15:11 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 13:53 - 2012-04-23 15:11 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 01:40 - 2013-05-15 01:40 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-15 01:40 - 2013-05-15 01:40 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-13 12:28 - 2013-05-13 11:34 - 00000000 ____D C:\Users\User\AppData\Local\mcpatcher
2013-05-13 11:19 - 2013-05-13 11:19 - 00000022 ____A C:\Users\User\Desktop\mc.txt
2013-05-12 23:42 - 2013-05-23 17:27 - 27775776 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 21096736 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 15143904 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 13403168 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 12426216 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 11216160 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-05-12 23:42 - 2013-05-23 17:27 - 09233688 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 07682960 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 07641832 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 06324360 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 02942240 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 02754336 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 02363680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 02002720 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 01832224 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6432018.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 01511712 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432018.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 00550176 ____A (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 00518944 ____A (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 00443168 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 00421152 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-05-12 23:42 - 2013-05-23 17:26 - 25256224 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-05-12 23:42 - 2013-05-23 17:26 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-05-12 23:42 - 2012-10-10 21:22 - 02597344 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-05-12 23:42 - 2012-04-23 12:41 - 15910736 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-05-12 23:42 - 2012-04-23 12:41 - 02935696 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-05-12 23:42 - 2012-04-23 12:41 - 00020536 ____A C:\Windows\System32\nvinfo.pb
2013-05-12 22:34 - 2012-04-23 12:42 - 06491936 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-05-12 22:34 - 2012-04-23 12:42 - 03514656 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-05-12 22:34 - 2012-04-23 12:42 - 02555680 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-05-12 22:34 - 2012-04-23 12:42 - 00884512 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-05-12 22:34 - 2012-04-23 12:42 - 00237856 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-05-12 22:34 - 2012-04-23 12:42 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-05-12 18:48 - 2012-07-22 15:46 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2
2013-05-12 15:43 - 2013-05-12 15:43 - 00566048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-05-11 20:59 - 2013-05-11 20:59 - 00000000 ____D C:\Program Files\CyberGhost VPN
2013-05-11 09:20 - 2013-05-11 09:20 - 00000000 ____D C:\Program Files\Logitech
2013-05-11 09:20 - 2013-05-11 09:20 - 00000000 ____D C:\Program Files (x86)\Logitech
2013-05-11 09:20 - 2012-07-28 19:30 - 00000000 ____D C:\ProgramData\Logitech
2013-05-11 09:19 - 2013-05-11 09:06 - 00000000 ____D C:\Users\User\AppData\Local\Logitech
2013-05-06 10:25 - 2013-05-13 11:17 - 00263186 ____A C:\Users\User\Desktop\Minecraft.exe
2013-05-05 23:36 - 2013-05-15 14:33 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 23:16 - 2013-05-15 14:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 21:25 - 2013-05-15 14:33 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 21:12 - 2013-05-15 14:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-02 02:06 - 2012-04-24 09:23 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 16:18 - 2012-11-11 08:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-01 16:02 - 2013-03-09 13:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-01 15:21 - 2013-05-01 15:21 - 00000000 ____D C:\Users\User\Documents\My Cheat Tables
2013-05-01 09:42 - 2013-05-01 09:42 - 00000228 ____A C:\Users\User\Desktop\Dead Island Riptide.url
Other Malware:
===========
C:\ProgramData\hash.dat
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Last Boot: 2013-05-26 13:08
==================== End Of Log ============================
|
|
31.05.2013, 18:31
| #4 |
| /// the machine /// TB-Ausbilder | Belastung durch Viren vorhanden ? Hi, ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST Logfile.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2013, 18:04
| #5 |
| Gesperrt | Belastung durch Viren vorhanden ?Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2013 01
Ran by User (administrator) on 01-06-2013 18:59:08
Running from G:\Desktop 2\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
() G:\CPUCooL\CooLSrv.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\User\AppData\Local\Akamai\netsession_win.exe
() G:\RazerMaus\Gaming 3.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(SRWare) C:\SRWare Iron\iron.exe
(SRWare) C:\SRWare Iron\iron.exe
(SRWare) C:\SRWare Iron\iron.exe
(SRWare) C:\SRWare Iron\iron.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [615584 2011-03-01] (Atheros Communications)
HKLM\...\Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe" [379552 2011-03-01] (Atheros Commnucations)
HKLM\...\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" [415816 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE [4725320 2010-08-03] (Logitech Inc.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6548112 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORDTSUPTBT [1212560 2000-01-01] (Realtek Semiconductor)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\User\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-23] (Google Inc.)
HKCU\...\Run: [RGSC] G:\Program Files (x86)\Steam\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\RGSCLauncher.exe /silent [x]
MountPoints2: {1fe80fb0-20cb-11e2-9a5a-0026832f02e6} - L:\Setup.exe
MountPoints2: {9c93de7d-8a19-11e2-8550-0026832f02e6} - H:\setup.exe
HKLM-x32\...\Run: [NVR] C:\Program Files (x86)\NVR\NVR\MainConsole.exe [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Logitech G930] G:\Program Files (x86)\Logitech 930\G930.exe [x]
HKLM-x32\...\Run: [Gaming 3] "G:\RazerMaus\Gaming 3.exe" /hide [x]
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] "G:\Games\hamachi-2-ui.exe" --auto-start [x]
AppInit_DLLs: ,G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured.dll,G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured.dll ,G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured_x64.dll,G:\Games\Sopho2\Sophos Anti-Virus\sophos_detoured_x64.dll [97280 2009-07-14] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
PDF: HKLM-x32 {1384A8DE-7296-49DA-B7F8-8A9A5984BE52} hxxp://192.168.178.30/AxRTSP.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pqxy4g0i.default
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - G:\Games\Videos LV\VLC\npvlc.dll No File
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: hxxp://www.delta-search.com/?affID=119816&tt=gc_150213_lnkry&babsrc=HP_ss&mntrId=5C7100FFB64FB84C
CHR RestoreOnStartup: "hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=DE&userid=8bb30316-d6a9-4fe0-a4c9-a482ba046337&searchtype=hp&installDate=05/04/2013"
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-05-09] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-05-12] ()
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
R2 CPUCooLServer; G:\CPUCooL\CooLSrv.exe [743936 2011-12-01] ()
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2000-01-01] (DTS)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4687672 2012-05-15] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-12] ()
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [746392 2013-03-20] (Tunngle.net GmbH)
S2 AVerUpdateServer; "C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe" [x]
S2 Hamachi2Svc; G:\Games\hamachi-2.exe -s [x]
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [131232 2013-05-09] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2013-02-18] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [270824 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025808 2013-05-09] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378432 2013-05-09] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-05-09] ()
S3 AVer330; C:\Windows\System32\DRIVERS\AVer330.sys [2271360 2012-08-09] (AVerMedia TECHNOLOGIES, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-11] (DT Soft Ltd)
S3 LADF_BakerCOnly; C:\Windows\System32\DRIVERS\ladfBakerCamd64.sys [410184 2011-03-18] (Logitech)
S3 LADF_BakerROnly; C:\Windows\System32\DRIVERS\ladfBakerRamd64.sys [335688 2011-03-18] (Logitech)
R1 ntiopnp; C:\Windows\System32\Drivers\ntiopnp.sys [19544 2010-11-11] ()
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [21504 2012-06-18] (Razer USA Ltd)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-01 18:58 - 2013-06-01 18:58 - 00001034 ____A C:\Users\User\Desktop\checkup.txt
2013-06-01 18:55 - 2013-06-01 18:55 - 00890839 ____A C:\Users\User\Desktop\SecurityCheck.exe
2013-06-01 17:44 - 2013-06-01 17:44 - 307874755 ____A C:\Users\User\Downloads\RealL.rar
2013-06-01 17:38 - 2013-06-01 17:47 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2013-06-01 17:27 - 2013-06-01 17:28 - 83052860 ____A C:\Users\User\Downloads\Extreme realism (dark) 256x.zip
2013-06-01 17:26 - 2013-06-01 17:28 - 149271645 ____A C:\Users\User\Downloads\terrain 1024x dark.rar
2013-06-01 16:13 - 2013-06-01 16:16 - 00009534 ____A C:\Windows\IE10_main.log
2013-06-01 16:04 - 2013-06-01 16:04 - 02347384 ____A (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2013-06-01 16:04 - 2013-06-01 16:04 - 00001034 ____A C:\Users\User\Desktop\Neues Textdokument.txt
2013-05-31 17:19 - 2013-05-31 17:19 - 00000000 ____D C:\FRST
2013-05-31 17:15 - 2013-05-31 17:15 - 00000000 ____D C:\Windows\ERUNT
2013-05-31 17:15 - 2013-05-31 17:15 - 00000000 ____D C:\JRT
2013-05-31 17:12 - 2013-05-31 17:12 - 00017709 ____A C:\AdwCleaner[S1].txt
2013-05-31 17:12 - 2013-05-31 17:12 - 00000097 ____A C:\Windows\DeleteOnReboot.bat
2013-05-31 17:11 - 2013-05-31 17:11 - 00000092 ____A C:\Users\User\Desktop\Belastung durch Viren vorhanden - - Trojaner-Board.url
2013-05-31 12:32 - 2013-05-31 12:32 - 00000000 ____D C:\ProgramData\Intel
2013-05-31 12:32 - 2013-05-31 12:32 - 00000000 ____D C:\Program Files\Intel
2013-05-31 12:32 - 2000-01-01 02:00 - 00062784 ____A (Intel Corporation) C:\Windows\System32\Drivers\HECIx64.sys
2013-05-31 12:27 - 2013-05-31 12:27 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-05-31 12:27 - 2000-01-01 02:00 - 08363864 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 07163744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 05096448 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes64.dat
2013-05-31 12:27 - 2000-01-01 02:00 - 04065296 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHD64.sys
2013-05-31 12:27 - 2000-01-01 02:00 - 03615888 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 02674320 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtPgEx64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 02605400 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 02533952 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 02131288 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 01756264 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 01568360 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 01560168 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSnMg64.cpl
2013-05-31 12:27 - 2000-01-01 02:00 - 01486952 ____A (DTS) C:\Windows\System32\DTSBoostDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 01361336 ____A (TOSHIBA Corporation) C:\Windows\System32\tosade.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 01345368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek264.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 01262696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTCOM64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 01015640 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00869520 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApi64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00836544 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo264.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00728680 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00712296 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00693352 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00603984 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00537456 ____A (DTS) C:\Windows\System32\DTSU2PLFX64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00524656 ____A (DTS) C:\Windows\System32\DTSU2PGFX64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00518896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSX64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00491112 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00449392 ____A (DTS) C:\Windows\System32\DTSU2PREC64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00433504 ____A (Dolby Laboratories) C:\Windows\System32\R4EED64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00432744 ____A (DTS) C:\Windows\System32\DTSLimiterDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00428648 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00396632 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00375128 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00341336 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00331880 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtlCPAPI64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00318808 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00310104 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT
2013-05-31 12:27 - 2000-01-01 02:00 - 00242792 ____A (DTS) C:\Windows\System32\DTSLFXAPO64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00242792 ____A (DTS) C:\Windows\System32\DTSGFXAPO64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00241768 ____A (DTS) C:\Windows\System32\DTSGFXAPONS64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00221024 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00220776 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00211184 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSH64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00204120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00202336 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAC64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00198896 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00155888 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00149608 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCfg64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00148416 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00141152 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00123744 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00108640 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTAR64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00105616 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoInstII64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00101208 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00081248 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00078688 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00074592 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG64A.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00074064 ____A (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00065944 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\tepeqapo64.dll
2013-05-31 12:27 - 2000-01-01 02:00 - 00014952 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR64.dll
2013-05-31 12:09 - 2013-05-31 12:15 - 00000000 ____D C:\Users\User\Desktop\ordner der Hilfe
2013-05-31 12:04 - 2013-05-31 12:04 - 00000000 ____D C:\Users\User\AppData\Local\SlimWare Utilities Inc
2013-05-31 12:04 - 2013-05-31 12:04 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-05-30 20:24 - 2013-05-31 15:43 - 00000000 ____D C:\Users\User\Documents\dragoon
2013-05-30 18:08 - 2013-05-30 18:08 - 00002598 ____A C:\Users\User\AppData\Local\recently-used.xbel
2013-05-30 17:51 - 2013-05-30 17:51 - 00000000 ____D C:\Users\User\.thumbnails
2013-05-30 17:49 - 2013-05-30 18:09 - 00000000 ____D C:\Users\User\.gimp-2.8
2013-05-30 17:49 - 2013-05-30 17:49 - 00000000 ____D C:\Users\User\AppData\Local\gegl-0.2
2013-05-30 17:48 - 2013-05-30 17:49 - 00000000 ____D C:\Program Files\GIMP 2
2013-05-29 11:04 - 2013-05-29 11:04 - 00364763 ____A (hxxp://magiclauncher.com) C:\Users\User\Desktop\MagicLauncher_1.1.4.exe
2013-05-28 23:27 - 2013-05-28 23:27 - 00000784 ____A C:\Users\User\Desktop\Desktop - Verknüpfung.lnk
2013-05-28 20:54 - 2013-05-28 20:54 - 00000874 ____A C:\Users\User\Desktop\mc crap - Verknüpfung.lnk
2013-05-26 21:57 - 2010-11-20 15:25 - 00257024 ____A (Microsoft Corporation) C:\Users\User\Desktop\taskmgr.exe
2013-05-25 21:40 - 2013-05-27 10:49 - 00000000 ____D C:\Users\User\AppData\Local\LogMeIn Hamachi
2013-05-25 19:40 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-25 19:40 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-25 15:37 - 2013-05-25 15:37 - 00000797 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-05-24 23:27 - 2013-05-24 23:27 - 00000000 ____D C:\Users\User\AppData\Roaming\NCSOFT
2013-05-24 23:27 - 2013-05-24 23:27 - 00000000 ____D C:\Users\User\AppData\Local\NCSOFT
2013-05-24 23:25 - 2013-05-24 23:25 - 03325440 ____A (NCSOFT) C:\Users\User\Desktop\Wildstar.exe
2013-05-23 17:37 - 2013-05-23 17:37 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
2013-05-23 17:27 - 2013-05-12 23:42 - 27775776 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 21096736 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 15143904 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 13403168 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 12426216 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 11216160 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-05-23 17:27 - 2013-05-12 23:42 - 09233688 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 07682960 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 07641832 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 06324360 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 02942240 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 02754336 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 02363680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 02002720 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 01832224 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6432018.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 01511712 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432018.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 00550176 ____A (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 00518944 ____A (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 00443168 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-05-23 17:27 - 2013-05-12 23:42 - 00421152 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-05-23 17:27 - 2013-02-25 07:27 - 00194848 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2013-05-23 17:27 - 2013-02-25 07:27 - 00031520 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2013-05-23 17:26 - 2013-05-12 23:42 - 25256224 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-05-23 17:26 - 2013-05-12 23:42 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-05-23 17:24 - 2013-05-23 17:24 - 00000000 ____D C:\NVIDIA
2013-05-18 17:59 - 2013-03-19 17:59 - 00000032 ___RA C:\ProgramData\hash.dat
2013-05-18 17:53 - 2013-05-18 17:53 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-18 17:53 - 2013-05-18 17:53 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-18 17:53 - 2013-05-18 17:53 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-18 17:53 - 2013-05-18 17:53 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-18 17:53 - 2013-05-18 17:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-18 17:46 - 2013-05-18 17:46 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-18 17:46 - 2013-05-18 17:46 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-18 17:46 - 2013-05-18 17:46 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-18 17:46 - 2013-05-18 17:46 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-18 17:46 - 2013-05-18 17:46 - 00000000 ____D C:\Program Files\Java
2013-05-16 19:59 - 2013-05-16 20:00 - 00000000 ____D C:\Stormblade
2013-05-16 19:59 - 2013-05-16 19:59 - 00000244 ____A C:\Windows\ODBCINST.INI
2013-05-16 19:59 - 2013-05-16 19:59 - 00000000 ____D C:\Program Files (x86)\MySQL
2013-05-16 19:59 - 2010-12-11 11:47 - 00231936 ____A (Tools & Components) C:\Windows\SysWOW64\sevXPCtl.ocx
2013-05-16 19:59 - 2010-12-05 14:15 - 00370176 ____A (Tools & Components) C:\Windows\SysWOW64\sevDataGrid2.ocx
2013-05-16 19:59 - 2010-10-08 07:49 - 00294400 ____A (Tools & Components) C:\Windows\SysWOW64\sevEin20.ocx
2013-05-16 19:59 - 2010-04-11 11:33 - 00117248 ____A (Tools & Components) C:\Windows\SysWOW64\sevClb20.ocx
2013-05-16 19:59 - 2010-02-21 13:34 - 00141824 ____A (Tools & Components) C:\Windows\SysWOW64\sevCmd3.ocx
2013-05-16 19:59 - 2009-12-03 12:21 - 00125712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2013-05-16 19:59 - 2006-10-07 13:04 - 00062976 ____A (Tools & Components) C:\Windows\SysWOW64\sevList32.ocx
2013-05-15 14:33 - 2013-05-05 23:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 14:33 - 2013-05-05 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 14:33 - 2013-05-05 21:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 14:33 - 2013-05-05 21:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 14:33 - 2013-04-05 03:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 14:33 - 2013-04-05 03:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 14:33 - 2013-04-05 03:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 14:33 - 2013-04-05 03:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 14:33 - 2013-04-05 02:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-15 14:33 - 2013-04-05 02:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-15 14:33 - 2013-04-05 02:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 14:33 - 2013-04-05 02:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-15 14:33 - 2013-04-05 02:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 14:33 - 2013-04-05 02:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-15 14:33 - 2013-04-05 02:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 14:33 - 2013-04-05 02:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 14:33 - 2013-04-05 02:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-15 14:33 - 2013-04-05 02:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 14:33 - 2013-04-05 00:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 14:33 - 2013-04-05 00:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 14:33 - 2013-04-05 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-15 14:33 - 2013-04-05 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 14:33 - 2013-04-05 00:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 14:33 - 2013-04-05 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-15 14:33 - 2013-04-04 23:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 14:33 - 2013-04-04 23:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 14:33 - 2013-04-04 23:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 14:33 - 2013-04-04 23:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-15 14:33 - 2013-04-04 23:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 14:33 - 2013-04-04 23:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 14:33 - 2013-04-04 23:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-15 14:33 - 2013-04-04 23:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 13:52 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 13:52 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 13:52 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 13:52 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 13:52 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 13:52 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 13:52 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 13:52 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 13:52 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 13:52 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 13:52 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 13:52 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 01:40 - 2013-05-15 01:40 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-15 01:40 - 2013-05-15 01:40 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-13 11:34 - 2013-05-13 12:28 - 00000000 ____D C:\Users\User\AppData\Local\mcpatcher
2013-05-13 11:19 - 2013-05-13 11:19 - 00000022 ____A C:\Users\User\Desktop\mc.txt
2013-05-13 11:17 - 2013-05-06 10:25 - 00263186 ____A C:\Users\User\Desktop\Minecraft.exe
2013-05-12 15:43 - 2013-05-12 15:43 - 00566048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-05-11 20:59 - 2013-05-11 20:59 - 00000000 ____D C:\Program Files\CyberGhost VPN
2013-05-11 20:59 - 2011-12-15 20:29 - 00031232 ____A (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2013-05-11 09:20 - 2013-05-11 09:20 - 00000000 ____D C:\Program Files\Logitech
2013-05-11 09:20 - 2013-05-11 09:20 - 00000000 ____D C:\Program Files (x86)\Logitech
2013-05-11 09:06 - 2013-05-11 09:19 - 00000000 ____D C:\Users\User\AppData\Local\Logitech
==================== One Month Modified Files and Folders =======
2013-06-01 18:58 - 2013-06-01 18:58 - 00001034 ____A C:\Users\User\Desktop\checkup.txt
2013-06-01 18:58 - 2012-06-05 20:47 - 00000000 ____D C:\Users\User\AppData\Roaming\NetSpeedMonitor
2013-06-01 18:55 - 2013-06-01 18:55 - 00890839 ____A C:\Users\User\Desktop\SecurityCheck.exe
2013-06-01 18:53 - 2012-04-23 15:11 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-01 18:02 - 2012-04-27 13:03 - 00000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2013-06-01 18:02 - 2012-04-24 18:27 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-06-01 18:00 - 2012-04-23 21:17 - 00001116 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1669887493-268872783-2900105303-1000UA.job
2013-06-01 17:47 - 2013-06-01 17:38 - 00000000 ____D C:\Users\User\AppData\Roaming\.minecraft
2013-06-01 17:44 - 2013-06-01 17:44 - 307874755 ____A C:\Users\User\Downloads\RealL.rar
2013-06-01 17:28 - 2013-06-01 17:27 - 83052860 ____A C:\Users\User\Downloads\Extreme realism (dark) 256x.zip
2013-06-01 17:28 - 2013-06-01 17:26 - 149271645 ____A C:\Users\User\Downloads\terrain 1024x dark.rar
2013-06-01 17:14 - 2012-04-23 11:38 - 01970612 ____A C:\Windows\WindowsUpdate.log
2013-06-01 16:16 - 2013-06-01 16:13 - 00009534 ____A C:\Windows\IE10_main.log
2013-06-01 16:04 - 2013-06-01 16:04 - 02347384 ____A (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2013-06-01 16:04 - 2013-06-01 16:04 - 00001034 ____A C:\Users\User\Desktop\Neues Textdokument.txt
2013-06-01 09:09 - 2012-04-23 13:06 - 00000035 ____A C:\Users\Public\Documents\AtherosServiceConfig.ini
2013-06-01 09:04 - 2009-07-14 06:45 - 00023568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-01 09:04 - 2009-07-14 06:45 - 00023568 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-01 09:01 - 2009-07-14 19:58 - 00696620 ____A C:\Windows\System32\perfh007.dat
2013-06-01 09:01 - 2009-07-14 19:58 - 00147916 ____A C:\Windows\System32\perfc007.dat
2013-06-01 09:01 - 2009-07-14 07:13 - 01612484 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-01 08:57 - 2013-02-21 14:00 - 00033327 ____A C:\Windows\setupact.log
2013-06-01 08:57 - 2012-04-23 12:42 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-01 08:57 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-31 21:00 - 2012-04-23 21:17 - 00001064 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1669887493-268872783-2900105303-1000Core.job
2013-05-31 17:19 - 2013-05-31 17:19 - 00000000 ____D C:\FRST
2013-05-31 17:15 - 2013-05-31 17:15 - 00000000 ____D C:\Windows\ERUNT
2013-05-31 17:15 - 2013-05-31 17:15 - 00000000 ____D C:\JRT
2013-05-31 17:12 - 2013-05-31 17:12 - 00017709 ____A C:\AdwCleaner[S1].txt
2013-05-31 17:12 - 2013-05-31 17:12 - 00000097 ____A C:\Windows\DeleteOnReboot.bat
2013-05-31 17:11 - 2013-05-31 17:11 - 00000092 ____A C:\Users\User\Desktop\Belastung durch Viren vorhanden - - Trojaner-Board.url
2013-05-31 15:43 - 2013-05-30 20:24 - 00000000 ____D C:\Users\User\Documents\dragoon
2013-05-31 14:24 - 2012-04-24 15:19 - 00000000 ____D C:\Users\User\AppData\Local\CrashDumps
2013-05-31 12:32 - 2013-05-31 12:32 - 00000000 ____D C:\ProgramData\Intel
2013-05-31 12:32 - 2013-05-31 12:32 - 00000000 ____D C:\Program Files\Intel
2013-05-31 12:32 - 2012-04-23 11:53 - 00000000 ____D C:\Program Files (x86)\Intel
2013-05-31 12:27 - 2013-05-31 12:27 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-05-31 12:27 - 2012-04-23 11:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-05-31 12:25 - 2013-02-26 08:34 - 00013562 ____A C:\Windows\PFRO.log
2013-05-31 12:15 - 2013-05-31 12:09 - 00000000 ____D C:\Users\User\Desktop\ordner der Hilfe
2013-05-31 12:04 - 2013-05-31 12:04 - 00000000 ____D C:\Users\User\AppData\Local\SlimWare Utilities Inc
2013-05-31 12:04 - 2013-05-31 12:04 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2013-05-31 11:34 - 2013-03-12 18:49 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-05-31 11:34 - 2012-04-24 09:17 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-05-30 20:18 - 2013-02-28 18:15 - 00162121 ____A C:\Windows\DirectX.log
2013-05-30 18:09 - 2013-05-30 17:49 - 00000000 ____D C:\Users\User\.gimp-2.8
2013-05-30 18:08 - 2013-05-30 18:08 - 00002598 ____A C:\Users\User\AppData\Local\recently-used.xbel
2013-05-30 17:51 - 2013-05-30 17:51 - 00000000 ____D C:\Users\User\.thumbnails
2013-05-30 17:49 - 2013-05-30 17:49 - 00000000 ____D C:\Users\User\AppData\Local\gegl-0.2
2013-05-30 17:49 - 2013-05-30 17:48 - 00000000 ____D C:\Program Files\GIMP 2
2013-05-30 09:13 - 2012-04-24 09:14 - 00291088 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-05-29 11:04 - 2013-05-29 11:04 - 00364763 ____A (hxxp://magiclauncher.com) C:\Users\User\Desktop\MagicLauncher_1.1.4.exe
2013-05-29 09:47 - 2013-02-01 09:56 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-29 09:47 - 2012-04-24 18:27 - 00000000 ____D C:\ProgramData\Skype
2013-05-28 23:27 - 2013-05-28 23:27 - 00000784 ____A C:\Users\User\Desktop\Desktop - Verknüpfung.lnk
2013-05-28 23:26 - 2012-07-22 15:36 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2 OA
2013-05-28 20:54 - 2013-05-28 20:54 - 00000874 ____A C:\Users\User\Desktop\mc crap - Verknüpfung.lnk
2013-05-28 11:19 - 2009-07-14 06:45 - 04897912 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-27 14:31 - 2012-04-23 13:38 - 00059872 ____A C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-27 10:54 - 2013-01-16 18:08 - 00000000 ____D C:\Windows\Driver Cache
2013-05-27 10:50 - 2013-02-26 00:53 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2013-05-27 10:49 - 2013-05-25 21:40 - 00000000 ____D C:\Users\User\AppData\Local\LogMeIn Hamachi
2013-05-25 19:32 - 2012-10-20 18:41 - 00000000 ____D C:\Users\User\AppData\Local\PMB Files
2013-05-25 19:32 - 2012-10-20 18:41 - 00000000 ____D C:\ProgramData\PMB Files
2013-05-25 15:37 - 2013-05-25 15:37 - 00000797 ____A C:\Users\Public\Desktop\League of Legends spielen .lnk
2013-05-25 10:04 - 2012-05-30 20:46 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-05-24 23:27 - 2013-05-24 23:27 - 00000000 ____D C:\Users\User\AppData\Roaming\NCSOFT
2013-05-24 23:27 - 2013-05-24 23:27 - 00000000 ____D C:\Users\User\AppData\Local\NCSOFT
2013-05-24 23:25 - 2013-05-24 23:25 - 03325440 ____A (NCSOFT) C:\Users\User\Desktop\Wildstar.exe
2013-05-23 18:28 - 2012-04-23 12:42 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-05-23 18:26 - 2013-01-08 16:38 - 00000000 ____D C:\Users\User\AppData\Local\NVIDIA
2013-05-23 17:37 - 2013-05-23 17:37 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\CrashDumps
2013-05-23 17:24 - 2013-05-23 17:24 - 00000000 ____D C:\NVIDIA
2013-05-20 15:55 - 2012-10-28 12:07 - 00000000 ____D C:\Users\User\AppData\Roaming\Tunngle
2013-05-20 15:55 - 2012-10-28 12:07 - 00000000 ____D C:\ProgramData\Tunngle
2013-05-18 17:53 - 2013-05-18 17:53 - 00263584 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-05-18 17:53 - 2013-05-18 17:53 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-05-18 17:53 - 2013-05-18 17:53 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-05-18 17:53 - 2013-05-18 17:53 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-05-18 17:53 - 2013-05-18 17:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-05-18 17:53 - 2012-05-02 22:12 - 00866720 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-05-18 17:53 - 2012-05-02 22:12 - 00788896 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-05-18 17:46 - 2013-05-18 17:46 - 00311200 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2013-05-18 17:46 - 2013-05-18 17:46 - 00188832 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-05-18 17:46 - 2013-05-18 17:46 - 00188320 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-05-18 17:46 - 2013-05-18 17:46 - 00108448 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-18 17:46 - 2013-05-18 17:46 - 00000000 ____D C:\Program Files\Java
2013-05-18 17:46 - 2012-05-12 11:58 - 01092512 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2013-05-18 17:46 - 2012-05-12 11:58 - 00971680 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2013-05-18 13:20 - 2013-04-01 14:52 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2013-05-17 22:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-16 20:51 - 2012-04-23 14:42 - 00000000 ____D C:\Users\User\AppData\Local\Deployment
2013-05-16 20:06 - 2012-05-03 11:40 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2013-05-16 20:00 - 2013-05-16 19:59 - 00000000 ____D C:\Stormblade
2013-05-16 19:59 - 2013-05-16 19:59 - 00000244 ____A C:\Windows\ODBCINST.INI
2013-05-16 19:59 - 2013-05-16 19:59 - 00000000 ____D C:\Program Files (x86)\MySQL
2013-05-16 19:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2013-05-15 14:35 - 2012-04-23 14:55 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 13:53 - 2012-04-23 15:11 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 13:53 - 2012-04-23 15:11 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 01:40 - 2013-05-15 01:40 - 00000000 ____D C:\Windows\SysWOW64\searchplugins
2013-05-15 01:40 - 2013-05-15 01:40 - 00000000 ____D C:\Windows\SysWOW64\Extensions
2013-05-13 12:28 - 2013-05-13 11:34 - 00000000 ____D C:\Users\User\AppData\Local\mcpatcher
2013-05-13 11:19 - 2013-05-13 11:19 - 00000022 ____A C:\Users\User\Desktop\mc.txt
2013-05-12 23:42 - 2013-05-23 17:27 - 27775776 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 21096736 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 15143904 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 13403168 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 12426216 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 11216160 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2013-05-12 23:42 - 2013-05-23 17:27 - 09233688 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 07682960 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 07641832 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 06324360 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 02942240 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 02754336 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 02363680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 02002720 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 01832224 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6432018.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 01511712 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432018.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 00550176 ____A (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 00518944 ____A (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 00443168 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-05-12 23:42 - 2013-05-23 17:27 - 00421152 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-05-12 23:42 - 2013-05-23 17:26 - 25256224 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2013-05-12 23:42 - 2013-05-23 17:26 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-05-12 23:42 - 2012-10-10 21:22 - 02597344 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-05-12 23:42 - 2012-04-23 12:41 - 15910736 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2013-05-12 23:42 - 2012-04-23 12:41 - 02935696 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2013-05-12 23:42 - 2012-04-23 12:41 - 00020536 ____A C:\Windows\System32\nvinfo.pb
2013-05-12 22:34 - 2012-04-23 12:42 - 06491936 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2013-05-12 22:34 - 2012-04-23 12:42 - 03514656 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2013-05-12 22:34 - 2012-04-23 12:42 - 02555680 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2013-05-12 22:34 - 2012-04-23 12:42 - 00884512 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2013-05-12 22:34 - 2012-04-23 12:42 - 00237856 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2013-05-12 22:34 - 2012-04-23 12:42 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2013-05-12 18:48 - 2012-07-22 15:46 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2
2013-05-12 15:43 - 2013-05-12 15:43 - 00566048 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2013-05-11 20:59 - 2013-05-11 20:59 - 00000000 ____D C:\Program Files\CyberGhost VPN
2013-05-11 09:20 - 2013-05-11 09:20 - 00000000 ____D C:\Program Files\Logitech
2013-05-11 09:20 - 2013-05-11 09:20 - 00000000 ____D C:\Program Files (x86)\Logitech
2013-05-11 09:20 - 2012-07-28 19:30 - 00000000 ____D C:\ProgramData\Logitech
2013-05-11 09:19 - 2013-05-11 09:06 - 00000000 ____D C:\Users\User\AppData\Local\Logitech
2013-05-09 10:59 - 2013-04-01 16:07 - 01025808 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-05-09 10:59 - 2013-04-01 16:07 - 00378432 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-05-09 10:59 - 2013-04-01 16:07 - 00270824 ____A (AVAST Software) C:\Windows\System32\Drivers\aswNdis2.sys
2013-05-09 10:59 - 2013-04-01 16:07 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-05-09 10:59 - 2013-04-01 16:07 - 00131232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFW.sys
2013-05-09 10:59 - 2013-04-01 16:07 - 00080816 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2013-05-09 10:59 - 2013-04-01 16:07 - 00072016 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2013-05-09 10:59 - 2013-04-01 16:07 - 00065336 ____A C:\Windows\System32\Drivers\aswRvrt.sys
2013-05-09 10:59 - 2013-04-01 16:07 - 00064288 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2013-05-09 10:59 - 2013-04-01 16:07 - 00033400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2013-05-09 10:59 - 2013-04-01 16:07 - 00022600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswKbd.sys
2013-05-09 10:58 - 2013-04-01 16:07 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr
2013-05-09 10:58 - 2013-04-01 14:52 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2013-05-06 10:25 - 2013-05-13 11:17 - 00263186 ____A C:\Users\User\Desktop\Minecraft.exe
2013-05-05 23:36 - 2013-05-15 14:33 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 23:16 - 2013-05-15 14:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 21:25 - 2013-05-15 14:33 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 21:12 - 2013-05-15 14:33 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-02 02:06 - 2012-04-24 09:23 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
Other Malware:
===========
C:\ProgramData\hash.dat
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Last Boot: 2013-05-26 13:08
==================== End Of Log ============================
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a8e1613be2b1cb4d942204d7f5ee4bab
# engine=13969
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-01 04:52:52
# local_time=2013-06-01 06:52:52 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 83 94 1229518 146819044 0 0
# compatibility_mode=5893 16776573 100 94 62912 121735422 0 0
# scanned=547639
# found=4
# cleaned=0
# scan_time=9863
sh=1701BD331400ECAC309FA5B793481CCE87FF93CC ft=1 fh=bc4ada3794bb9b2e vn="probably unknown NewHeur_PE virus" ac=I fn="C:\Stormblade\launcher.exe"
sh=16C8B78109D7950E3494FB3265325B9CAE5B87B6 ft=1 fh=2478213aaf05656c vn="probably unknown NewHeur_PE virus" ac=I fn="C:\Stormblade\updater.exe"
sh=EBCA02174831FCD758DCCCB5EF4937DD370485D5 ft=1 fh=2098c93e421afd41 vn="Win32/Adware.AddLyrics.F application" ac=I fn="C:\Users\User\AppData\Local\Temp\LyricsPal.exe"
sh=DA602313EC344E31F340105C29DF699267F73B84 ft=1 fh=34999f3f19837452 vn="multiple threats" ac=I fn="C:\Users\User\AppData\Local\Temp\toolbar207066086.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.64
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
avast! Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
CCleaner Business
CCleaner Professional
JavaFX 2.1.1
Java 7 Update 21
Adobe Flash Player 11.7.700.202
Adobe Reader XI
Mozilla Firefox 20.0.1 Firefox out of Date!
Google Chrome 26.0.1410.64
Google Chrome 27.0.1453.94
Google Chrome proxtube.crx..
Google Chrome __MACOSX...
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
01.06.2013, 18:13
| #6 |
| /// the machine /// TB-Ausbilder | Belastung durch Viren vorhanden ? Firefox updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Noch Probleme mit dem Rechner?
__________________ --> Belastung durch Viren vorhanden ? |
|
02.06.2013, 09:48
| #7 |
| Gesperrt | Belastung durch Viren vorhanden ? Öh nein , danke!Aber hätte noch eine Frage zu den gefundenen Viren... wurden die gleichzeitig auch entfernt oder kann ich sie jetzt auch manuell entfernen, indem in den Ordner lösche indem sie stecken ? |
|
02.06.2013, 09:59
| #8 |
| /// the machine /// TB-Ausbilder | Belastung durch Viren vorhanden ? 2 waren Fehlalarme, 2 wurden durch TFC entfernt . Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob/Kritik loswerden möchtest: http://www.trojaner-board.de/lob-kritik-wuensche/ Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.06.2013, 11:03
| #9 |
| Gesperrt | Belastung durch Viren vorhanden ? Passt alles, danke Alles aktuell, AntiMalware hat was (1) gefunden und wurde gelöscht. Soweit dürfte alles rein sein - danke schön! |
|
04.06.2013, 12:29
| #10 |
| /// the machine /// TB-Ausbilder | Belastung durch Viren vorhanden ? Büdde
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Belastung durch Viren vorhanden ? |
| adobe reader xi, akamai, autorun, avira, battle.net, black, checkliste, converter, error, fehler, flash player, format, google, grand theft auto, homepage, install.exe, logfile, msvcrt, ntdll.dll, ntopenkeyex, origin, plug-in, realtek, registry, scan, security, software, svchost.exe, teamspeak, tracker, uplay, viren, win32/adware.addlyrics.f, windows |
Linear-Darstellung
