Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 28.05.2014, 18:47   #1
cobolo
 
PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt - Beitrag

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt



Hallo Zusammen,

ich habe das Gefühl, dass mein PC momentan sehr langsam läuft. Programme öffnen sich langsamer, der PC freezt bei Spielen häufiger. Ich nutze Kaspersky Internet Security 2014. Zur Sicherheit wollte ich mal die Experten um Rat bitten.

Ich hoffe, alle benötigten Log Datein angehängt zu haben. Habe mich an die 8 Goldenen Regeln gehalten.

Ich kann hier nur die FRST und defogger Logs posten, es sind leider über 250k Zeichen, alle Datein sind in einer .zip angehängt.

Danke !

defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:20 on 28/05/2014 (ciipresshilll)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by ciipresshilll (administrator) on R280 on 28-05-2014 16:34:57
Running from C:\Users\ciipresshilll\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Drakonia Black\hid.exe
() C:\Program Files (x86)\Drakonia Black\trayicon.exe
(Advanced Micro Devices Inc.) D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\MOM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(ATI Technologies Inc.) D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\CCC.exe
(Nullsoft, Inc.) D:\P R O G R A M M E\Winamp\winamp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Black\hid.exe [247296 2013-06-26] ()
HKLM-x32\...\Run: [StartCCC] => D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-10] (Microsoft Corporation)
HKU\S-1-5-21-1425884379-3831331695-1035041748-1000\...\MountPoints2: {539912cd-787e-11e3-b536-806e6f6e6963} - E:\ASRSetup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x28AFC960B10CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default
FF Homepage: https://www.google.de/?gfe_rd=ctrl&ei=me0SU57UHMGK8QfmgoD4Dw&gws_rd=cr
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 - D:\P R O G R A M M E\vlc\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-04-03]
FF Extension: The Fox, Only Better - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\thefoxonlybetter@quicksaver.xpi [2014-05-24]
FF Extension: Adblock Plus - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-02]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-16]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-01-11] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-07] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-16] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-16] (Kaspersky Lab ZAO)
S3 RTCore64; D:\P R O G R A M M E\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 cpuz136; \??\C:\Users\CIIPRE~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 cpuz137; \??\C:\Users\CIIPRE~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-28 16:34 - 2014-05-28 16:35 - 00012389 _____ () C:\Users\ciipresshilll\Desktop\FRST.txt
2014-05-28 16:23 - 2014-05-28 16:34 - 00000000 ____D () C:\FRST
2014-05-28 16:20 - 2014-05-28 16:20 - 00000488 _____ () C:\Users\ciipresshilll\Desktop\defogger_disable.log
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 _____ () C:\Users\ciipresshilll\defogger_reenable
2014-05-28 16:19 - 2014-05-28 16:19 - 02066944 _____ (Farbar) C:\Users\ciipresshilll\Desktop\FRST64.exe
2014-05-28 16:19 - 2014-05-28 16:19 - 00380416 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.exe
2014-05-28 16:18 - 2014-05-28 16:19 - 00050477 _____ () C:\Users\ciipresshilll\Desktop\Defogger.exe
2014-05-27 21:11 - 2014-05-27 21:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-27 17:32 - 2014-05-27 17:32 - 00018587 _____ () C:\Windows\DirectX.log
2014-05-27 17:32 - 2014-05-27 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-27 17:15 - 2014-05-27 17:15 - 00018284 _____ () C:\Users\ciipresshilll\Documents\cc_20140527_171556.reg
2014-05-27 17:11 - 2014-05-27 17:11 - 00003180 _____ () C:\Windows\System32\Tasks\{1E84FC35-EA3D-4E38-A62A-EE1D78C3AF59}
2014-05-27 17:11 - 2014-05-27 17:11 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieUserList
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieSiteList
2014-05-26 08:32 - 2014-05-26 08:32 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Nero
2014-05-26 08:31 - 2014-05-26 18:04 - 00000000 ____D () C:\ProgramData\Nero
2014-05-26 07:43 - 2014-05-26 07:43 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\TEST
2014-05-26 07:36 - 2014-05-26 07:36 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\GermaniXSoft
2014-05-25 18:50 - 2014-05-25 18:50 - 00000087 _____ () C:\Users\ciipresshilll\Documents\xbox zugang.txt
2014-05-24 21:20 - 2014-05-28 08:26 - 00002668 _____ () C:\Windows\PFRO.log
2014-05-24 09:44 - 2014-05-24 09:44 - 00051062 _____ () C:\Users\ciipresshilll\Documents\cc_20140524_094401.reg
2014-05-24 08:59 - 2014-05-24 08:59 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-05-20 21:32 - 2014-05-20 21:32 - 00971830 ____N () C:\Windows\Minidump\052014-7176-01.dmp
2014-05-19 19:08 - 2014-05-28 16:02 - 00002119 _____ () C:\Windows\setupact.log
2014-05-19 19:08 - 2014-05-19 19:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-15 22:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 22:28 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 22:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 22:28 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 22:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 22:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 09:51 - 2014-05-15 09:51 - 00020010 _____ () C:\Users\ciipresshilll\Documents\Leserbrief Vegesack.odt
2014-05-15 08:53 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 08:53 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 08:53 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 08:53 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 08:53 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 08:53 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 08:53 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 08:53 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 08:53 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 08:53 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 08:53 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 08:53 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 08:53 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 08:53 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 08:53 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 08:53 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 08:53 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 23:15 - 2014-05-14 23:15 - 00002980 _____ () C:\Windows\System32\Tasks\{769110BA-A2BF-410E-BDA0-416551886AF4}
2014-05-10 10:39 - 2014-05-10 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 22:34 - 2014-05-25 14:10 - 00527700 _____ () C:\Users\ciipresshilll\Documents\report.txt
2014-05-07 11:17 - 2014-05-07 11:17 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-04 21:07 - 2014-05-04 21:07 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\HandBrake
2014-05-04 21:00 - 2014-05-04 21:00 - 00001312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Windows\de
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-01 13:28 - 2014-05-01 13:28 - 00058129 _____ () C:\Windows\SysWOW64\CCCInstall_201405011328019478.log
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\ProgramData\ATI
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-01 13:27 - 2014-05-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-01 13:25 - 2014-05-01 13:25 - 00060544 _____ () C:\Windows\SysWOW64\CCCInstall_201405011325001151.log
2014-04-30 07:46 - 2014-05-16 07:46 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-05-28 16:35 - 2014-05-28 16:34 - 00012389 _____ () C:\Users\ciipresshilll\Desktop\FRST.txt
2014-05-28 16:35 - 2014-01-08 20:30 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\NetSpeedMonitor
2014-05-28 16:34 - 2014-05-28 16:23 - 00000000 ____D () C:\FRST
2014-05-28 16:20 - 2014-05-28 16:20 - 00000488 _____ () C:\Users\ciipresshilll\Desktop\defogger_disable.log
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 _____ () C:\Users\ciipresshilll\defogger_reenable
2014-05-28 16:20 - 2014-01-08 18:06 - 00000000 ____D () C:\Users\ciipresshilll
2014-05-28 16:19 - 2014-05-28 16:19 - 02066944 _____ (Farbar) C:\Users\ciipresshilll\Desktop\FRST64.exe
2014-05-28 16:19 - 2014-05-28 16:19 - 00380416 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.exe
2014-05-28 16:19 - 2014-05-28 16:18 - 00050477 _____ () C:\Users\ciipresshilll\Desktop\Defogger.exe
2014-05-28 16:19 - 2014-01-16 21:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-28 16:09 - 2009-07-14 06:45 - 00018592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 16:09 - 2009-07-14 06:45 - 00018592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 16:07 - 2014-01-09 03:02 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-05-28 16:07 - 2014-01-09 03:02 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-05-28 16:07 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 16:06 - 2014-02-15 16:55 - 01739198 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 16:04 - 2014-03-17 08:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 16:02 - 2014-05-19 19:08 - 00002119 _____ () C:\Windows\setupact.log
2014-05-28 16:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 08:27 - 2014-04-22 00:42 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Awesomium
2014-05-28 08:26 - 2014-05-24 21:20 - 00002668 _____ () C:\Windows\PFRO.log
2014-05-28 08:26 - 2014-01-08 22:32 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-05-27 21:42 - 2014-01-10 17:53 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\Edelarsch
2014-05-27 21:11 - 2014-05-27 21:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-27 17:49 - 2014-01-13 22:00 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-27 17:49 - 2014-01-08 22:31 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-27 17:49 - 2014-01-08 22:31 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-27 17:32 - 2014-05-27 17:32 - 00018587 _____ () C:\Windows\DirectX.log
2014-05-27 17:32 - 2014-05-27 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-27 17:32 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-27 17:31 - 2014-01-08 18:34 - 00000000 ____D () C:\ProgramData\Origin
2014-05-27 17:30 - 2014-01-08 18:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-27 17:15 - 2014-05-27 17:15 - 00018284 _____ () C:\Users\ciipresshilll\Documents\cc_20140527_171556.reg
2014-05-27 17:11 - 2014-05-27 17:11 - 00003180 _____ () C:\Windows\System32\Tasks\{1E84FC35-EA3D-4E38-A62A-EE1D78C3AF59}
2014-05-27 17:11 - 2014-05-27 17:11 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-27 17:10 - 2014-01-08 18:06 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\VirtualStore
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieUserList
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieSiteList
2014-05-26 18:04 - 2014-05-26 08:31 - 00000000 ____D () C:\ProgramData\Nero
2014-05-26 08:32 - 2014-05-26 08:32 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Nero
2014-05-26 07:43 - 2014-05-26 07:43 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\TEST
2014-05-26 07:36 - 2014-05-26 07:36 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\GermaniXSoft
2014-05-25 18:50 - 2014-05-25 18:50 - 00000087 _____ () C:\Users\ciipresshilll\Documents\xbox zugang.txt
2014-05-25 14:10 - 2014-05-08 22:34 - 00527700 _____ () C:\Users\ciipresshilll\Documents\report.txt
2014-05-24 09:44 - 2014-05-24 09:44 - 00051062 _____ () C:\Users\ciipresshilll\Documents\cc_20140524_094401.reg
2014-05-24 08:59 - 2014-05-24 08:59 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-05-22 20:56 - 2014-03-29 22:40 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Audacity
2014-05-21 20:25 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 21:33 - 2014-01-09 21:35 - 00000000 ____D () C:\Windows\Minidump
2014-05-20 21:32 - 2014-05-20 21:32 - 00971830 ____N () C:\Windows\Minidump\052014-7176-01.dmp
2014-05-19 19:08 - 2014-05-19 19:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 08:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 07:46 - 2014-04-30 07:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 07:46 - 2014-01-08 18:06 - 00000000 ___RD () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 07:46 - 2014-01-08 18:06 - 00000000 ___RD () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 22:28 - 2014-01-08 18:55 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 22:28 - 2014-01-08 18:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 09:51 - 2014-05-15 09:51 - 00020010 _____ () C:\Users\ciipresshilll\Documents\Leserbrief Vegesack.odt
2014-05-14 23:15 - 2014-05-14 23:15 - 00002980 _____ () C:\Windows\System32\Tasks\{769110BA-A2BF-410E-BDA0-416551886AF4}
2014-05-14 17:23 - 2014-03-17 08:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 17:23 - 2014-01-08 22:27 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 17:23 - 2014-01-08 22:27 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 08:49 - 2014-01-10 17:49 - 00007607 _____ () C:\Users\ciipresshilll\AppData\Local\Resmon.ResmonCfg
2014-05-13 08:34 - 2014-04-22 00:19 - 00000000 ____D () C:\Users\ciipresshilll\Documents\Elder Scrolls Online
2014-05-13 08:34 - 2014-04-22 00:19 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-05-13 08:33 - 2014-02-02 23:10 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-11 19:07 - 2014-03-02 10:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 10:39 - 2014-05-10 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-15 08:53 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 08:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 11:17 - 2014-05-07 11:17 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-06 06:40 - 2014-05-15 22:28 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 22:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 22:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 22:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 21:07 - 2014-05-04 21:07 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\HandBrake
2014-05-04 21:00 - 2014-05-04 21:00 - 00001312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Windows\de
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-04 21:00 - 2014-03-24 15:56 - 00001381 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-04 21:00 - 2014-01-08 23:09 - 00001497 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-04 21:00 - 2014-01-08 23:09 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-01 13:28 - 2014-05-01 13:28 - 00058129 _____ () C:\Windows\SysWOW64\CCCInstall_201405011328019478.log
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\ProgramData\ATI
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-01 13:28 - 2014-01-08 18:39 - 00000000 ____D () C:\ProgramData\AMD
2014-05-01 13:27 - 2014-05-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-01 13:27 - 2014-02-07 08:49 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-05-01 13:25 - 2014-05-01 13:25 - 00060544 _____ () C:\Windows\SysWOW64\CCCInstall_201405011325001151.log
2014-04-29 21:02 - 2014-04-20 22:22 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\Battle.net
2014-04-29 20:07 - 2014-04-20 22:18 - 00000000 ____D () C:\ProgramData\Battle.net

Some content of TEMP:
====================
C:\Users\ciipresshilll\AppData\Local\Temp\fileutil.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-21 20:07

==================== End Of Log ============================
         

Alt 28.05.2014, 18:56   #2
schrauber
/// the machine
/// TB-Ausbilder
 

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt - Standard

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 28.05.2014, 20:47   #3
cobolo
 
PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt - Standard

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt



Hey,

alles klar, das wusste ich nicht. dann mache ich mehrere Posts.


Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:20 on 28/05/2014 (ciipresshilll)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

GMER
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-28 19:18:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 OCZ-AGIL rev.2.15 55,90GB
Running: Gmer-19357.exe; Driver: C:\Users\CIIPRE~1\AppData\Local\Temp\pgldrpog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey                                        000000007789faa8 5 bytes JMP 0000000173db18dd
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                 00000000778a0038 5 bytes JMP 0000000173db1ed6
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                                    0000000073bf1a22 2 bytes [BF, 73]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                                    0000000073bf1ad0 2 bytes [BF, 73]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                                    0000000073bf1b08 2 bytes [BF, 73]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                                    0000000073bf1bba 2 bytes [BF, 73]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                                    0000000073bf1bda 2 bytes [BF, 73]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                             0000000075461465 2 bytes [46, 75]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                            00000000754614bb 2 bytes [46, 75]
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1980] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                               0000000075461465 2 bytes [46, 75]
.text   C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1980] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                              00000000754614bb 2 bytes [46, 75]
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe[3088] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize + 779                       000000007716b9f8 4 bytes [0B, 26, DB, 73]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                       00000000776a11f5 8 bytes {JMP 0xd}
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                     00000000776a1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                            00000000776a143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                            00000000776a158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                    00000000776a191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                    00000000776a1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                   00000000776a1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                      00000000776a1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                      00000000776a1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                          00000000776a1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                         00000000776a1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                        00000000776a1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                00000000776a1fd7 8 bytes {JMP 0xb}
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                            00000000776a2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                            00000000776a2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                 00000000776a2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                        00000000776a27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                      00000000776a27d2 8 bytes {JMP 0x10}
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                       00000000776a282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                      00000000776a2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 2
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                              00000000776a2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                              00000000776a2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                      00000000776a3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                          00000000776a323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                          00000000776a33c0 16 bytes {JMP 0x4e}
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                         00000000776a3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                         00000000776a3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                             00000000776a3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                             00000000776a3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                      00000000776a4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                00000000776f1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                              00000000776f1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                    00000000776f1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  00000000776f1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                      00000000776f1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      00000000776f1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                    00000000776f1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    00000000776f27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                  0000000073e813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                  0000000073e8146b 8 bytes {JMP 0xffffffffffffffb0}
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                               0000000073e816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                 0000000073e816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                            0000000073e819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                            0000000073e819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                      0000000073e81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                        0000000073e81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                      0000000073e81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                           0000000073e81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                             0000000075461465 2 bytes [46, 75]
.text   C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                            00000000754614bb 2 bytes [46, 75]
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                   00000000776a11f5 8 bytes {JMP 0xd}
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                 00000000776a1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                        00000000776a143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                        00000000776a158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                00000000776a191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                00000000776a1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                               00000000776a1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                  00000000776a1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                  00000000776a1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                      00000000776a1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                     00000000776a1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                    00000000776a1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                            00000000776a1fd7 8 bytes {JMP 0xb}
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                        00000000776a2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                        00000000776a2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578             00000000776a2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                    00000000776a27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                  00000000776a27d2 8 bytes {JMP 0x10}
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79   00000000776a282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176  00000000776a2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299          00000000776a2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367          00000000776a2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                  00000000776a3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                      00000000776a323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                      00000000776a33c0 16 bytes {JMP 0x4e}
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                     00000000776a3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                     00000000776a3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197         00000000776a3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611         00000000776a3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                  00000000776a4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                            00000000776f1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                          00000000776f1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                00000000776f1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              00000000776f1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                  00000000776f1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  00000000776f1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                00000000776f1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                00000000776f27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312              0000000073e813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471              0000000073e8146b 8 bytes {JMP 0xffffffffffffffb0}
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                           0000000073e816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                             0000000073e816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                        0000000073e819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                        0000000073e819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                  0000000073e81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                    0000000073e81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                  0000000073e81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                       0000000073e81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                    00000000776a11f5 8 bytes {JMP 0xd}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                  00000000776a1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                         00000000776a143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                         00000000776a158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                 00000000776a191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                 00000000776a1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                00000000776a1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                   00000000776a1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                   00000000776a1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                       00000000776a1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                      00000000776a1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                     00000000776a1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                             00000000776a1fd7 8 bytes {JMP 0xb}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                         00000000776a2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                         00000000776a2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578              00000000776a2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                     00000000776a27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                   00000000776a27d2 8 bytes {JMP 0x10}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79    00000000776a282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176   00000000776a2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299           00000000776a2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367           00000000776a2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                   00000000776a3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                       00000000776a323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                       00000000776a33c0 16 bytes {JMP 0x4e}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                      00000000776a3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                      00000000776a3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197          00000000776a3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611          00000000776a3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                   00000000776a4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                             00000000776f1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                           00000000776f1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                 00000000776f1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                               00000000776f1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                   00000000776f1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                   00000000776f1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                 00000000776f1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                 00000000776f27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312               0000000073e813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471               0000000073e8146b 8 bytes {JMP 0xffffffffffffffb0}
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                            0000000073e816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                              0000000073e816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                         0000000073e819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                         0000000073e819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                   0000000073e81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                     0000000073e81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                   0000000073e81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                        0000000073e81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                         00000000776a11f5 8 bytes {JMP 0xd}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                       00000000776a1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                              00000000776a143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                              00000000776a158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                      00000000776a191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                      00000000776a1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                     00000000776a1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                        00000000776a1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                        00000000776a1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                            00000000776a1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                           00000000776a1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                          00000000776a1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                  00000000776a1fd7 8 bytes {JMP 0xb}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                              00000000776a2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                              00000000776a2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                   00000000776a2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                          00000000776a27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                        00000000776a27d2 8 bytes {JMP 0x10}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79         00000000776a282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176        00000000776a2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                00000000776a2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                00000000776a2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                        00000000776a3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                            00000000776a323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                            00000000776a33c0 16 bytes {JMP 0x4e}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                           00000000776a3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                           00000000776a3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197               00000000776a3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611               00000000776a3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                        00000000776a4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                  00000000776f1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                00000000776f1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                      00000000776f1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                    00000000776f1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                        00000000776f1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                        00000000776f1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                      00000000776f1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                      00000000776f27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                    0000000073e813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                    0000000073e8146b 8 bytes {JMP 0xffffffffffffffb0}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                 0000000073e816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                   0000000073e816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                              0000000073e819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                              0000000073e819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                        0000000073e81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                          0000000073e81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                        0000000073e81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                             0000000073e81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                         00000000776a11f5 8 bytes {JMP 0xd}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                       00000000776a1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                              00000000776a143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                              00000000776a158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                      00000000776a191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                      00000000776a1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                     00000000776a1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                        00000000776a1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                        00000000776a1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                            00000000776a1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                           00000000776a1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                          00000000776a1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                  00000000776a1fd7 8 bytes {JMP 0xb}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                              00000000776a2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                              00000000776a2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                   00000000776a2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                          00000000776a27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                        00000000776a27d2 8 bytes {JMP 0x10}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79         00000000776a282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176        00000000776a2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                00000000776a2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                00000000776a2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                        00000000776a3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                            00000000776a323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                            00000000776a33c0 16 bytes {JMP 0x4e}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                           00000000776a3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                           00000000776a3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197               00000000776a3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611               00000000776a3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                        00000000776a4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                  00000000776f1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                00000000776f1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                      00000000776f1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                    00000000776f1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                        00000000776f1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                        00000000776f1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                      00000000776f1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                      00000000776f27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                    0000000073e813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                    0000000073e8146b 8 bytes {JMP 0xffffffffffffffb0}
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                 0000000073e816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                   0000000073e816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                              0000000073e819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                              0000000073e819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                        0000000073e81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                          0000000073e81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                        0000000073e81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                             0000000073e81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                      00000000776a11f5 8 bytes {JMP 0xd}
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                    00000000776a1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                           00000000776a143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                           00000000776a158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                   00000000776a191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                   00000000776a1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                  00000000776a1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                     00000000776a1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                     00000000776a1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                         00000000776a1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                        00000000776a1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                       00000000776a1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                               00000000776a1fd7 8 bytes {JMP 0xb}
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                           00000000776a2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                           00000000776a2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                00000000776a2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                       00000000776a27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                     00000000776a27d2 8 bytes {JMP 0x10}
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                      00000000776a282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                     00000000776a2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 2
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                             00000000776a2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                             00000000776a2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                     00000000776a3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                         00000000776a323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                         00000000776a33c0 16 bytes {JMP 0x4e}
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                        00000000776a3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                        00000000776a3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                            00000000776a3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                            00000000776a3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                     00000000776a4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                               00000000776f1380 8 bytes JMP 3f3f3f3f
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                             00000000776f1500 8 bytes JMP 3f3f3f3f
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                   00000000776f1530 8 bytes JMP 3f3f3f3f
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                 00000000776f1650 8 bytes JMP 3f3f3f3f
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                     00000000776f1700 8 bytes JMP 3f3f3f3f
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                     00000000776f1d30 8 bytes JMP 3f3f3f3f
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                   00000000776f1f80 8 bytes JMP 3f3f3f3f
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                   00000000776f27e0 8 bytes JMP 3f3f3f3f
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                 0000000073e813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                 0000000073e8146b 8 bytes {JMP 0xffffffffffffffb0}
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                              0000000073e816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                0000000073e816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                           0000000073e819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                           0000000073e819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                     0000000073e81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                       0000000073e81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                     0000000073e81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                          0000000073e81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                          00000000776a11f5 8 bytes {JMP 0xd}
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                        00000000776a1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                               00000000776a143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                               00000000776a158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                       00000000776a191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                       00000000776a1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                      00000000776a1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                         00000000776a1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                         00000000776a1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                             00000000776a1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                            00000000776a1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                           00000000776a1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                   00000000776a1fd7 8 bytes {JMP 0xb}
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                               00000000776a2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                               00000000776a2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                    00000000776a2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                           00000000776a27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                         00000000776a27d2 8 bytes {JMP 0x10}
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                          00000000776a282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                         00000000776a2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 2
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                 00000000776a2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                 00000000776a2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   ...                                                                                                                                                                        * 3
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                         00000000776a3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                             00000000776a323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                             00000000776a33c0 16 bytes {JMP 0x4e}
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                            00000000776a3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                            00000000776a3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                00000000776a3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                00000000776a3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                         00000000776a4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                   00000000776f1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                 00000000776f1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                       00000000776f1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                     00000000776f1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                         00000000776f1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                         00000000776f1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                       00000000776f1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                       00000000776f27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                     0000000073e813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                     0000000073e8146b 8 bytes {JMP 0xffffffffffffffb0}
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                  0000000073e816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                    0000000073e816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                               0000000073e819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                               0000000073e819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                         0000000073e81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                           0000000073e81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                         0000000073e81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text   C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                              0000000073e81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [3976:4752]                                                                                                                                000007fee5339688

---- EOF - GMER 2.1 ----
         
FRST


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by ciipresshilll (administrator) on R280 on 28-05-2014 16:34:57
Running from C:\Users\ciipresshilll\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Drakonia Black\hid.exe
() C:\Program Files (x86)\Drakonia Black\trayicon.exe
(Advanced Micro Devices Inc.) D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\MOM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(ATI Technologies Inc.) D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\CCC.exe
(Nullsoft, Inc.) D:\P R O G R A M M E\Winamp\winamp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Black\hid.exe [247296 2013-06-26] ()
HKLM-x32\...\Run: [StartCCC] => D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-10] (Microsoft Corporation)
HKU\S-1-5-21-1425884379-3831331695-1035041748-1000\...\MountPoints2: {539912cd-787e-11e3-b536-806e6f6e6963} - E:\ASRSetup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x28AFC960B10CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default
FF Homepage: https://www.google.de/?gfe_rd=ctrl&ei=me0SU57UHMGK8QfmgoD4Dw&gws_rd=cr
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 - D:\P R O G R A M M E\vlc\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-04-03]
FF Extension: The Fox, Only Better - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\thefoxonlybetter@quicksaver.xpi [2014-05-24]
FF Extension: Adblock Plus - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-02]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-16]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-01-11] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-07] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-16] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-16] (Kaspersky Lab ZAO)
S3 RTCore64; D:\P R O G R A M M E\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 cpuz136; \??\C:\Users\CIIPRE~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 cpuz137; \??\C:\Users\CIIPRE~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-28 16:34 - 2014-05-28 16:35 - 00012389 _____ () C:\Users\ciipresshilll\Desktop\FRST.txt
2014-05-28 16:23 - 2014-05-28 16:34 - 00000000 ____D () C:\FRST
2014-05-28 16:20 - 2014-05-28 16:20 - 00000488 _____ () C:\Users\ciipresshilll\Desktop\defogger_disable.log
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 _____ () C:\Users\ciipresshilll\defogger_reenable
2014-05-28 16:19 - 2014-05-28 16:19 - 02066944 _____ (Farbar) C:\Users\ciipresshilll\Desktop\FRST64.exe
2014-05-28 16:19 - 2014-05-28 16:19 - 00380416 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.exe
2014-05-28 16:18 - 2014-05-28 16:19 - 00050477 _____ () C:\Users\ciipresshilll\Desktop\Defogger.exe
2014-05-27 21:11 - 2014-05-27 21:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-27 17:32 - 2014-05-27 17:32 - 00018587 _____ () C:\Windows\DirectX.log
2014-05-27 17:32 - 2014-05-27 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-27 17:15 - 2014-05-27 17:15 - 00018284 _____ () C:\Users\ciipresshilll\Documents\cc_20140527_171556.reg
2014-05-27 17:11 - 2014-05-27 17:11 - 00003180 _____ () C:\Windows\System32\Tasks\{1E84FC35-EA3D-4E38-A62A-EE1D78C3AF59}
2014-05-27 17:11 - 2014-05-27 17:11 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieUserList
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieSiteList
2014-05-26 08:32 - 2014-05-26 08:32 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Nero
2014-05-26 08:31 - 2014-05-26 18:04 - 00000000 ____D () C:\ProgramData\Nero
2014-05-26 07:43 - 2014-05-26 07:43 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\TEST
2014-05-26 07:36 - 2014-05-26 07:36 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\GermaniXSoft
2014-05-25 18:50 - 2014-05-25 18:50 - 00000087 _____ () C:\Users\ciipresshilll\Documents\xbox zugang.txt
2014-05-24 21:20 - 2014-05-28 08:26 - 00002668 _____ () C:\Windows\PFRO.log
2014-05-24 09:44 - 2014-05-24 09:44 - 00051062 _____ () C:\Users\ciipresshilll\Documents\cc_20140524_094401.reg
2014-05-24 08:59 - 2014-05-24 08:59 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-05-20 21:32 - 2014-05-20 21:32 - 00971830 ____N () C:\Windows\Minidump\052014-7176-01.dmp
2014-05-19 19:08 - 2014-05-28 16:02 - 00002119 _____ () C:\Windows\setupact.log
2014-05-19 19:08 - 2014-05-19 19:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-15 22:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 22:28 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 22:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 22:28 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 22:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 22:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 09:51 - 2014-05-15 09:51 - 00020010 _____ () C:\Users\ciipresshilll\Documents\Leserbrief Vegesack.odt
2014-05-15 08:53 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 08:53 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 08:53 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 08:53 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 08:53 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 08:53 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 08:53 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 08:53 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 08:53 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 08:53 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 08:53 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 08:53 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 08:53 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 08:53 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 08:53 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 08:53 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 08:53 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 23:15 - 2014-05-14 23:15 - 00002980 _____ () C:\Windows\System32\Tasks\{769110BA-A2BF-410E-BDA0-416551886AF4}
2014-05-10 10:39 - 2014-05-10 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 22:34 - 2014-05-25 14:10 - 00527700 _____ () C:\Users\ciipresshilll\Documents\report.txt
2014-05-07 11:17 - 2014-05-07 11:17 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-04 21:07 - 2014-05-04 21:07 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\HandBrake
2014-05-04 21:00 - 2014-05-04 21:00 - 00001312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Windows\de
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-01 13:28 - 2014-05-01 13:28 - 00058129 _____ () C:\Windows\SysWOW64\CCCInstall_201405011328019478.log
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\ProgramData\ATI
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-01 13:27 - 2014-05-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-01 13:25 - 2014-05-01 13:25 - 00060544 _____ () C:\Windows\SysWOW64\CCCInstall_201405011325001151.log
2014-04-30 07:46 - 2014-05-16 07:46 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-05-28 16:35 - 2014-05-28 16:34 - 00012389 _____ () C:\Users\ciipresshilll\Desktop\FRST.txt
2014-05-28 16:35 - 2014-01-08 20:30 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\NetSpeedMonitor
2014-05-28 16:34 - 2014-05-28 16:23 - 00000000 ____D () C:\FRST
2014-05-28 16:20 - 2014-05-28 16:20 - 00000488 _____ () C:\Users\ciipresshilll\Desktop\defogger_disable.log
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 _____ () C:\Users\ciipresshilll\defogger_reenable
2014-05-28 16:20 - 2014-01-08 18:06 - 00000000 ____D () C:\Users\ciipresshilll
2014-05-28 16:19 - 2014-05-28 16:19 - 02066944 _____ (Farbar) C:\Users\ciipresshilll\Desktop\FRST64.exe
2014-05-28 16:19 - 2014-05-28 16:19 - 00380416 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.exe
2014-05-28 16:19 - 2014-05-28 16:18 - 00050477 _____ () C:\Users\ciipresshilll\Desktop\Defogger.exe
2014-05-28 16:19 - 2014-01-16 21:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-28 16:09 - 2009-07-14 06:45 - 00018592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 16:09 - 2009-07-14 06:45 - 00018592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 16:07 - 2014-01-09 03:02 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-05-28 16:07 - 2014-01-09 03:02 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-05-28 16:07 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 16:06 - 2014-02-15 16:55 - 01739198 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 16:04 - 2014-03-17 08:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 16:02 - 2014-05-19 19:08 - 00002119 _____ () C:\Windows\setupact.log
2014-05-28 16:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 08:27 - 2014-04-22 00:42 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Awesomium
2014-05-28 08:26 - 2014-05-24 21:20 - 00002668 _____ () C:\Windows\PFRO.log
2014-05-28 08:26 - 2014-01-08 22:32 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-05-27 21:42 - 2014-01-10 17:53 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\Edelarsch
2014-05-27 21:11 - 2014-05-27 21:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-27 17:49 - 2014-01-13 22:00 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-27 17:49 - 2014-01-08 22:31 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-27 17:49 - 2014-01-08 22:31 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-27 17:32 - 2014-05-27 17:32 - 00018587 _____ () C:\Windows\DirectX.log
2014-05-27 17:32 - 2014-05-27 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-27 17:32 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-27 17:31 - 2014-01-08 18:34 - 00000000 ____D () C:\ProgramData\Origin
2014-05-27 17:30 - 2014-01-08 18:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-27 17:15 - 2014-05-27 17:15 - 00018284 _____ () C:\Users\ciipresshilll\Documents\cc_20140527_171556.reg
2014-05-27 17:11 - 2014-05-27 17:11 - 00003180 _____ () C:\Windows\System32\Tasks\{1E84FC35-EA3D-4E38-A62A-EE1D78C3AF59}
2014-05-27 17:11 - 2014-05-27 17:11 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-27 17:10 - 2014-01-08 18:06 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\VirtualStore
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieUserList
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieSiteList
2014-05-26 18:04 - 2014-05-26 08:31 - 00000000 ____D () C:\ProgramData\Nero
2014-05-26 08:32 - 2014-05-26 08:32 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Nero
2014-05-26 07:43 - 2014-05-26 07:43 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\TEST
2014-05-26 07:36 - 2014-05-26 07:36 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\GermaniXSoft
2014-05-25 18:50 - 2014-05-25 18:50 - 00000087 _____ () C:\Users\ciipresshilll\Documents\xbox zugang.txt
2014-05-25 14:10 - 2014-05-08 22:34 - 00527700 _____ () C:\Users\ciipresshilll\Documents\report.txt
2014-05-24 09:44 - 2014-05-24 09:44 - 00051062 _____ () C:\Users\ciipresshilll\Documents\cc_20140524_094401.reg
2014-05-24 08:59 - 2014-05-24 08:59 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-05-22 20:56 - 2014-03-29 22:40 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Audacity
2014-05-21 20:25 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 21:33 - 2014-01-09 21:35 - 00000000 ____D () C:\Windows\Minidump
2014-05-20 21:32 - 2014-05-20 21:32 - 00971830 ____N () C:\Windows\Minidump\052014-7176-01.dmp
2014-05-19 19:08 - 2014-05-19 19:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 08:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 07:46 - 2014-04-30 07:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 07:46 - 2014-01-08 18:06 - 00000000 ___RD () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 07:46 - 2014-01-08 18:06 - 00000000 ___RD () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 22:28 - 2014-01-08 18:55 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 22:28 - 2014-01-08 18:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 09:51 - 2014-05-15 09:51 - 00020010 _____ () C:\Users\ciipresshilll\Documents\Leserbrief Vegesack.odt
2014-05-14 23:15 - 2014-05-14 23:15 - 00002980 _____ () C:\Windows\System32\Tasks\{769110BA-A2BF-410E-BDA0-416551886AF4}
2014-05-14 17:23 - 2014-03-17 08:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 17:23 - 2014-01-08 22:27 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 17:23 - 2014-01-08 22:27 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 08:49 - 2014-01-10 17:49 - 00007607 _____ () C:\Users\ciipresshilll\AppData\Local\Resmon.ResmonCfg
2014-05-13 08:34 - 2014-04-22 00:19 - 00000000 ____D () C:\Users\ciipresshilll\Documents\Elder Scrolls Online
2014-05-13 08:34 - 2014-04-22 00:19 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-05-13 08:33 - 2014-02-02 23:10 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-11 19:07 - 2014-03-02 10:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 10:39 - 2014-05-10 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-15 08:53 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 08:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 11:17 - 2014-05-07 11:17 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-06 06:40 - 2014-05-15 22:28 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 22:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 22:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 22:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 21:07 - 2014-05-04 21:07 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\HandBrake
2014-05-04 21:00 - 2014-05-04 21:00 - 00001312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Windows\de
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-04 21:00 - 2014-03-24 15:56 - 00001381 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-04 21:00 - 2014-01-08 23:09 - 00001497 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-04 21:00 - 2014-01-08 23:09 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-01 13:28 - 2014-05-01 13:28 - 00058129 _____ () C:\Windows\SysWOW64\CCCInstall_201405011328019478.log
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\ProgramData\ATI
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-01 13:28 - 2014-01-08 18:39 - 00000000 ____D () C:\ProgramData\AMD
2014-05-01 13:27 - 2014-05-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-01 13:27 - 2014-02-07 08:49 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-05-01 13:25 - 2014-05-01 13:25 - 00060544 _____ () C:\Windows\SysWOW64\CCCInstall_201405011325001151.log
2014-04-29 21:02 - 2014-04-20 22:22 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\Battle.net
2014-04-29 20:07 - 2014-04-20 22:18 - 00000000 ____D () C:\ProgramData\Battle.net

Some content of TEMP:
====================
C:\Users\ciipresshilll\AppData\Local\Temp\fileutil.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-21 20:07

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 28.05.2014, 20:50   #4
cobolo
 
PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt - Standard

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt



FRST Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by ciipresshilll at 2014-05-28 16:35:37
Running from C:\Users\ciipresshilll\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

Ableton Live 9 Trial (HKLM\...\{0F84EFB0-4B18-40A2-8240-04C1DD7CBF6C}) (Version: 9.0.0.0 - Ableton)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
American McGee's Grimm: A Boy Learns What Fear Is (HKLM-x32\...\{6E52D3C0-AC2E-4ABE-9239-162DB62B8F07}) (Version: 1 - American McGee's Grimm)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AwesomiumSetup (HKLM-x32\...\{19EF99D1-7EE6-4B5E-ABEE-0B3825F703B0}) (Version: 1.00.0000 - SIX Networks GmbH)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0131.1535.27922 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDBurnerXP (HKLM-x32\...\{909A791A-DBB0-432F-BC0E-D0C81925E340}) (Version: 4.5.3.4746 - Canneverbe Limited)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version:  - Team Psykskallar)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Drakonia Black (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version:  - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Geeks3D FurMark 1.12.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Half-Life (HKLM-x32\...\Half-Life_is1) (Version: Half-Life - Non Steam - KingSOFT DVD)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft1.7.4 (HKLM-x32\...\Minecraft1.7.4) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{5375FD61-C0E9-11E1-9297-F04DA23A5C58}) (Version: 12.0.334 - Sony)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PhotoFiltre 7 (HKCU\...\PhotoFiltre 7) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
South Park - The Stick of Truth (HKLM-x32\...\South Park - The Stick of Truth_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Restore Points  =========================

27-05-2014 15:32:31 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-13 09:38 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {056CAAF8-3A85-4860-AED4-C1E67D6B4EAF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {20B3AF38-9364-4882-808E-F7D126CC9A3D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {92877BCB-272E-4421-83F5-4CAE6E012748} - System32\Tasks\{769110BA-A2BF-410E-BDA0-416551886AF4} => D:\S P I E L E\ESO\Launcher\Bethesda.net_Launcher.exe [2014-04-05] (ZeniMax Online Studios)
Task: {BA5E7113-F77C-4E0E-BF08-515D2FE95898} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {E909273A-C13C-4EBA-9F5D-3587EC2C30AF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1425884379-3831331695-1035041748-1000
Task: {FB18FC1B-8FBE-4054-AA29-F54747CE1023} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {FB7C1595-9612-4C37-BAAD-B0E2FFB63E40} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-01-08 22:31 - 2014-02-07 09:20 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-06 18:00 - 2013-06-26 18:01 - 00247296 _____ () C:\Program Files (x86)\Drakonia Black\hid.exe
2014-03-06 18:00 - 2013-06-26 18:01 - 00240640 _____ () C:\Program Files (x86)\Drakonia Black\trayicon.exe
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-03-11 13:44 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-11 13:44 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-11 13:44 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-11 13:44 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-11 13:44 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-06 18:00 - 2013-06-26 18:01 - 00061952 _____ () C:\Program Files (x86)\Drakonia Black\HidDevice.dll
2014-03-06 18:00 - 2013-06-26 18:01 - 00249856 _____ () C:\Program Files (x86)\Drakonia Black\language.dll
2014-05-28 16:04 - 2014-05-28 16:04 - 00014336 _____ () C:\Users\ciipresshilll\AppData\Local\Temp\WDE5B0A.tmp\ml_online.lng
2014-05-28 16:04 - 2014-05-28 16:04 - 00036352 _____ () C:\Users\ciipresshilll\AppData\Local\Temp\WDE5B0A.tmp\ombrowser.lng
2013-12-13 04:47 - 2013-12-13 04:47 - 00333824 _____ () D:\P R O G R A M M E\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2014-02-13 08:42 - 2014-02-13 08:42 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll
2014-01-08 18:13 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-05-10 10:39 - 2014-05-10 10:39 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: Wlansvc => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Intel(R) HD Graphics 3000
Description: Intel(R) HD Graphics 3000
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (05/19/2014 07:08:47 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3508) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00042.log.


System errors:
=============
Error: (05/25/2014 04:41:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/25/2014 04:41:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (05/25/2014 04:33:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/25/2014 04:33:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (05/25/2014 10:39:06 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (05/24/2014 11:02:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎24.‎05.‎2014 um 23:00:56 unerwartet heruntergefahren.

Error: (05/22/2014 06:44:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎22.‎05.‎2014 um 18:42:38 unerwartet heruntergefahren.

Error: (05/20/2014 09:33:08 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000117 (0xfffffa800bb2f010, 0xfffff88004cf0dac, 0x0000000000000000, 0x0000000000000000)C:\Windows\Minidump\052014-7176-01.dmp052014-7176-01

Error: (05/20/2014 09:33:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎20.‎05.‎2014 um 21:31:48 unerwartet heruntergefahren.

Error: (05/19/2014 07:09:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056


Microsoft Office Sessions:
=========================
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: 
Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))

Error: (05/19/2014 07:08:47 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows3508Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00042.log-1811


CodeIntegrity Errors:
===================================
  Date: 2014-05-26 08:03:43.617
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-26 08:03:43.617
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-26 08:03:43.617
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-26 08:03:43.601
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-26 08:03:43.601
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-26 08:03:43.601
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-24 09:40:23.537
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-24 09:40:23.536
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-24 09:40:23.535
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-24 09:40:23.532
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 24%
Total physical RAM: 8104.66 MB
Available physical RAM: 6113.4 MB
Total Pagefile: 9126.84 MB
Available Pagefile: 6718 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:55.8 GB) (Free:11.41 GB) NTFS
Drive d: (Multimedia) (Fixed) (Total:698.63 GB) (Free:365.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: FBA09897)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=56 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 699 GB) (Disk ID: 01833306)
Partition 1: (Active) - (Size=699 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

1. ) Was sind unter Host Content diese komischen Links?


Letzter Log: AVZ

Code:
ATTFilter
AVZ Antiviral Toolkit log; AVZ version is 4.43
Scanning started at 28.05.2014 19:00:52
Database loaded: signatures - 297612, NN profile(s) - 2, malware removal microprograms - 56, signature database released 28.05.2014 04:00
Heuristic microprograms loaded: 405
PVS microprograms loaded: 9
Digital signatures of system files loaded: 663640
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Home Premium" ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Error loading driver - operation interrupted [C000036B]
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
1.5 Checking IRP handlers
 Error loading driver - operation interrupted [C000036B]
2. Scanning RAM
 Number of processes found: 13
 Number of modules loaded: 386
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\ProgramData\Microsoft\RAC\Temp\sqlE021.tmp
Direct reading: C:\ProgramData\Microsoft\RAC\Temp\sqlE031.tmp
Direct reading: C:\Users\ciipresshilll\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
 Checking - disabled by user
7. Heuristic system check
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Remotedesktopdienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suche)
>> Services: potentially dangerous service allowed: Schedule (Aufgabenplanung)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun is allowed
 >>  Network drives autorun is allowed
 >>  Removable media autorun is allowed
Checking - complete
Files scanned: 109180, extracted from archives: 49725, malicious software found 0, suspicions - 0
Scanning finished at 28.05.2014 19:07:08
Time of scanning: 00:06:16
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address hxxp://forum.kaspersky.com/index.php?showforum=19
For automatic scanning of files from the AVZ quarantine you can use the service hxxp://virusdetector.ru/
         
Das waren jetzt alle Logs, ich hoffe es hilft.

Vielen Dank!

Geändert von cobolo (28.05.2014 um 20:55 Uhr) Grund: Eingefügt

Alt 29.05.2014, 16:48   #5
schrauber
/// the machine
/// TB-Ausbilder
 

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt - Standard

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt



Das ist normal. Sicherheitssoftware trägt dort alle bekanten Malware-Seiten ein, damit du sie nicht ansurfen kannst.


Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.05.2014, 17:19   #6
cobolo
 
PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt - Standard

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt



Hey danke, erst mal,

der Log von Combo wird 12-14 Post's in Anspruch nehmen, soll ich das alles Posten oder lieber anhängen? was ist Ihnen lieber ?


teil1
Code:
ATTFilter
ComboFix 14-05-29.01 - ciipresshilll 29.05.2014  17:53:51.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8105.6257 [GMT 2:00]
ausgeführt von:: c:\users\ciipresshilll\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-28 bis 2014-05-29  ))))))))))))))))))))))))))))))
.
.
2014-05-29 15:56 . 2014-05-29 15:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-29 10:38 . 2014-05-29 10:38	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-29 10:38 . 2014-05-29 10:38	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-05-29 10:38 . 2014-05-29 10:38	--------	d-----w-	c:\programdata\Malwarebytes
2014-05-29 10:38 . 2014-05-12 05:26	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-29 10:38 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-29 10:38 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-28 21:05 . 2014-05-28 21:05	--------	d-----w-	c:\users\ciipresshilll\AppData\Local\Ubisoft Game Launcher
2014-05-28 14:23 . 2014-05-28 14:36	--------	d-----w-	C:\FRST
2014-05-27 19:11 . 2014-05-27 19:11	--------	d-----w-	c:\programdata\PopCap Games
2014-05-27 15:11 . 2014-05-27 15:11	--------	d-----w-	c:\program files (x86)\Winamp
2014-05-27 15:05 . 2014-05-27 15:05	--------	d-sh--w-	c:\users\ciipresshilll\AppData\Local\EmieUserList
2014-05-27 15:05 . 2014-05-27 15:05	--------	d-sh--w-	c:\users\ciipresshilll\AppData\Local\EmieSiteList
2014-05-26 06:32 . 2014-05-26 06:32	--------	d-----w-	c:\users\ciipresshilll\AppData\Roaming\Nero
2014-05-26 06:31 . 2014-05-26 16:04	--------	d-----w-	c:\programdata\Nero
2014-05-26 05:36 . 2014-05-26 05:36	--------	d-----w-	c:\users\ciipresshilll\AppData\Local\GermaniXSoft
2014-05-24 06:59 . 2014-05-24 06:59	--------	d-----w-	c:\users\ciipresshilll\AppData\Roaming\Canneverbe Limited
2014-05-24 06:56 . 2014-05-24 06:56	--------	d-----w-	c:\program files (x86)\CDBurnerXP
2014-05-24 06:56 . 2014-05-24 06:56	--------	d-----w-	c:\programdata\Canneverbe Limited
2014-05-23 19:16 . 2014-04-30 23:20	10702536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{79C5370B-AE36-4769-9421-D354DA33DE07}\mpengine.dll
2014-05-15 20:28 . 2014-05-06 04:40	23544320	----a-w-	c:\windows\system32\mshtml.dll
2014-05-15 20:28 . 2014-05-06 04:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-15 20:28 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-15 20:28 . 2014-05-06 03:00	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-14 21:15 . 2014-05-14 21:15	--------	d-----w-	c:\users\ciipresshilll\AppData\Local\Diagnostics
2014-05-07 09:17 . 2014-05-07 09:17	--------	d-----w-	c:\program files\CCleaner
2014-05-04 19:07 . 2014-05-04 19:07	--------	d-----w-	c:\users\ciipresshilll\AppData\Roaming\HandBrake
2014-05-04 19:00 . 2014-05-04 19:00	--------	d-----w-	c:\windows\de
2014-05-04 19:00 . 2014-05-04 19:00	--------	d-----w-	c:\program files\Windows Live
2014-05-01 11:28 . 2014-05-01 11:28	--------	d-----w-	c:\programdata\ATI
2014-05-01 11:28 . 2014-05-01 11:28	--------	d-----w-	c:\program files (x86)\AMD AVT
2014-05-01 11:28 . 2014-05-01 11:28	--------	d-----w-	c:\program files (x86)\Common Files\ATI Technologies
2014-04-30 05:46 . 2014-05-16 05:46	--------	d-s---w-	c:\windows\system32\CompatTel
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-29 08:17 . 2014-01-08 20:31	214392	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2014-05-28 21:29 . 2014-01-08 20:31	214392	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2014-05-27 15:49 . 2014-01-13 20:00	290184	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2014-05-15 20:28 . 2014-01-08 16:55	93223848	----a-w-	c:\windows\system32\MRT.exe
2014-05-14 15:23 . 2014-01-08 20:27	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 15:23 . 2014-01-08 20:27	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-18 02:43 . 2014-04-18 02:43	127872	----a-w-	c:\windows\system32\amdhcp64.dll
2014-04-18 02:43 . 2014-04-18 02:43	78432	----a-w-	c:\windows\system32\atimpc64.dll
2014-04-18 02:43 . 2014-04-18 02:43	78432	----a-w-	c:\windows\system32\amdpcom64.dll
2014-04-18 02:43 . 2014-04-18 02:43	117560	----a-w-	c:\windows\SysWow64\amdhcp32.dll
2014-04-18 02:43 . 2014-04-18 02:43	71704	----a-w-	c:\windows\SysWow64\atimpc32.dll
2014-04-18 02:43 . 2014-04-18 02:43	71704	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2014-04-18 02:43 . 2014-01-31 21:07	143304	----a-w-	c:\windows\system32\atiuxp64.dll
2014-04-18 02:42 . 2014-04-18 02:42	117584	----a-w-	c:\windows\system32\atiu9p64.dll
2014-04-18 02:42 . 2013-12-06 22:03	126336	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2014-04-18 02:42 . 2014-04-18 02:42	99520	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2014-04-18 02:42 . 2014-01-31 21:07	1343272	----a-w-	c:\windows\system32\aticfx64.dll
2014-04-18 02:42 . 2014-01-31 21:07	1117184	----a-w-	c:\windows\SysWow64\aticfx32.dll
2014-04-18 02:42 . 2014-01-31 21:07	10335208	----a-w-	c:\windows\system32\atidxx64.dll
2014-04-18 02:42 . 2013-12-06 21:59	8866928	----a-w-	c:\windows\SysWow64\atidxx32.dll
2014-04-18 02:42 . 2014-04-18 02:42	6796592	----a-w-	c:\windows\SysWow64\atiumdva.dll
2014-04-18 02:42 . 2014-04-18 02:42	6799688	----a-w-	c:\windows\SysWow64\atiumdag.dll
2014-04-18 02:42 . 2014-04-18 02:42	7520200	----a-w-	c:\windows\system32\atiumd6a.dll
2014-04-18 02:42 . 2014-04-18 02:42	8010968	----a-w-	c:\windows\system32\atiumd64.dll
2014-04-18 02:39 . 2014-04-18 02:39	274656	----a-w-	c:\windows\system32\drivers\amdacpksd.sys
2014-04-18 02:36 . 2014-04-18 02:36	15376384	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2014-04-18 02:23 . 2014-04-18 02:23	231424	----a-w-	c:\windows\system32\clinfo.exe
2014-04-18 02:22 . 2014-04-18 02:22	98816	----a-w-	c:\windows\system32\OpenVideo64.dll
2014-04-18 02:22 . 2014-04-18 02:22	83456	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2014-04-18 02:22 . 2014-04-18 02:22	86528	----a-w-	c:\windows\system32\OVDecode64.dll
2014-04-18 02:22 . 2014-04-18 02:22	73216	----a-w-	c:\windows\SysWow64\OVDecode.dll
2014-04-18 02:22 . 2014-04-18 02:22	28685824	----a-w-	c:\windows\system32\amdocl64.dll
2014-04-18 02:19 . 2014-04-18 02:19	24107520	----a-w-	c:\windows\SysWow64\amdocl.dll
2014-04-18 02:17 . 2014-04-18 02:17	65024	----a-w-	c:\windows\system32\OpenCL.dll
2014-04-18 02:17 . 2014-04-18 02:17	58880	----a-w-	c:\windows\SysWow64\OpenCL.dll
2014-04-18 02:13 . 2014-04-18 02:13	127488	----a-w-	c:\windows\system32\mantle64.dll
2014-04-18 02:13 . 2014-04-18 02:13	113664	----a-w-	c:\windows\SysWow64\mantle32.dll
2014-04-18 02:12 . 2014-04-18 02:12	27907584	----a-w-	c:\windows\system32\atio6axx.dll
2014-04-18 02:12 . 2014-04-18 02:12	5442048	----a-w-	c:\windows\system32\amdmantle64.dll
2014-04-18 01:58 . 2014-04-18 01:58	4358656	----a-w-	c:\windows\SysWow64\amdmantle32.dll
2014-04-18 01:51 . 2014-04-18 01:51	23409152	----a-w-	c:\windows\SysWow64\atioglxx.dll
2014-04-18 01:46 . 2014-04-18 01:46	368128	----a-w-	c:\windows\system32\atiapfxx.exe
2014-04-18 01:46 . 2014-04-18 01:46	62464	----a-w-	c:\windows\system32\aticalrt64.dll
2014-04-18 01:46 . 2014-04-18 01:46	52224	----a-w-	c:\windows\SysWow64\aticalrt.dll
2014-04-18 01:46 . 2014-04-18 01:46	55808	----a-w-	c:\windows\system32\aticalcl64.dll
2014-04-18 01:46 . 2014-04-18 01:46	49152	----a-w-	c:\windows\SysWow64\aticalcl.dll
2014-04-18 01:46 . 2014-04-18 01:46	15716352	----a-w-	c:\windows\system32\aticaldd64.dll
2014-04-18 01:45 . 2014-04-18 01:45	91136	----a-w-	c:\windows\system32\mantleaxl64.dll
2014-04-18 01:45 . 2014-04-18 01:45	85504	----a-w-	c:\windows\SysWow64\mantleaxl32.dll
2014-04-18 01:42 . 2014-04-18 01:42	14302208	----a-w-	c:\windows\SysWow64\aticaldd.dll
2014-04-18 01:33 . 2014-04-18 01:33	48128	----a-w-	c:\windows\system32\amdmmcl6.dll
2014-04-18 01:33 . 2014-04-18 01:33	37888	----a-w-	c:\windows\SysWow64\amdmmcl.dll
2014-04-18 01:30 . 2014-04-18 01:30	442368	----a-w-	c:\windows\system32\atidemgy.dll
2014-04-18 01:30 . 2014-04-18 01:30	31232	----a-w-	c:\windows\system32\atimuixx.dll
2014-04-18 01:29 . 2014-04-18 01:29	586240	----a-w-	c:\windows\system32\atieclxx.exe
2014-04-18 01:29 . 2014-04-18 01:29	239616	----a-w-	c:\windows\system32\atiesrxx.exe
2014-04-18 01:28 . 2014-04-18 01:28	190976	----a-w-	c:\windows\system32\atitmm64.dll
2014-04-18 01:21 . 2014-04-18 01:21	806912	----a-w-	c:\windows\system32\coinst_14.100.dll
2014-04-18 01:09 . 2014-04-18 01:09	1177600	----a-w-	c:\windows\system32\atiadlxx.dll
2014-04-18 01:09 . 2014-04-18 01:09	848896	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2014-04-18 01:08 . 2014-04-18 01:08	95744	----a-w-	c:\windows\system32\amdave64.dll
2014-04-18 01:08 . 2014-04-18 01:08	90112	----a-w-	c:\windows\SysWow64\amdave32.dll
2014-04-18 01:08 . 2014-04-18 01:08	89088	----a-w-	c:\windows\system32\atisamu64.dll
2014-04-18 01:08 . 2014-04-18 01:08	80896	----a-w-	c:\windows\SysWow64\atisamu32.dll
2014-04-18 01:07 . 2014-04-18 01:07	75264	----a-w-	c:\windows\system32\atig6pxx.dll
2014-04-18 01:07 . 2014-04-18 01:07	69632	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07	69632	----a-w-	c:\windows\system32\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07	146944	----a-w-	c:\windows\system32\atig6txx.dll
2014-04-18 01:07 . 2014-04-18 01:07	133632	----a-w-	c:\windows\SysWow64\atigktxx.dll
2014-04-18 01:07 . 2014-04-18 01:07	638976	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2014-04-18 01:04 . 2014-04-18 01:04	43520	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2014-04-17 20:33 . 2014-04-17 20:33	51200	----a-w-	c:\windows\system32\kdbsdk64.dll
2014-04-17 20:28 . 2014-04-17 20:28	38912	----a-w-	c:\windows\SysWow64\kdbsdk32.dll
2014-03-31 19:34 . 2014-03-31 19:34	322248	----a-w-	c:\windows\WLXPGSS.SCR
2014-03-31 07:35 . 2014-01-08 16:35	270496	------w-	c:\windows\system32\MpSigStub.exe
2014-03-24 14:10 . 2014-01-16 19:04	625248	----a-w-	c:\windows\system32\drivers\klif.sys
2014-03-24 14:10 . 2014-01-16 19:04	115296	----a-w-	c:\windows\system32\drivers\klflt.sys
2014-03-17 07:23 . 2014-03-17 07:23	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-06 16:00 . 2014-03-06 16:00	1192545	----a-w-	c:\windows\unins000.exe
2014-03-06 09:31 . 2014-04-20 20:11	4096	----a-w-	c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-20 20:11	66048	----a-w-	c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-20 20:11	548352	----a-w-	c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-20 20:11	48640	----a-w-	c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-20 20:11	2767360	----a-w-	c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-20 20:11	51200	----a-w-	c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-20 20:11	33792	----a-w-	c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-20 20:11	574976	----a-w-	c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-20 20:11	139264	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-20 20:11	111616	----a-w-	c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-20 20:11	752640	----a-w-	c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-20 20:11	940032	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-20 20:11	5784064	----a-w-	c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-20 20:11	453120	----a-w-	c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-20 20:11	586240	----a-w-	c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-20 20:11	61952	----a-w-	c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-20 20:11	455168	----a-w-	c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-20 20:11	51200	----a-w-	c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-20 20:11	38400	----a-w-	c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-20 20:11	195584	----a-w-	c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-20 20:11	4254720	----a-w-	c:\windows\SysWow64\jscript9.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GamingMouse"="c:\program files (x86)\Drakonia Black\hid.exe" [2013-06-26 247296]
"StartCCC"="d:\p r o g r a m m e\ati\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 cpuz136;cpuz136;c:\users\CIIPRE~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\CIIPRE~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;d:\p r o g r a m m e\MSI Afterburner\RTCore64.sys;d:\p r o g r a m m e\MSI Afterburner\RTCore64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - CPUZ137
*Deregistered* - cpuz137
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-08 15:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/?gfe_rd=ctrl&ei=me0SU57UHMGK8QfmgoD4Dw&gws_rd=cr
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1425884379-3831331695-1035041748-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1425884379-3831331695-1035041748-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123topsearch.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.co.uk]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12w.net]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\132.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337-crew.to]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337crew.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\136136.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\150freesms.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\163ns.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17-plus.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\171203.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17concepts.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1800searchonline.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180searchassistant.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1gb.ru]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1ghporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1importantiamreal.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1mybigdreamnowreal.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1sexparty.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1sms.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1spybot.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stantivirus.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stpagehere.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stsearchportal.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2-2005-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2006ooo.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2007-download.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2008-search-destroy.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2008-viewer.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2008firefox.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2008search-destroy.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009--access.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009-box.com]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009-edition.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009-phone.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009-version.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009antivirpro.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009fr.com]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009search-destroy.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2011-kilos-verlieren.eu]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2020search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\20x2p.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\21dice.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2211.net]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\24-7pharmacy.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\24-7searching-and-more.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\247fxxx.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\24teen.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\25u.com]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2ndpower.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2rfsex.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2search.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2squared.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2vgporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3-2005-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\30horasdesexoonline.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\31columns.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\321-gratis-sms.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3322.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\365fporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\365sites.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\365soft.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\36site.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3721.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\39-93.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3bay.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3dgsex.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3mates.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3wgporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3x-festival.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3x-galls.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3xclipsonline.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3xcurves.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3xfestival.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3xmiracle.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3xmoviesblog.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4-2005-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4-open-davinci.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\404dns.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4199.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4corn.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4ebay.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4klm.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4mpg.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4thsex.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\5-2005-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\500sex.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\555royalclub.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\59cn.cn]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\5okporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\5starsblog.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\5zgmu7o20kt5d8yq.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\6000vornamen.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\6700.cn]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\680180.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\69loadz.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\6hporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\6plosex.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\6sek.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\70-music.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\7322.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\745970.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\75tz.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777bestcasino7.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777casinoroyal.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777casinozbest.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777gamecard.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777jackpotgame.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777luxcasino.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777playeuro.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777starsgame.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777top.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777web-casinoz.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777webgamez.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\77zip.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\7939.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\7dailynews.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\7jksex.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\8-download.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\80-music.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\82211.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\8866.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\888-lucky.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\888best-games.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\888gamegold.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\888gamevip.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\888globalplay.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\88sms.ch]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\88vcd.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\8ad.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\90-music.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\9505.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\971searchbox.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\99downloads.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\9mmporn.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\a-d-w-a-r-e.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaabesthomepage.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaasexypics.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaawebfinder.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aantivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaqada-rsztriv.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaqada-ueorn.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaqada-ygco.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaqada-ymct.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaqadarsztriv.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaqadaueorn.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aartemis.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaszxy.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aav2008.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavc.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abc-find.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abccodec.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abcdperformance.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abcload.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abcsearch.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abcways.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abetterinternet.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abiword-download.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abnetsoft.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abntivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\about-adult.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aboutclicker.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aboutkimpossible.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aboveredirect.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abrp.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\absolutee.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abvira.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ac66.cn]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acaiporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\access-dvd.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\accessactivexvideo.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\accessclips.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\accesskeygenerator.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\accessthefuture.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\accessvid.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ace-webmaster.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acemedic.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\achatappartement.ch]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acjp.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acne-stop.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acrobat-2007.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acrobat-8.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acrobat-center.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acrobat-hq.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acrobat-reader-8.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acrobat-stop.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acrobatreader-8.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\actionbreastcancer.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activesearcher.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activesecurityscaner.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexaccessobject.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexaccessvideo.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexemedia.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexmediaobject.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexmediapro.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexmediasite.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexmediasoftware.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexmediasource.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexmediatool.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexmediatour.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexsoftwares.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexsource.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexupdate.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexvideo.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexvideotool.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acvira.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ad-w-a-r-e.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ad-ware.cc]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ad-warealert.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ad25.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ad45.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ad77.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ad86.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adamsupportgroup.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adarmor.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adasearch.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adatoms.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\add-hhh.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\add-manager.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addetect.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addioerrori.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addresswebsearch.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addstand.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adgate.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adintelligence.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adioserrores.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adipics.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adlogix.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\admin2cash.biz]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adnet-plus.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adnetserver.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe-9.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe-download-now.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe-downloads.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe-reader-8.fr]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adprotect.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ads183.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adscontex.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adservs.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adsextend.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adshttp.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adsniffer.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adsonwww.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adspics.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adsrevenue.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adtrak.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adtrgt.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult-engine-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult-erotic-guide.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult-friends-finder.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult-host.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult-mpg.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult-personal.us]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult18codec.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult777search.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultan.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultcodec-2008.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultcodecstars.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultfilmsite.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultgambling.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthyperlinks.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultmovieplus.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultsgames.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultsonlyvids.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultsper.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulttds.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultzoneworld.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advancedcleaner.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advancedetective.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advancedpccleaner.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advancedxpfixer.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advancesoftpc.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advcash.biz]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advert-network.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advertisemoney.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advertising-money.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adware-download.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adware.pro]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarealert.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarearrest.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarebazooka.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarebot.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarecommander.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwaredeluxe.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarefinder.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwaregold.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwareplatinum.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepro.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwareprofessional.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwareprotectionsite.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepunisher.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwareremover.ws]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwaresafety.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarexp.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwareye.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aflgate.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\afporn7.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\africaspromise.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agadoo.biz]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\againstate.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agejoyful.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agentstudio.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ageofconans.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agiloo.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aginegialle.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aglowcopy.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agmoky.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ahnenforschung.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ahtivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aifind.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aircolumn.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\airjordans.cc]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\airtleworld.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aitalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aivira.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\akibamaniacs.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aklitalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\akril.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alawwal.ae]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alblogspot.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alcatel.ws]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alertspy.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alfa-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alfacleaner.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alialia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alimentiveness.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aliotalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alirtalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaklia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitala.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitali.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaliaq.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitalias.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaliaz.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitalioa.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitalisa.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaliua.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitalkia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaloia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaluia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaslia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitlia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitralia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitsalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aliutalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-downloads-now.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-edonkey.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-inet.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-limewire.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all1count.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all4internet.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allabtcars.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allabtjeeps.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alladwareremover.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allavers.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allcollisions.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allcybersearch.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alldiskscheck300.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alldnserrors.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allertaminacce.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allew.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allforadult.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allhyperlinks.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alliesecurity.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allinternetbusiness.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allmegabucks.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allprotections.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allresultz.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allrssfeeds.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allsearch.us]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allsecuritynotes.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allsecuritysite.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allstarsvideos.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allthingsshining.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alltiettantivirus.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alltruesoftware.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allvideoactivex.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\almanah.biz]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\almarvideos.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aloitalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alphawipe.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alr3ady.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\altuporns.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aluitalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alwayslive.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alwayswonder.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amandamountains.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amateurliveshow.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazingglorious.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazinghilarious.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazingmedicalspot.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazingpuzzled.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amediasoftware.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amediasource.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\americamp3network.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\american-teens.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\americanautobargains.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\americancarbargains.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\americanprepperspatriot.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amigeek.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amigobore.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amisbusiness.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ammersmicht.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amntivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amoninst.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amonitiser.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ampmsearch.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amydphoto.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\analcord.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\analmovi.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anarchylolita.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anarchyporn.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anatociskm.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anbtivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andlucid.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andseeker.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anfivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\angelfire.com]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\animadverter.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\animepornmag.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anin.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anjpn-avxiz.biz]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anjpn-zqav.biz]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anjpnzqav.biz]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anmtivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\annaromeo.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anntivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anomalistical.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anrtivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antevir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anti-vermins.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anti-virus-pro.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anti-virus-solution.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anti-virus.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiaid.com]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antibvir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anticir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anticvir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiddos.us]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiespiadorado.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiespionspack.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antigusanos2008.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antimalwareguard.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiovir.de]
@DACL=(02 0000)
"*"=dword:00000004
         

Geändert von cobolo (29.05.2014 um 17:23 Uhr) Grund: Nachtrag

Alt 30.05.2014, 15:45   #7
schrauber
/// the machine
/// TB-Ausbilder
 

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt - Standard

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.05.2014, 16:52   #8
cobolo
 
PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt - Standard

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt



ADW

Code:
ATTFilter
# AdwCleaner v3.211 - Bericht erstellt am 30/05/2014 um 17:07:45
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ciipresshilll - R280
# Gestartet von : C:\Users\ciipresshilll\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1163 octets] - [30/05/2014 17:04:09]
AdwCleaner[R1].txt - [951 octets] - [30/05/2014 17:07:16]
AdwCleaner[S0].txt - [1178 octets] - [30/05/2014 17:06:11]
AdwCleaner[S1].txt - [873 octets] - [30/05/2014 17:07:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [932 octets] ##########
         
JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by ciipresshilll on 30.05.2014 at 17:12:42,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\ciipresshilll\AppData\Roaming\mozilla\firefox\profiles\uy01leyb.default\minidumps [30 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.05.2014 at 17:19:10,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
frst


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by ciipresshilll (administrator) on R280 on 30-05-2014 17:31:26
Running from C:\Users\ciipresshilll\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Drakonia Black\hid.exe
() C:\Program Files (x86)\Drakonia Black\trayicon.exe
(Advanced Micro Devices Inc.) D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\MOM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(ATI Technologies Inc.) D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Black\hid.exe [247296 2013-06-26] ()
HKLM-x32\...\Run: [StartCCC] => D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x28AFC960B10CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default
FF Homepage: https://www.google.de/?gfe_rd=ctrl&ei=me0SU57UHMGK8QfmgoD4Dw&gws_rd=cr
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 - D:\P R O G R A M M E\vlc\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-04-03]
FF Extension: Adblock Plus - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-02]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-16]

==================== Services (Whitelisted) =================

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-01-11] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-07] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-16] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-16] (Kaspersky Lab ZAO)
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 cpuz136; \??\C:\Users\CIIPRE~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 342156AF1FED5ED3A5D3FBB3D87F48E8
C:\Windows\System32\DRIVERS\atikmpag.sys 9DCA2AFEABF1D109FB2C229491C9F293
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys C22D4905DDDF73EB0349D3B0604234A2
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\EtronHub3.sys DF2F6C1E55F6E81CFC7F688380D85816
C:\Windows\System32\Drivers\EtronXHCI.sys E093ABFB67A4B9D94F80611A7D0A8BB9
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 8C44E6B688790E2AD3846C97661C54F1
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys A0C2C3D4C03C4FB896CFC53873784178
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys 795EC29BA21F1D948FD6FD740C00B599
C:\Windows\System32\DRIVERS\klflt.sys D0C3AEF67932D2A80736FBCB956C017D
C:\Windows\System32\DRIVERS\klif.sys 41DF293A7F0418F5DDED9F0297DC68F3
C:\Windows\System32\DRIVERS\klim6.sys 31B69BFF28348503E4BD10C2A4F66D05
C:\Windows\System32\DRIVERS\klkbdflt.sys 8DA5BC75C3E8A995335642F26CAEA54B
C:\Windows\System32\DRIVERS\klmouflt.sys 72CF64FBF38CD681FA7F37176047E967
C:\Windows\System32\DRIVERS\klpd.sys 8C0EC95AD65A0DE3D6C040591D02BF02
C:\Windows\System32\DRIVERS\kltdi.sys 4828B3D2BC89B05E07101C6E60CE0A6A
C:\Windows\System32\DRIVERS\kneps.sys 91BC1C5B00275A4D7FD669EFF0DDEB2A
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys F4C374B1C46DE294B573BB43723AC3F6
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-30 17:30 - 2014-05-30 17:30 - 00001054 _____ () C:\Users\ciipresshilll\Desktop\mwb.txt
2014-05-30 17:19 - 2014-05-30 17:19 - 00000773 _____ () C:\Users\ciipresshilll\Desktop\JRT.txt
2014-05-30 17:09 - 2014-05-30 17:09 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 17:04 - 2014-05-30 17:07 - 00000000 ____D () C:\AdwCleaner
2014-05-30 17:02 - 2014-05-30 17:02 - 01327971 _____ () C:\Users\ciipresshilll\Desktop\adwcleaner_3.211.exe
2014-05-30 17:01 - 2014-05-30 17:01 - 01016261 _____ (Thisisu) C:\Users\ciipresshilll\Desktop\JRT.exe
2014-05-30 01:56 - 2014-05-30 01:56 - 00001958 _____ () C:\Users\ciipresshilll\Documents\55.aup
2014-05-30 01:56 - 2014-05-30 01:56 - 00000000 ____D () C:\Users\ciipresshilll\Documents\55_data
2014-05-30 01:33 - 2014-05-30 01:33 - 00000221 _____ () C:\Users\ciipresshilll\Desktop\Watch_Dogs.url
2014-05-29 17:57 - 2014-05-29 17:57 - 01324841 _____ () C:\ComboFix.txt
2014-05-29 17:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-29 17:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-29 17:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-29 17:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-29 17:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-29 17:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-29 17:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-29 17:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-29 17:52 - 2014-05-29 17:57 - 00000000 ____D () C:\Qoobox
2014-05-29 17:52 - 2014-05-29 17:56 - 00000000 ____D () C:\Windows\erdnt
2014-05-29 17:51 - 2014-05-29 17:52 - 05203398 ____R (Swearware) C:\Users\ciipresshilll\Desktop\ComboFix.exe
2014-05-29 12:38 - 2014-05-30 17:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 12:38 - 2014-05-29 12:38 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-29 12:38 - 2014-05-29 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-29 12:38 - 2014-05-29 12:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 12:38 - 2014-05-29 12:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-29 12:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-29 12:38 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-29 12:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-29 12:37 - 2014-05-29 12:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ciipresshilll\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-28 23:05 - 2014-05-30 07:40 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\Ubisoft Game Launcher
2014-05-28 23:05 - 2014-05-28 23:05 - 00000828 _____ () C:\Users\ciipresshilll\Desktop\Uplay.lnk
2014-05-28 23:05 - 2014-05-28 23:05 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-05-28 22:02 - 2014-05-28 22:02 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\Tor Browser
2014-05-28 19:44 - 2014-05-28 19:44 - 00022159 _____ () C:\Users\ciipresshilll\Desktop\trojaner Board logs.zip
2014-05-28 19:18 - 2014-05-28 19:18 - 00085873 _____ () C:\Users\ciipresshilll\Desktop\quikscan gmer.txt
2014-05-28 18:59 - 2014-05-28 18:59 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\avz4
2014-05-28 18:52 - 2014-05-28 18:52 - 00049491 _____ () C:\Users\ciipresshilll\Documents\gmerbericht.txt
2014-05-28 18:51 - 2014-05-28 18:51 - 00000000 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.bat
2014-05-28 16:35 - 2014-05-28 16:36 - 00033523 _____ () C:\Users\ciipresshilll\Desktop\Addition.txt
2014-05-28 16:34 - 2014-05-30 17:31 - 00027383 _____ () C:\Users\ciipresshilll\Desktop\FRST.txt
2014-05-28 16:23 - 2014-05-30 17:31 - 00000000 ____D () C:\FRST
2014-05-28 16:20 - 2014-05-28 16:20 - 00000488 _____ () C:\Users\ciipresshilll\Desktop\defogger_disable.log
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 _____ () C:\Users\ciipresshilll\defogger_reenable
2014-05-28 16:19 - 2014-05-28 16:19 - 02066944 _____ (Farbar) C:\Users\ciipresshilll\Desktop\FRST64.exe
2014-05-28 16:19 - 2014-05-28 16:19 - 00380416 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.exe
2014-05-28 16:18 - 2014-05-28 16:19 - 00050477 _____ () C:\Users\ciipresshilll\Desktop\Defogger.exe
2014-05-27 21:11 - 2014-05-27 21:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-27 17:32 - 2014-05-30 07:28 - 00037174 _____ () C:\Windows\DirectX.log
2014-05-27 17:32 - 2014-05-27 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-27 17:15 - 2014-05-27 17:15 - 00018284 _____ () C:\Users\ciipresshilll\Documents\cc_20140527_171556.reg
2014-05-27 17:11 - 2014-05-27 17:11 - 00003180 _____ () C:\Windows\System32\Tasks\{1E84FC35-EA3D-4E38-A62A-EE1D78C3AF59}
2014-05-27 17:11 - 2014-05-27 17:11 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieUserList
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieSiteList
2014-05-26 08:32 - 2014-05-26 08:32 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Nero
2014-05-26 08:31 - 2014-05-26 18:04 - 00000000 ____D () C:\ProgramData\Nero
2014-05-26 07:43 - 2014-05-26 07:43 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\TEST
2014-05-26 07:36 - 2014-05-26 07:36 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\GermaniXSoft
2014-05-25 18:50 - 2014-05-25 18:50 - 00000087 _____ () C:\Users\ciipresshilll\Documents\xbox zugang.txt
2014-05-24 21:20 - 2014-05-30 17:08 - 00005122 _____ () C:\Windows\PFRO.log
2014-05-24 09:44 - 2014-05-24 09:44 - 00051062 _____ () C:\Users\ciipresshilll\Documents\cc_20140524_094401.reg
2014-05-24 08:59 - 2014-05-24 08:59 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-05-19 19:08 - 2014-05-30 17:08 - 00002399 _____ () C:\Windows\setupact.log
2014-05-19 19:08 - 2014-05-19 19:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-15 22:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 22:28 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 22:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 22:28 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 22:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 22:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 09:51 - 2014-05-15 09:51 - 00020010 _____ () C:\Users\ciipresshilll\Documents\Leserbrief Vegesack.odt
2014-05-15 08:53 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 08:53 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 08:53 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 08:53 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 08:53 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 08:53 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 08:53 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 08:53 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 08:53 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 08:53 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 08:53 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 08:53 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 08:53 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 08:53 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 08:53 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 08:53 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 08:53 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 23:15 - 2014-05-14 23:15 - 00002980 _____ () C:\Windows\System32\Tasks\{769110BA-A2BF-410E-BDA0-416551886AF4}
2014-05-10 10:39 - 2014-05-10 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 22:34 - 2014-05-25 14:10 - 00527700 _____ () C:\Users\ciipresshilll\Documents\report.txt
2014-05-07 11:17 - 2014-05-07 11:17 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-04 21:07 - 2014-05-04 21:07 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\HandBrake
2014-05-04 21:00 - 2014-05-04 21:00 - 00001312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Windows\de
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-01 13:28 - 2014-05-01 13:28 - 00058129 _____ () C:\Windows\SysWOW64\CCCInstall_201405011328019478.log
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\ProgramData\ATI
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-01 13:27 - 2014-05-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-01 13:25 - 2014-05-01 13:25 - 00060544 _____ () C:\Windows\SysWOW64\CCCInstall_201405011325001151.log
2014-04-30 07:46 - 2014-05-16 07:46 - 00000000 ___SD () C:\Windows\system32\CompatTel

==================== One Month Modified Files and Folders =======

2014-05-30 17:31 - 2014-05-28 16:34 - 00027383 _____ () C:\Users\ciipresshilll\Desktop\FRST.txt
2014-05-30 17:31 - 2014-05-28 16:23 - 00000000 ____D () C:\FRST
2014-05-30 17:31 - 2014-01-08 20:30 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\NetSpeedMonitor
2014-05-30 17:30 - 2014-05-30 17:30 - 00001054 _____ () C:\Users\ciipresshilll\Desktop\mwb.txt
2014-05-30 17:26 - 2014-01-16 21:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-30 17:24 - 2014-05-29 12:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 17:24 - 2014-02-15 16:55 - 01786675 _____ () C:\Windows\WindowsUpdate.log
2014-05-30 17:19 - 2014-05-30 17:19 - 00000773 _____ () C:\Users\ciipresshilll\Desktop\JRT.txt
2014-05-30 17:15 - 2014-01-09 03:02 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 17:15 - 2014-01-09 03:02 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 17:15 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 17:15 - 2009-07-14 06:45 - 00018592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 17:15 - 2009-07-14 06:45 - 00018592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 17:09 - 2014-05-30 17:09 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 17:08 - 2014-05-24 21:20 - 00005122 _____ () C:\Windows\PFRO.log
2014-05-30 17:08 - 2014-05-19 19:08 - 00002399 _____ () C:\Windows\setupact.log
2014-05-30 17:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 17:07 - 2014-05-30 17:04 - 00000000 ____D () C:\AdwCleaner
2014-05-30 17:04 - 2014-03-17 08:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 17:02 - 2014-05-30 17:02 - 01327971 _____ () C:\Users\ciipresshilll\Desktop\adwcleaner_3.211.exe
2014-05-30 17:01 - 2014-05-30 17:01 - 01016261 _____ (Thisisu) C:\Users\ciipresshilll\Desktop\JRT.exe
2014-05-30 11:27 - 2014-01-10 17:49 - 00007607 _____ () C:\Users\ciipresshilll\AppData\Local\Resmon.ResmonCfg
2014-05-30 07:40 - 2014-05-28 23:05 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\Ubisoft Game Launcher
2014-05-30 07:29 - 2014-03-22 23:46 - 00000000 ____D () C:\Users\ciipresshilll\Documents\My Games
2014-05-30 07:28 - 2014-05-27 17:32 - 00037174 _____ () C:\Windows\DirectX.log
2014-05-30 07:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-30 02:42 - 2014-02-02 23:10 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-30 01:56 - 2014-05-30 01:56 - 00001958 _____ () C:\Users\ciipresshilll\Documents\55.aup
2014-05-30 01:56 - 2014-05-30 01:56 - 00000000 ____D () C:\Users\ciipresshilll\Documents\55_data
2014-05-30 01:56 - 2014-03-29 22:40 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Audacity
2014-05-30 01:33 - 2014-05-30 01:33 - 00000221 _____ () C:\Users\ciipresshilll\Desktop\Watch_Dogs.url
2014-05-29 17:57 - 2014-05-29 17:57 - 01324841 _____ () C:\ComboFix.txt
2014-05-29 17:57 - 2014-05-29 17:52 - 00000000 ____D () C:\Qoobox
2014-05-29 17:57 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-29 17:56 - 2014-05-29 17:52 - 00000000 ____D () C:\Windows\erdnt
2014-05-29 17:56 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-29 17:52 - 2014-05-29 17:51 - 05203398 ____R (Swearware) C:\Users\ciipresshilll\Desktop\ComboFix.exe
2014-05-29 17:52 - 2014-01-08 18:34 - 00000000 ____D () C:\ProgramData\Origin
2014-05-29 12:38 - 2014-05-29 12:38 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-29 12:38 - 2014-05-29 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-29 12:38 - 2014-05-29 12:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 12:38 - 2014-05-29 12:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-29 12:37 - 2014-05-29 12:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ciipresshilll\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-29 10:17 - 2014-01-08 22:31 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-29 10:14 - 2014-01-08 18:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-28 23:29 - 2014-01-08 22:31 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-28 23:05 - 2014-05-28 23:05 - 00000828 _____ () C:\Users\ciipresshilll\Desktop\Uplay.lnk
2014-05-28 23:05 - 2014-05-28 23:05 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-05-28 22:02 - 2014-05-28 22:02 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\Tor Browser
2014-05-28 19:53 - 2014-04-22 00:42 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Awesomium
2014-05-28 19:44 - 2014-05-28 19:44 - 00022159 _____ () C:\Users\ciipresshilll\Desktop\trojaner Board logs.zip
2014-05-28 19:18 - 2014-05-28 19:18 - 00085873 _____ () C:\Users\ciipresshilll\Desktop\quikscan gmer.txt
2014-05-28 18:59 - 2014-05-28 18:59 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\avz4
2014-05-28 18:58 - 2009-07-14 07:08 - 00001386 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 18:52 - 2014-05-28 18:52 - 00049491 _____ () C:\Users\ciipresshilll\Documents\gmerbericht.txt
2014-05-28 18:51 - 2014-05-28 18:51 - 00000000 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.bat
2014-05-28 18:50 - 2014-01-09 21:35 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 16:36 - 2014-05-28 16:35 - 00033523 _____ () C:\Users\ciipresshilll\Desktop\Addition.txt
2014-05-28 16:20 - 2014-05-28 16:20 - 00000488 _____ () C:\Users\ciipresshilll\Desktop\defogger_disable.log
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 _____ () C:\Users\ciipresshilll\defogger_reenable
2014-05-28 16:20 - 2014-01-08 18:06 - 00000000 ____D () C:\Users\ciipresshilll
2014-05-28 16:19 - 2014-05-28 16:19 - 02066944 _____ (Farbar) C:\Users\ciipresshilll\Desktop\FRST64.exe
2014-05-28 16:19 - 2014-05-28 16:19 - 00380416 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.exe
2014-05-28 16:19 - 2014-05-28 16:18 - 00050477 _____ () C:\Users\ciipresshilll\Desktop\Defogger.exe
2014-05-28 08:26 - 2014-01-08 22:32 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-05-27 21:42 - 2014-01-10 17:53 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\Edelarsch
2014-05-27 21:11 - 2014-05-27 21:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-27 17:49 - 2014-01-13 22:00 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-27 17:32 - 2014-05-27 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-27 17:15 - 2014-05-27 17:15 - 00018284 _____ () C:\Users\ciipresshilll\Documents\cc_20140527_171556.reg
2014-05-27 17:11 - 2014-05-27 17:11 - 00003180 _____ () C:\Windows\System32\Tasks\{1E84FC35-EA3D-4E38-A62A-EE1D78C3AF59}
2014-05-27 17:11 - 2014-05-27 17:11 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-27 17:10 - 2014-01-08 18:06 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\VirtualStore
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieUserList
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieSiteList
2014-05-26 18:04 - 2014-05-26 08:31 - 00000000 ____D () C:\ProgramData\Nero
2014-05-26 08:32 - 2014-05-26 08:32 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Nero
2014-05-26 07:43 - 2014-05-26 07:43 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\TEST
2014-05-26 07:36 - 2014-05-26 07:36 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\GermaniXSoft
2014-05-25 18:50 - 2014-05-25 18:50 - 00000087 _____ () C:\Users\ciipresshilll\Documents\xbox zugang.txt
2014-05-25 14:10 - 2014-05-08 22:34 - 00527700 _____ () C:\Users\ciipresshilll\Documents\report.txt
2014-05-24 09:44 - 2014-05-24 09:44 - 00051062 _____ () C:\Users\ciipresshilll\Documents\cc_20140524_094401.reg
2014-05-24 08:59 - 2014-05-24 08:59 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-05-19 19:08 - 2014-05-19 19:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 08:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 07:46 - 2014-04-30 07:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 07:46 - 2014-01-08 18:06 - 00000000 ___RD () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 07:46 - 2014-01-08 18:06 - 00000000 ___RD () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 22:28 - 2014-01-08 18:55 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 22:28 - 2014-01-08 18:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 09:51 - 2014-05-15 09:51 - 00020010 _____ () C:\Users\ciipresshilll\Documents\Leserbrief Vegesack.odt
2014-05-14 23:15 - 2014-05-14 23:15 - 00002980 _____ () C:\Windows\System32\Tasks\{769110BA-A2BF-410E-BDA0-416551886AF4}
2014-05-14 17:23 - 2014-03-17 08:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 17:23 - 2014-01-08 22:27 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 17:23 - 2014-01-08 22:27 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 08:34 - 2014-04-22 00:19 - 00000000 ____D () C:\Users\ciipresshilll\Documents\Elder Scrolls Online
2014-05-13 08:34 - 2014-04-22 00:19 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-05-13 08:33 - 2014-02-02 23:10 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-12 07:26 - 2014-05-29 12:38 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-29 12:38 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-29 12:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 19:07 - 2014-03-02 10:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 10:39 - 2014-05-10 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-15 08:53 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 08:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 11:17 - 2014-05-07 11:17 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-06 06:40 - 2014-05-15 22:28 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 22:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 22:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 22:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 21:07 - 2014-05-04 21:07 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\HandBrake
2014-05-04 21:00 - 2014-05-04 21:00 - 00001312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Windows\de
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-04 21:00 - 2014-03-24 15:56 - 00001381 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-04 21:00 - 2014-01-08 23:09 - 00001497 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-04 21:00 - 2014-01-08 23:09 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-01 13:28 - 2014-05-01 13:28 - 00058129 _____ () C:\Windows\SysWOW64\CCCInstall_201405011328019478.log
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\ProgramData\ATI
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-01 13:28 - 2014-01-08 18:39 - 00000000 ____D () C:\ProgramData\AMD
2014-05-01 13:27 - 2014-05-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-01 13:27 - 2014-02-07 08:49 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-05-01 13:25 - 2014-05-01 13:25 - 00060544 _____ () C:\Windows\SysWOW64\CCCInstall_201405011325001151.log

Some content of TEMP:
====================
C:\Users\ciipresshilll\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 13:02

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

mwb
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 30.05.2014
Scan Time: 17:26:36
Logfile: 
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.30.07
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ciipresshilll

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 279216
Time Elapsed: 3 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         
Kann der Profi schon etwas erkennen ? Danke

Geändert von cobolo (30.05.2014 um 16:54 Uhr) Grund: Nachtrag

Alt 31.05.2014, 15:15   #9
schrauber
/// the machine
/// TB-Ausbilder
 

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt - Standard

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt



sollten gleich durch sein


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 01.06.2014, 17:39   #10
cobolo
 
PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt - Standard

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt



Hallo,

es wurde nichts auffälliges gefunden, sie haben mir sehr geholfen, dake. thema kann geschlossen werden.

Alt 02.06.2014, 12:30   #11
schrauber
/// the machine
/// TB-Ausbilder
 

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt - Standard

PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt



wenn du meinst

Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt
administrator, browser, ebanking, explorer, firefox, flash player, helper, home, homepage, internet, kaspersky, langsam, launch, log, mozilla, programme, realtek, registry, scan, security, services.exe, sicherheit, software, svchost.exe, system, temp, windows



Ähnliche Themen: PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt


  1. Komme nicht mehr ins Internet, Google Chrome wird nicht mehr geöffnet
    Plagegeister aller Art und deren Bekämpfung - 31.10.2015 (3)
  2. Windows Vista: Seiten laden nicht richtig, Leistung stark vermindert, System sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 26.04.2015 (5)
  3. An meiner Googlesuche wird immer ?trackid=sp-006 angehängt.
    Log-Analyse und Auswertung - 19.03.2015 (22)
  4. System wird langsam, Programme starten nicht mehr, AMD:CCC Capturing Windows
    Log-Analyse und Auswertung - 26.09.2014 (13)
  5. PC mit Win 7 64 bit wird langsam, Mehrere Internet Explorer Prozesse machen sich auf, Antivir wird geblockt, lässt sich nicht mehr starten
    Plagegeister aller Art und deren Bekämpfung - 23.08.2014 (7)
  6. Win7: Einige wenige Programme funktionieren nicht mehr und Laptop wird langsam.
    Log-Analyse und Auswertung - 25.05.2014 (20)
  7. Rechner wird unendlich langsam, Kaspersky meldet Trojaner, Fierfox Startseite lässt nich nicht mehr ändern.
    Plagegeister aller Art und deren Bekämpfung - 23.10.2013 (15)
  8. PC hat nicht mehr die ursprüngliche Leistung beim Betrieb Flugsimulator FSX
    Plagegeister aller Art und deren Bekämpfung - 16.09.2013 (10)
  9. PC hat nach Bluescreen nicht mehr die ursprüngliche Leistung
    Plagegeister aller Art und deren Bekämpfung - 09.07.2013 (44)
  10. GVU-Trojaner 2.07 / Logs angehängt / System sauber?
    Log-Analyse und Auswertung - 05.10.2012 (8)
  11. Bundespolizei-Trojaner, OTL-Logs angehängt
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (5)
  12. weißer Bildschirm, Verbindung wird hergestellt, OTLPE gebrannt und gestartet, OTL.txt angehängt
    Log-Analyse und Auswertung - 05.06.2012 (1)
  13. Langsames Internet (war früher nicht so), einfach mal gucken was mim pc los ist.
    Log-Analyse und Auswertung - 05.04.2012 (1)
  14. Werbung im Hintergrund, evtl. KaZy.Mekml1., halb entfernt OTL-Logs angehängt
    Plagegeister aller Art und deren Bekämpfung - 27.04.2011 (6)
  15. Falsche Google Verlinkungen bei IE / keine Verli. bei Opera - Avira Findet nichts - Logs Angehängt
    Log-Analyse und Auswertung - 23.12.2010 (6)
  16. Internet Zu langsam geworden und cpu leistung beim zoggn deutlich mehr ausgelastet
    Log-Analyse und Auswertung - 08.04.2008 (8)
  17. Computer wird langsam | Logs checken bitte
    Log-Analyse und Auswertung - 02.09.2007 (5)

Zum Thema PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt - Hallo Zusammen, ich habe das Gefühl, dass mein PC momentan sehr langsam läuft. Programme öffnen sich langsamer, der PC freezt bei Spielen häufiger. Ich nutze Kaspersky Internet Security 2014. Zur - PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt...
Archiv
Du betrachtest: PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.