Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Coin Miner,msdcsc entfernen (https://www.trojaner-board.de/136221-coin-miner-msdcsc-entfernen.html)

theNeises 08.06.2013 19:50
Coin Miner,msdcsc entfernen
 
Hallo
habe schon ein passendes Thema gefunden allerdings wurde es nicht beendet bzw keine Lösung gefunden. Mein Problem ist das auf meinem Pc Coin Miner und msdcsc.exe sind.
Habe schon MBAM scanen gelassen und OTL hat auch schon gescannt hier die Auswertung von OTL.txt :
Code:
OTL logfile created on: 08.06.2013 20:18:27 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Fabian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,21 Gb Available Physical Memory | 65,78% Memory free
15,83 Gb Paging File | 12,99 Gb Available in Paging File | 82,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 108,95 Gb Free Space | 23,40% Space Free | Partition Type: NTFS
 
Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Fabian\AppData\Roaming\Acrobat\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Users\Fabian\AppData\Local\Temp\82267msdcsc.exe ()
PRC - C:\Users\Fabian\AppData\Local\Temp\32992msdcsc.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe (Blabbers Communications Ltd)
PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Users\Fabian\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
PRC - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Fabian\AppData\Local\Temp\82267msdcsc.exe ()
MOD - C:\Users\Fabian\AppData\Local\Temp\32992msdcsc.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Users\Fabian\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (BsUpdate) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (RzOvlMon) -- C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe (Razer)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Web Assistant) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe ()
SRV - (BsFire) -- c:\Programme\BullGuard Ltd\BullGuard\BsFire.dll (BullGuard Ltd.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (BsMain) -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)
SRV - (BsScanner) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
SRV - (BsBhvScan) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe (BullGuard Ltd.)
SRV - (BsFileScan) -- c:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll (BullGuard Ltd.)
SRV - (BsMailProxy) -- c:\Programme\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll (BullGuard Ltd.)
SRV - (BsBackup) -- C:\Programme\BullGuard Ltd\BullGuard\BsBackup.dll (BullGuard Ltd.)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (OfficeSvc) -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (cFosSpeedS) -- C:\Programme\ASRock\XFast LAN\spd.exe (cFos Software GmbH)
SRV - (nlsvc) -- C:\Programme\NetLimiter 3\nlsvc.exe (Locktime Software)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer Inc)
DRV:64bit: - (rzendpt) -- C:\Windows\SysNative\drivers\rzendpt.sys (Razer Inc)
DRV:64bit: - (RzDxgk) -- C:\Windows\SysNative\drivers\RzDxgk.sys (Razer USA Ltd)
DRV:64bit: - (RzFilter) -- C:\Windows\SysNative\drivers\RzFilter.sys (Razer USA Ltd)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (AFW) -- C:\Windows\SysNative\drivers\afw.sys (Agnitum Ltd.)
DRV:64bit: - (afwcore) -- C:\Windows\SysNative\drivers\afwcore.sys (Agnitum Ltd.)
DRV:64bit: - (BdNet) -- C:\Windows\SysNative\drivers\BdNet.sys (BullGuard Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (BdSpy) -- C:\Windows\SysNative\drivers\BdSpy.sys (BullGuard Ltd.)
DRV:64bit: - (Trufos) -- C:\Windows\SysNative\drivers\Trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (NovaShieldFilterDriver) -- C:\Windows\SysNative\drivers\NSKernel.sys (NovaShield, Inc.)
DRV:64bit: - (NovaShieldTDIDriver) -- C:\Windows\SysNative\drivers\NSNetmon.sys (NovaShield, Inc.)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (VirtuWDDM) -- C:\Windows\SysNative\drivers\VirtuWDDM.sys (Lucidlogix Inc.)
DRV:64bit: - (cFosSpeed) -- C:\Windows\SysNative\drivers\cfosspeed6.sys (cFos Software GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (NLNdisPT) -- C:\Windows\SysNative\drivers\nlndis.sys (Locktime Software)
DRV:64bit: - (NLNdisMP) -- C:\Windows\SysNative\drivers\nlndis.sys (Locktime Software)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (Arctosa) -- C:\Windows\SysNative\drivers\Arctosa.sys (Razer USA Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV - (nltdi) -- C:\Programme\NetLimiter 3\nltdi.sys (Locktime Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (tandpl) -- C:\Windows\SysWOW64\drivers\tandpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=110819&tt=120812_bandext_3312_6&babsrc=HP_ss&mntrId=50877b67000000000000bc5ff41a74a3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/go/x0m [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=122304&tt=gc_&babsrc=HP_ss&mntrId=5087BC5FF41A74A3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 46 A7 B4 BC 44 CD 01  [binary data]
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=122304&tt=gc_&babsrc=SP_ss&mntrId=5087BC5FF41A74A3
IE - HKCU\..\SearchScopes\{32D25FF0-DED2-4F55-8808-D75183262EC7}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=6E7F53E6-DA4D-4DD5-BECC-02892B368336&apn_sauid=B69CFF74-9B41-4718-BB59-06F8B6687D05
IE - HKCU\..\SearchScopes\{407B02DB-A303-4e4a-BCAA-D1DE53A58BFE}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb203?a=6OyWybSbU9&search={searchTerms}&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;<local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..browser.startup.homepage:
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Fabian\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fabian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013.03.04 18:35:40 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2013.03.04 18:35:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013.03.04 18:35:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\ [2012.10.28 00:59:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013.03.04 18:35:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.15 18:03:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin [2012.11.15 20:50:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter [2012.11.15 20:50:18 | 000,000,000 | ---D | M]
 
[2012.08.13 18:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions
[2013.06.08 18:29:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\a7zvye9k.default\extensions
[2013.03.15 15:30:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\a7zvye9k.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2013.02.23 16:27:07 | 000,000,000 | ---D | M] (Ginyas Browser Companion) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\a7zvye9k.default\extensions\bbrs_002@blabbers.com
[2013.03.17 14:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\a7zvye9k.default\extensions\ffxtlbr@babylon.com
[2013.03.17 14:08:50 | 000,000,000 | ---D | M] (Pagealicious) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\a7zvye9k.default\extensions\Pagealicious
[2013.02.20 22:05:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\a7zvye9k.default\extensions\staged
[2012.10.27 21:41:39 | 000,002,515 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\a7zvye9k.default\searchplugins\ask-search.xml
[2012.11.10 23:15:25 | 000,002,308 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\a7zvye9k.default\searchplugins\askcom.xml
[2013.05.30 01:21:47 | 000,006,503 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\a7zvye9k.default\searchplugins\babylon.xml
[2012.08.14 19:30:50 | 000,002,227 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\a7zvye9k.default\searchplugins\BabylonMngr.xml
[2013.05.01 22:04:45 | 000,006,481 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\a7zvye9k.default\searchplugins\BrowserProtect.xml
[2013.03.17 14:07:33 | 000,001,300 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\a7zvye9k.default\searchplugins\claro.xml
[2013.05.30 01:22:09 | 000,001,294 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\a7zvye9k.default\searchplugins\delta.xml
[2013.06.08 18:25:14 | 000,002,120 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\a7zvye9k.default\searchplugins\MyStart Search.xml
[2013.02.20 22:06:28 | 000,002,060 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\a7zvye9k.default\searchplugins\softonic.xml
[2012.08.13 18:06:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
File not found (No name found) -- C:\USERS\FABIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A7ZVYE9K.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.17 14:07:18 | 000,006,478 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.delta-search.com/?affID=122304&tt=gc_&babsrc=HP_ss&mntrId=5087BC5FF41A74A3
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fabian\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - Extension: YouTube = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Ginyas Browser Companion = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: Google-Suche = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Web Assistant = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.573_0\
CHR - Extension: Logitech-Gerteerkennung = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fclefogcenncfmmekelnpgpehiglcjln\1.2.1_0\
CHR - Extension: Stylish = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.1_0\
CHR - Extension: AdBlock = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Gravity Duck = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\khpikpdaalmlcipfphefaajfiofglcma\1.3.0_0\
CHR - Extension: Vid-Saver = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.23.102_0\crossrider
CHR - Extension: Vid-Saver = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.23.102_0\
CHR - Extension: Google Mail = C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BullGuardUpdate2] c:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe (BullGuard Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Arctosa] C:\Program Files (x86)\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [32992msdcsc.exe] C:\Users\Fabian\AppData\Local\Temp\32992msdcsc.exe ()
O4 - HKCU..\Run: [82267msdcsc.exe] C:\Users\Fabian\AppData\Local\Temp\82267msdcsc.exe ()
O4 - HKCU..\Run: [AcroRd32] C:\Users\Fabian\AppData\Roaming\Acrobat\AcroRd32.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [rundll32] C:\Users\Fabian\AppData\Local\Temp\MSDCSC\msdcsc.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] "C:\Users\Fabian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" File not found
O4 - Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk =  File not found
O4 - Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = C:\Users\Fabian\AppData\Roaming\BrowserCompanion\tbhcn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9:64bit: - Extra Button: Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programme\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B21C34B-3B2A-4FD8-BF09-539620025832}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC905FBF-6003-4722-9B68-D197B46315A4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll BgGamingMonitor.dll) - C:\Programme\Lucidlogix Technologies\VIRTU\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\progra~1\bullgu~1\bullgu~1\files32\bgagent.dll) - c:\Programme\BullGuard Ltd\BullGuard\Files32\BgAgent.dll (BullGuard Ltd.)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0e11c6f2-6d3c-11e2-809e-bc5ff41a74a3}\Shell - "" = AutoRun
O33 - MountPoints2\{0e11c6f2-6d3c-11e2-809e-bc5ff41a74a3}\Shell\AutoRun\command - "" = E:\pushinst.exe
O33 - MountPoints2\{66af8288-db46-11e1-89e2-bc5ff41a74a3}\Shell - "" = AutoRun
O33 - MountPoints2\{66af8288-db46-11e1-89e2-bc5ff41a74a3}\Shell\AutoRun\command - "" = E:\pushinst.exe
O33 - MountPoints2\{975e702c-a59b-11e1-8394-bc5ff41a74a3}\Shell - "" = AutoRun
O33 - MountPoints2\{975e702c-a59b-11e1-8394-bc5ff41a74a3}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.08 20:09:03 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\dclogs
[2013.06.08 19:31:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2013.06.08 19:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Fabian\AppData\Roaming\msnmsg
[2013.06.08 19:06:01 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Simply Super Software
[2013.06.08 19:06:01 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Simply Super Software
[2013.06.08 19:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2013.06.08 19:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.06.08 19:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.06.08 19:05:18 | 001,169,224 | -HS- | C] (Microsoft Corporation) -- C:\Users\Fabian\AppData\Roaming\M5Q9IL20WA.exe
[2013.06.08 19:03:39 | 012,311,184 | ---- | C] (Simply Super Software                                      ) -- C:\Users\Fabian\Desktop\trjsetup685.exe
[2013.06.08 18:50:38 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes
[2013.06.08 18:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.08 18:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.08 18:50:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.08 18:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.08 18:50:08 | 000,000,000 | -HSD | C] -- C:\Users\Fabian\AppData\Roaming\Acrobat
[2013.06.08 18:47:56 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Fabian\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.08 18:19:00 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.06.08 18:18:58 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.06.08 18:18:58 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.06.08 18:18:58 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.06.08 18:18:58 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.06.08 18:18:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.06.08 18:18:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.06.08 18:18:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.06.08 18:18:55 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.06.08 18:18:55 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.06.08 18:18:54 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.06.08 18:02:39 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\DriverTuner
[2013.06.08 14:09:06 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\GetRightToGo
[2013.06.08 13:30:03 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2013.06.08 11:58:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.06.08 11:58:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.06.08 11:58:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 11:58:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.06.08 11:58:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.06.08 11:58:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.08 11:58:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.06.08 11:58:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.06.08 11:58:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.08 11:58:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.06.08 11:58:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.06.08 11:58:24 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.08 11:58:24 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.08 11:58:24 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.08 11:58:24 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.06.08 11:50:36 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.06.08 11:50:36 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.06.08 11:50:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.06.08 11:50:36 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.06.08 11:49:55 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.06.08 11:49:55 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.06.08 11:49:54 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.06.08 11:49:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.06.08 11:49:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.06.08 11:49:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.06.08 11:49:47 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.06.08 11:48:35 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.06.08 11:48:35 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.06.08 11:48:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.06.08 11:46:30 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.06.08 11:46:29 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.06.08 11:46:29 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.06.08 11:46:29 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.06.08 11:46:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.06.08 11:46:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.06.08 10:42:53 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\WindowsLogon
[2013.06.07 23:09:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Realtek0
[2013.06.05 15:59:19 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Awesomium
[2013.06.05 15:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2013.06.05 15:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2013.06.05 15:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2013.06.03 15:04:12 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\NVIDIA
[2013.06.03 15:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.06.03 15:01:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.06.03 15:00:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2013.06.03 15:00:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2013.06.03 14:59:21 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.06.03 14:59:21 | 021,096,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.06.03 14:59:21 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.06.03 14:59:21 | 015,143,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.06.03 14:59:21 | 013,403,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.06.03 14:59:21 | 009,233,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.06.03 14:59:21 | 007,682,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.06.03 14:59:21 | 007,641,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.06.03 14:59:21 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.06.03 14:59:21 | 002,942,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.06.03 14:59:21 | 002,754,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.06.03 14:59:21 | 002,363,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.06.03 14:59:21 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.06.03 14:59:21 | 001,832,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432018.dll
[2013.06.03 14:59:21 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432018.dll
[2013.06.03 14:59:21 | 000,925,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.06.03 14:59:21 | 000,550,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013.06.03 14:59:21 | 000,518,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013.06.03 14:59:21 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013.06.03 14:59:21 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013.06.03 14:59:21 | 000,266,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.06.03 14:59:21 | 000,218,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013.06.03 14:59:21 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.06.03 14:59:21 | 000,194,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.06.03 14:59:21 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013.06.03 14:59:21 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.06.03 14:01:30 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Remedy
[2013.05.31 11:47:12 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Telltale Games
[2013.05.30 01:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.05.30 01:21:31 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\ExpressFiles
[2013.05.30 01:19:15 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\iLivid
[2013.05.17 05:17:30 | 000,126,464 | ---- | C] (Razer Inc) -- C:\Windows\SysNative\drivers\rzudd.sys
[2013.05.17 05:17:28 | 000,031,232 | ---- | C] (Razer Inc) -- C:\Windows\SysNative\drivers\rzendpt.sys
[2013.05.17 05:14:34 | 000,154,112 | ---- | C] (Razer Inc) -- C:\Windows\SysWow64\rztouchdll.dll
[2013.05.17 05:14:34 | 000,056,832 | ---- | C] (Razer Inc) -- C:\Windows\SysWow64\rzdevinfo.dll
[2013.05.17 05:14:30 | 000,766,976 | ---- | C] (Razer Inc) -- C:\Windows\SysWow64\rzdevicedll.dll
[2013.05.17 05:14:30 | 000,117,248 | ---- | C] (Razer Inc) -- C:\Windows\SysWow64\rzdisplaydll.dll
[2013.05.17 05:14:28 | 000,296,448 | ---- | C] (Razer Inc) -- C:\Windows\SysWow64\rzaudiodll.dll
[2013.05.14 21:43:25 | 009,195,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.12 15:43:36 | 000,566,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013.05.11 14:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.11 14:01:35 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.05.11 14:01:31 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.11 14:01:31 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.05.11 14:01:31 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.10 20:04:50 | 000,000,000 | ---D | C] -- C:\tmp
[2013.05.10 19:42:16 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Blender Foundation
[2013.05.09 21:53:47 | 000,000,000 | ---D | C] -- C:\Users\Fabian\.thumbnails
[2013.05.09 21:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2013.05.09 21:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2013.05.09 21:06:09 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Google
[2013.05.09 21:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013.05.09 21:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 8
[2013.05.09 21:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.08 20:15:38 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 20:15:38 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.08 20:15:05 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Stats Report.job
[2013.06.08 20:09:23 | 000,000,032 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Local
[2013.06.08 20:08:28 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Chrome Watcher.job
[2013.06.08 20:08:25 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion FireFox Watcher.job
[2013.06.08 20:08:08 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Runner.job
[2013.06.08 20:08:08 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Update Checker.job
[2013.06.08 20:07:52 | 000,000,480 | ---- | M] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013.06.08 20:07:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.08 20:07:35 | 2078,801,919 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.08 19:55:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3485898032-1890299033-1484769855-1000UA.job
[2013.06.08 19:42:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.08 19:31:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2013.06.08 19:11:27 | 000,000,056 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\mbam.context.scan
[2013.06.08 19:05:55 | 000,001,143 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.06.08 19:05:38 | 012,311,184 | ---- | M] (Simply Super Software                                      ) -- C:\Users\Fabian\Desktop\trjsetup685.exe
[2013.06.08 18:50:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.08 18:49:25 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Fabian\Desktop\mbam-setup-1.75.0.1300.exe
[2013.06.08 18:25:49 | 000,001,086 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
[2013.06.08 18:15:09 | 000,000,916 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\EasyToolz.ini
[2013.06.08 13:00:18 | 000,487,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.08 12:55:45 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3485898032-1890299033-1484769855-1000Core.job
[2013.06.08 12:12:16 | 001,633,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.08 12:12:16 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.08 12:12:16 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.08 12:12:16 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.08 12:12:16 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.06 13:19:49 | 000,282,512 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.06.06 13:19:47 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.06.04 13:25:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzendpt_01009.Wdf
[2013.06.04 13:25:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2013.05.17 05:17:30 | 000,126,464 | ---- | M] (Razer Inc) -- C:\Windows\SysNative\drivers\rzudd.sys
[2013.05.17 05:17:28 | 000,031,232 | ---- | M] (Razer Inc) -- C:\Windows\SysNative\drivers\rzendpt.sys
[2013.05.17 05:14:34 | 000,154,112 | ---- | M] (Razer Inc) -- C:\Windows\SysWow64\rztouchdll.dll
[2013.05.17 05:14:34 | 000,056,832 | ---- | M] (Razer Inc) -- C:\Windows\SysWow64\rzdevinfo.dll
[2013.05.17 05:14:30 | 000,766,976 | ---- | M] (Razer Inc) -- C:\Windows\SysWow64\rzdevicedll.dll
[2013.05.17 05:14:30 | 000,117,248 | ---- | M] (Razer Inc) -- C:\Windows\SysWow64\rzdisplaydll.dll
[2013.05.17 05:14:28 | 000,296,448 | ---- | M] (Razer Inc) -- C:\Windows\SysWow64\rzaudiodll.dll
[2013.05.14 21:43:28 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.14 21:43:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.14 21:43:25 | 009,195,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.12 23:42:27 | 027,775,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.05.12 23:42:27 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.05.12 23:42:27 | 021,096,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.05.12 23:42:27 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.05.12 23:42:27 | 015,910,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.05.12 23:42:27 | 015,143,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.05.12 23:42:27 | 013,403,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.05.12 23:42:27 | 012,426,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.05.12 23:42:27 | 009,233,688 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.05.12 23:42:27 | 007,682,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.05.12 23:42:27 | 007,641,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.05.12 23:42:27 | 006,324,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.05.12 23:42:27 | 002,942,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.05.12 23:42:27 | 002,935,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.05.12 23:42:27 | 002,754,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.05.12 23:42:27 | 002,597,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.05.12 23:42:27 | 002,363,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.05.12 23:42:27 | 002,002,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.05.12 23:42:27 | 001,832,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432018.dll
[2013.05.12 23:42:27 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432018.dll
[2013.05.12 23:42:27 | 001,059,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.05.12 23:42:27 | 000,925,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.05.12 23:42:27 | 000,550,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013.05.12 23:42:27 | 000,518,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013.05.12 23:42:27 | 000,443,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013.05.12 23:42:27 | 000,421,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013.05.12 23:42:27 | 000,266,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.05.12 23:42:27 | 000,218,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013.05.12 23:42:27 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.05.12 23:42:27 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013.05.12 23:42:27 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.05.12 22:34:14 | 006,491,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.05.12 22:34:14 | 003,514,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.05.12 22:34:12 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.05.12 22:34:12 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.05.12 22:34:11 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.05.12 15:43:36 | 000,566,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013.05.11 14:01:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.05.11 14:01:23 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.05.11 14:01:23 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.05.11 14:01:23 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.05.11 14:01:23 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.05.11 14:01:23 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.08 20:09:23 | 000,000,032 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\Local
[2013.06.08 20:07:52 | 000,000,480 | ---- | C] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013.06.08 19:11:27 | 000,000,056 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\mbam.context.scan
[2013.06.08 19:05:55 | 000,001,143 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2013.06.08 18:50:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.08 18:12:46 | 000,000,916 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\EasyToolz.ini
[2013.06.08 10:43:01 | 000,001,086 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk
[2013.06.04 13:25:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzendpt_01009.Wdf
[2013.06.04 13:25:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2013.05.01 11:19:22 | 000,034,816 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\RZR_00208e6943aabcb45c048e5a9758.db
[2013.04.07 20:39:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.03.15 15:30:46 | 000,000,288 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\.backup.dm
[2013.03.14 20:36:53 | 000,000,600 | ---- | C] () -- C:\Users\Fabian\PUTTY.RND
[2012.12.14 02:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 02:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.11.21 21:27:55 | 000,007,597 | ---- | C] () -- C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg
[2012.11.13 14:53:41 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.11.08 20:16:32 | 000,583,306 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\technic-launcher.jar.bak
[2012.11.08 20:16:32 | 000,581,168 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\technic-launcher.jar
[2012.10.25 13:40:44 | 000,282,512 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.25 13:40:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.25 15:34:00 | 001,145,382 | ---- | C] () -- C:\Users\Fabian\AppData\Local\Tempmusic.ogg
[2012.08.13 16:32:24 | 000,001,441 | ---- | C] () -- C:\Windows\chhm-pdd48.ini
[2012.08.13 16:26:51 | 000,000,856 | ---- | C] () -- C:\Users\Fabian\AppData\Local\recently-used.xbel
[2012.08.05 22:21:53 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2012.08.05 22:21:52 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2012.07.01 19:19:01 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.05.30 18:43:47 | 000,017,408 | ---- | C] () -- C:\Users\Fabian\AppData\Local\WebpageIcons.db
[2012.05.24 19:41:55 | 000,000,412 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\All CPU Meter_Settings.ini
[2012.05.24 14:21:14 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012.05.24 14:21:14 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012.05.24 14:21:14 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012.05.24 14:21:12 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.05.24 14:21:12 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.05.24 14:18:38 | 000,000,003 | ---- | C] () -- C:\Users\Fabian\AppData\Local\user_data.ini
[2012.05.24 14:12:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.05.24 14:12:01 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.05.24 14:12:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.11.08 12:39:38 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll
[2011.08.11 04:06:32 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.29 15:59:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\.minecraft
[2012.10.01 13:18:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\.Nitrous
[2012.12.05 21:54:28 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\.techniclauncher
[2012.07.26 00:35:00 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\.terasology
[2013.06.08 18:50:08 | 000,000,000 | -HSD | M] -- C:\Users\Fabian\AppData\Roaming\Acrobat
[2012.05.28 16:58:28 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Alle meine Passworte
[2013.04.17 19:01:35 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AtomZombieData
[2013.06.05 15:59:19 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Awesomium
[2013.02.01 01:26:30 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Babylon
[2013.05.10 19:42:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Blender Foundation
[2013.06.08 20:18:53 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\BrowserCompanion
[2012.12.13 21:08:50 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\BullGuard
[2012.12.09 15:13:30 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Carbon
[2013.06.08 20:09:03 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\dclogs
[2013.02.26 22:10:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.FC622282278C06838B5CD08883589F2C8AB9EEDC.1
[2012.05.31 19:25:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DeviceVm
[2013.02.11 02:29:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Downloaded Installations
[2013.06.08 18:30:51 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoft
[2012.11.22 19:26:25 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Easy Thumbnails
[2013.03.15 15:30:31 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\eBayDesktopShortcut
[2013.01.12 20:22:50 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Engelmann Media
[2013.05.30 01:21:40 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ExpressFiles
[2013.06.07 23:10:03 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\FileZilla
[2013.06.08 14:09:19 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\GetRightToGo
[2012.11.22 19:55:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Hobbyist Software
[2013.02.22 19:41:26 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\iFunbox_UserCache
[2012.09.19 16:48:33 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\IrfanView
[2012.05.24 12:43:05 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Leadertech
[2012.12.05 21:54:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\logs
[2012.07.03 16:47:34 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\LolClient
[2012.06.02 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\LolClient2
[2013.06.08 19:11:05 | 000,000,000 | -HSD | M] -- C:\Users\Fabian\AppData\Roaming\msnmsg
[2012.10.06 00:15:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Nokia
[2012.11.22 20:10:39 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenCandy
[2013.03.14 20:41:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenOffice.org
[2012.12.08 21:21:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Origin
[2012.06.23 10:49:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PC Suite
[2013.02.01 01:41:51 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PerformerSoft
[2013.03.06 15:18:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\raidcall
[2013.02.10 12:49:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Razer
[2013.04.08 17:07:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SanDisk
[2013.03.16 19:55:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SanDisk SecureAccess
[2012.12.15 14:19:30 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Screaming Bee
[2012.10.28 00:04:50 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SecondLife
[2013.06.08 19:06:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Simply Super Software
[2012.06.24 13:36:40 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\six-zsync
[2013.05.09 11:58:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Sony Online Entertainment
[2012.08.13 17:25:49 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Spirited Machine
[2012.06.07 20:09:07 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SPORE
[2013.06.08 16:38:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Spotify
[2012.07.01 20:08:09 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Stardock
[2012.06.20 17:19:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Teeworlds
[2012.10.03 17:07:48 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\thriXXX
[2012.07.03 16:29:04 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TrueCrypt
[2012.11.05 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TS3Client
[2012.11.22 20:15:19 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TuneUp Software
[2013.06.08 19:21:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\WindowsLogon
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.01.19 16:44:38 | 000,001,024 | ---- | M] ()(C:\Users\Fabian\AppData\Local\PMB Fik?s) -- C:\Users\Fabian\AppData\Local\PMB Fik聥s
[2013.01.19 16:44:38 | 000,001,024 | ---- | C] ()(C:\Users\Fabian\AppData\Local\PMB Fik?s) -- C:\Users\Fabian\AppData\Local\PMB Fik聥s
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >
Da es sonst zu viele Zeilen sind folgt die Extras.txt is einem weiteren post.

markusg 08.06.2013 19:52
Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
O4 - HKCU..\Run: [rundll32] C:\Users\Fabian\AppData\Local\Temp\MSDCSC\msdcsc.exe ()
O4 - HKCU..\Run: [AcroRd32] C:\Users\Fabian\AppData\Roaming\Acrobat\AcroRd32.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AcroRd32] C:\Users\Fabian\AppData\Roaming\Acrobat\AcroRd32.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AcroRd32] C:\Users\Fabian\AppData\Roaming\Acrobat\AcroRd32.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [82267msdcsc.exe] C:\Users\Fabian\AppData\Local\Temp\82267msdcsc.exe ()
O4 - HKCU..\Run: [32992msdcsc.exe] C:\Users\Fabian\AppData\Local\Temp\32992msdcsc.exe ()
[2013.06.08 20:09:03 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\dclogs
[2013.06.08 19:05:18 | 001,169,224 | -HS- | C] (Microsoft Corporation) -- C:\Users\Fabian\AppData\Roaming\M5Q9IL20WA.exe
:files
C:\Users\Fabian\AppData\Local\Temp\MSDCSC
C:\Users\Fabian\AppData\Roaming\Acrobat
C:\Users\Fabian\AppData\Roaming\Acrobat
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

theNeises 08.06.2013 19:52
Coin Miner,msdcsc entfernen
 
Extras.txt:

Code:
OTL Extras logfile created on: 08.06.2013 20:18:27 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Fabian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,21 Gb Available Physical Memory | 65,78% Memory free
15,83 Gb Paging File | 12,99 Gb Available in Paging File | 82,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 108,95 Gb Free Space | 23,40% Space Free | Partition Type: NTFS
 
Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C0475E-7B72-46E1-A586-E9B6E39E3A6E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0FF4C4DF-D55A-40D5-8699-708EB3DBA8F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FF6A0B9-07B2-46D3-91B3-5A7A8E8D565D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{43E29356-22F0-47AD-A491-2E8414F1BFAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A0EF280-F752-410B-8762-ACD3123B98FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63A7DC8B-F722-4D07-96B9-24F55F0ED05B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6566CC95-643D-456E-8CE5-9FF155E53A0E}" = lport=138 | protocol=17 | dir=in | app=system |
"{688E1440-4E1D-40F9-A6AA-4ED61F9BE9D5}" = rport=139 | protocol=6 | dir=out | app=system |
"{74A4D958-350E-48DA-AE61-DE41DDBBB31A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78460461-0F97-4C13-8EC6-07175ADFFCF9}" = lport=139 | protocol=6 | dir=in | app=system |
"{7EEA1AC2-B620-4748-964A-F24834AC83EE}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C81D55C-283C-4FA8-9CBA-D959A5487B36}" = lport=10243 | protocol=6 | dir=in | app=system |
"{98FEC081-7B3F-4047-A795-3FAF0A5E42CD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A34259D4-1C13-40D0-9162-62EE88CB9D4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ABEBF008-AE30-4000-A085-7F2FC0B82973}" = rport=137 | protocol=17 | dir=out | app=system |
"{B22C4422-F339-4DD7-BEAD-85F9A0FF7882}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B525976E-E44C-457D-9024-B50B1D3BBA8B}" = lport=137 | protocol=17 | dir=in | app=system |
"{BC8BA62A-823A-48C4-9E2E-2C8F5443D266}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C09AB0F4-74F6-4FA6-95CB-CFFD7D607D9A}" = rport=138 | protocol=17 | dir=out | app=system |
"{DDA8F6F9-B0E1-478C-B5F2-38AD99ABC64A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E32F35A0-BC7B-4BA7-B229-B6FCE839BC88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E43C00BE-D819-40A1-9258-7F65F75F1D5E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{E58AA575-8AA4-44E9-81BD-36F59AFB33A1}" = rport=445 | protocol=6 | dir=out | app=system |
"{F0BD6E67-FB76-4DED-A87B-FE6D86B70EE9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C7A906-5DEA-46C5-B8CC-A5478C9FFD25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep1\wallacegromit101.exe |
"{04FEF248-A67A-40CA-8CCF-892D4A71BE83}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{059CAC44-0D4E-438E-8296-AC2A277CA1F4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{0D9D2A1C-426D-4185-91C5-EC466B27AA4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{0DC1C999-E0F4-41C8-A1B7-E29CAFBAEBB9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{0E2E214B-0718-4076-9F6E-7681BF5B6B75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E720C65-B6F8-4311-AF43-178923C9E42F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{12D79C5D-8351-43D9-9E56-6BFFC1666B0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{1318D643-6F20-4498-9469-83D8EE36858B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{13842B8E-E457-4B28-BFD3-E459E0BD8EF9}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\mdnsresponder.exe |
"{16F8A8B5-CD6E-48C4-8A3F-F89EA7A7C105}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep4\wallacegromit104.exe |
"{17F1B815-2EFB-4142-9469-35FD5454CCB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{191468C4-15D1-4F33-A833-A5F8F9B3B8C9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{197E7431-AE17-40D0-8E0F-76B1F59B9EFB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1A91988E-77F5-4B52-A8A7-990C4DA72909}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{1E56F566-D28A-4B00-A2C7-1641DC660D57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airforte\data\airforte.exe |
"{1E837585-652F-42ED-B663-F45FD5F2CC67}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep3\wallacegromit103.exe |
"{1F632E48-1399-47BC-99AF-9EC9F83F34AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F8E9433-03A6-4DD1-A83C-C1BEB2FD7577}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{266855C2-81D6-418D-987B-1618A80DAF58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
"{2A161A71-C6CF-4B6F-832A-EC2C26175F3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe |
"{2A183B9B-4DD6-4999-A861-C8FBFA0C18F7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe |
"{2A4CA343-E987-41C4-9432-0D85E77B4666}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
"{2A7BFC67-C1EA-41FC-A399-A64A5914A724}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{2C0C2835-3D6F-4D08-B73A-F8D12559675D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2F4DD163-A1F0-4173-9F5F-FA8A10553583}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{31A722C5-3EE5-4846-B19D-54B9B27F7CB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airforte\data\airforte.exe |
"{334DBB40-3726-4FB2-B7BB-7E4AF2D1B560}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{342B08BC-A7E5-4A8C-921B-956B9A163B78}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{34F45429-DE7B-4DB1-8C95-C7DC02157165}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{380B3662-469A-40B3-8176-912F38C925E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{39473C15-BB15-4F24-BBFA-F5C0A5DE1CBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{3AEDE667-AF92-4612-95FC-7134F11D542C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3E669EBB-EAF3-4F8E-9077-9A6EA694C163}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{3F3B53DC-64AC-49E9-8C08-7FF299B9901E}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{3F7432B1-C752-49EC-AA40-F0E8AAC04164}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{3F7D76BB-4782-4D85-B62A-0C08E8AFDA5E}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe |
"{444D55CA-717B-4ED4-8712-324E27577E92}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe |
"{45B7FBB7-D359-433A-81F7-EC0D9471821B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{48AF3327-832D-42B3-ABD2-04FF05529419}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe |
"{4A8D5575-28ED-4BC1-AA5C-571A03700B39}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep1\wallacegromit101.exe |
"{4B1B028E-3C68-4C75-A1D1-C09A9A93F9E7}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher1.exe |
"{4B9241C0-5F4D-4273-BAC1-420F6B11F9C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep2\wallacegromit102.exe |
"{4CBB2B00-6425-4674-A7E8-FAA908C3C4E5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher1.exe |
"{4D419B23-FD40-4397-8E90-4D191D8746CD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4D4F65E6-7499-419D-8826-D17CE8918597}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4D76262C-274A-4C99-A85B-FCECC77FBB2A}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{55D36B7C-3386-463B-95D5-7F31628D51F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5972CF0D-CDC4-4B29-A1AE-D5FE14CD5DD1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5AA567B4-12CF-4FB5-9C1B-F93B6FE216E9}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{5B0C844D-A709-41E0-9AAD-5CDBBFD2F22F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{5C2296BE-0AAA-4F87-B168-2182537930ED}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{5E9846D7-6F17-4FB5-9C4D-23A4CAC11D30}" = protocol=6 | dir=in | app=c:\users\fabian\appdata\local\akamai\netsession_win.exe |
"{5E9BB59B-5616-413B-973F-FC255A4053B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airmech\airmech.exe |
"{61C7BDCD-71A2-4DAF-BA64-D0980C512561}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{6226E14A-F1C8-4E93-9EA0-9985E83C3D82}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{623190EE-2DF2-4BDC-AC05-8B604E2AE3FF}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{6481526C-E24E-4E2A-A562-8E84EF969DB5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{6A76578F-F31C-4A3A-9240-9C8AAB069629}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{70B045DC-5F70-475F-84C8-73753620C031}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71CB00D2-DF1B-48F8-8FE7-606A45C82136}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{749EE999-FB3A-40DD-9A2C-43B0D74D0795}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe |
"{752A4FB0-1F43-4F7D-A884-5A64CA323BE5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{78F69B4B-CE06-49D0-BCF6-48B80999C42C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{79FB0048-FD4B-489E-8D95-FAFDE7801169}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7B79A55E-7515-48F5-8052-5178C2455B8A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{7CCC1726-9CFA-41AF-BFF7-70AFDC41EE49}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{804257B4-F946-4CCD-ADB1-AB4698DF4F69}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8145BB86-5DD9-4305-97DD-BF17679F0F6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{821E8E77-35E5-4384-9DE1-3336F4194EE2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{857ABEFB-634B-4160-B9DB-43F1707550C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85B6F6E8-A090-4E80-BE76-36E87E0E8C9E}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{8945C972-931C-48EE-AB09-E2AD8D745E8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A3A25A8-01D9-47C5-84BB-C216AE34895C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8AC2F353-41A8-403E-ACF0-83CB68983143}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{8CD01BDF-6A52-4766-9776-9E841E7608A0}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{8D3EF20A-1E7C-44BD-8828-7A5CB9B0E91B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{8E1C8DED-7D93-423F-AD04-2E488B089516}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hector episode 1\hector101.exe |
"{8EBA13AE-49B4-4529-BDE8-725E3AE37267}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8F493007-59F8-4CB8-AA35-196E8FC60B58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep3\wallacegromit103.exe |
"{9137EFF0-BD81-4B70-B713-2BDEA989F65E}" = protocol=6 | dir=in | name=mc tdp |
"{914A4A5A-467C-479F-BC61-A6BD57451A2D}" = protocol=17 | dir=in | name=mc udp |
"{91B4A46D-6D96-4DC3-AF56-C744AB24B07B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe |
"{9558687C-D557-48B4-A81B-DE7CA83955D6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{9748E8B0-46D9-4580-984C-A94C735730AA}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe |
"{99C02B56-FFCB-469E-94C1-1A149A84BF34}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B2DEA81-A08A-4FF0-8B84-015132368EB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{9B533948-9651-4839-A23A-4D565250A817}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9CEFBB2C-2267-4A25-8D32-31E07B48B60C}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{9D0F81EE-BA97-43A7-AB49-A8F109F91C5F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9D82BC2E-FF58-4BD0-84DE-9BEA56A4256B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{A3F07ADD-B6B6-47ED-B147-0229A33A1110}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\vlc streamer configuration.exe |
"{A852E488-445A-4985-AD29-04EB1AF8AE4E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A88B51C9-4605-4E18-B24E-09DD22D04501}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe |
"{AA85C98F-4D56-42C7-A4D0-818CB698395D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{AAD901E8-9CFE-4035-B0A5-45210181264C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe |
"{AE449C63-5478-41D0-9D63-B865C216BDE5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AFA64A5C-B12A-4856-84C5-B18E1DDEE084}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe |
"{B4E3AC02-C625-4ADC-96FE-C804D30B1624}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{B887A15C-D822-40D6-A318-50A0E0CBCAC2}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe |
"{BB939239-55C8-4898-B7A2-C6FC3F0488AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C1C45D48-C72D-465F-9ABB-F6FF83E8E8E4}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{C642549D-C181-428E-9265-63A838AE901A}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{C7F96920-243A-416C-92E2-390284ADE3F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{CD5AE668-C43A-4F83-9B88-1BB8F6D65EF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hector episode 1\hector101.exe |
"{CD95B12F-41D4-4C65-AE0D-279C21846063}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe |
"{D02F437D-4A17-42F0-9A22-20D94A62D1C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1B66B5E-CE2E-4C18-AB95-6D8BE4047EE0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D3C1330D-7DD2-4FAC-8C39-C428B46E175A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{D52519AB-D77A-4970-91C9-ABB93C06333F}" = protocol=17 | dir=in | app=c:\users\fabian\appdata\local\akamai\netsession_win.exe |
"{D6961109-95A8-4BB3-BB39-CB2AADC6C0C5}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{D874E4E0-B2F2-4359-9A3A-1CF19446D22E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep4\wallacegromit104.exe |
"{D91147B2-4F61-4321-BFF4-9AB594B74668}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{DE255ABA-2A9E-4473-9488-AC59F59BEF75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep2\wallacegromit102.exe |
"{E19EE700-6BD8-41CE-A5B5-A59D960E6E8F}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{E2FBF41B-127F-4418-BA09-95457A8B5CC4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{E6378F91-0C7E-4AD8-830F-EF66538A3401}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{E9476A17-336D-4A40-BDC4-0D84F3AED99E}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E984455C-31C7-42D9-9178-1CC9C57DC148}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{E9CADF4E-FDBC-4E49-A6DE-88F6B631648F}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe |
"{E9F4F016-1FDE-48A6-8753-D744C1198C55}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EA43A660-DECF-425F-89B6-49C0AF89E7B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{EBDB6826-DEF2-4E6C-8630-D3B4E89CFC63}" = protocol=6 | dir=out | app=system |
"{EC53F5A0-9EE8-47BC-906C-E44DC4DBA8B7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{ED23419A-EB4D-4739-B2CB-A28211A6A587}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFE16EDF-B789-434A-8CE9-550F3F6460DA}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe |
"{F16AC757-5516-4EE0-A430-50C634AB0D1E}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{F4CE2DB0-F99E-407F-B475-4B7A11E4FC6D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FDAD265F-3C95-4449-8C2D-4A03E46A34C5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{FDF23DF5-5546-49C6-91DC-D195F61710E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{FEA2EAD0-2CD7-41D3-94AC-CC7A4F711D70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"TCP Query User{0136348C-BF9B-4A32-BF5F-30609B6D8121}C:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe |
"TCP Query User{083FBD11-C329-42FE-9388-36ACA6D62B6A}C:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe |
"TCP Query User{097A1033-2CC6-4F7B-9523-2859F9A3C9B9}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{0A819CD6-6F70-4EDA-94D5-7F65B26B82BD}C:\program files (x86)\maniaplanet\maniaplanet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\maniaplanet\maniaplanet.exe |
"TCP Query User{1D2E8A30-6F60-4758-94E6-10FCBEBBC244}C:\users\fabian\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\fabian\appdata\local\akamai\netsession_win.exe |
"TCP Query User{2A42BF2F-D85D-4311-B431-8A64A18A50B7}C:\users\fabian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\spotify\spotify.exe |
"TCP Query User{2F275784-B2A3-4C04-91A9-0A8A1CCEAEA3}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{2FA25496-A70F-4C0D-BCF1-BD8C9595C7EE}C:\program files (x86)\ubisoft\xiii\system\xiii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\xiii\system\xiii.exe |
"TCP Query User{3B4F8B9F-8C97-4529-AB3E-D56CC8BEF0DC}C:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe |
"TCP Query User{3C1C3D80-C17F-4597-8107-0F5A7AB98684}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"TCP Query User{3DAEEF68-A04C-4C1C-B386-1A8953D7A970}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"TCP Query User{45E0DC29-F7DC-47E8-AC12-737947A9CFB6}C:\program files (x86)\team17\worms 2\frontend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\team17\worms 2\frontend.exe |
"TCP Query User{4C1B3D2B-8C20-4C57-A46E-25D1D4D78F77}C:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe |
"TCP Query User{53702275-C954-449D-8D23-D01EFAA0DC29}C:\users\fabian\desktop\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\fabian\desktop\guild wars 2\gw2.exe |
"TCP Query User{54363B56-3D1B-4470-9A3A-295BAEBFE264}C:\users\fabian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\spotify\spotify.exe |
"TCP Query User{66CBB960-DA6B-49AA-BCDE-88F4C57F8111}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"TCP Query User{6C4775B1-9B18-49D9-90FE-BBE1E506208F}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{71394FF0-85AA-47F3-9EAC-69B10ABE38DC}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{99D1B461-EE0B-4C34-BE36-BA43730FC2D8}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{A4065F8B-B496-4B91-AE4D-75FB6AF8AD50}C:\users\fabian\desktop\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\fabian\desktop\spiele\guild wars 2\gw2.exe |
"TCP Query User{AEECB13C-FC77-402D-851D-58741CA4C6BE}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"TCP Query User{BD2FDC44-8E32-4250-AA23-B9629FECE508}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"TCP Query User{BFB83684-7F3C-4E1F-8650-5A95501E4727}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"TCP Query User{DC472359-E342-4787-B26E-2BB20D15D8C4}C:\users\fabian\appdata\local\temp\rar$exa0.170\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\fabian\appdata\local\temp\rar$exa0.170\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe |
"TCP Query User{DCC9958F-05A1-4DDB-92AE-B9193A64E35D}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{E4657D13-07EE-4819-A85A-F8F00D7DC3FC}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{F9852E57-4454-4314-A1A2-E1F992CED39A}C:\users\fabian\appdata\local\temp\rar$exa0.027\survivers_beta_3.exe" = protocol=6 | dir=in | app=c:\users\fabian\appdata\local\temp\rar$exa0.027\survivers_beta_3.exe |
"UDP Query User{16B8B3D8-FD5D-49D2-9DBE-2605D9CC7DD1}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{18190CA8-01C6-4358-BEB0-7332F9AC9473}C:\users\fabian\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\fabian\appdata\local\akamai\netsession_win.exe |
"UDP Query User{1C3CBF17-FEF4-4D39-ACCF-BC3F5B7BC449}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"UDP Query User{1F706D98-3D04-4FAA-80D5-FF981028DEF1}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{2820604F-E23D-4FEB-AA11-A67B4B1E9BCF}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"UDP Query User{3FDE79BF-F3B1-4F60-B0A4-1BD9717FA6B8}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{48D13E88-3674-4A97-9205-5C3A0A1EA0F7}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"UDP Query User{4A0666B2-5077-4C7A-99E5-E8F52EE28298}C:\program files (x86)\maniaplanet\maniaplanet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\maniaplanet\maniaplanet.exe |
"UDP Query User{621E30B8-DEAD-4449-BDF3-0EFA5FB2FAA6}C:\users\fabian\desktop\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\fabian\desktop\guild wars 2\gw2.exe |
"UDP Query User{6309E64D-471B-41B6-BF75-52E57F85F4AB}C:\users\fabian\appdata\local\temp\rar$exa0.170\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\fabian\appdata\local\temp\rar$exa0.170\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe |
"UDP Query User{672D3A9F-F456-4D18-A68D-AE8F5EE5DB6C}C:\users\fabian\desktop\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\fabian\desktop\spiele\guild wars 2\gw2.exe |
"UDP Query User{73E13BFE-A6B7-4FD4-A0DA-F50AB9E28480}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{7BA1E02B-7E71-4169-A361-78B68119EE6C}C:\users\fabian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\spotify\spotify.exe |
"UDP Query User{7BD0B291-E974-4666-91AC-5782CCB70C96}C:\program files (x86)\team17\worms 2\frontend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\team17\worms 2\frontend.exe |
"UDP Query User{8C0231FE-C5FC-4D77-9041-6B7A53B35E66}C:\users\fabian\appdata\local\temp\rar$exa0.027\survivers_beta_3.exe" = protocol=17 | dir=in | app=c:\users\fabian\appdata\local\temp\rar$exa0.027\survivers_beta_3.exe |
"UDP Query User{9E82D9AF-29C2-48F8-B597-CD5684236B0D}C:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe |
"UDP Query User{AC0E9B34-232F-4F18-82C0-BB066C2ACF36}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{B458A061-24A1-4BF4-B693-47EB73FED130}C:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe |
"UDP Query User{BF20FDED-86ED-4D49-B42B-D198418174BA}C:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe |
"UDP Query User{C152BE24-41C9-45DF-8D9F-7DC5E87FF24F}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{D4AC6DB3-14D8-4D78-9246-C978E346D5C7}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{D8C47059-6AD9-4F0A-A849-B143F334DEA2}C:\program files (x86)\ubisoft\xiii\system\xiii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\xiii\system\xiii.exe |
"UDP Query User{E5F6991C-AFC5-4D87-9EB1-6AA08659DBA0}C:\users\fabian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F2342B56-FBFB-41EF-9EF0-2B096A9443D3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{F6D3DF2E-D0B8-4CAA-891D-0A64F9D3C17D}C:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe |
"UDP Query User{FA61BDBE-BB3A-43C6-B378-6BFDECF2CB59}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"UDP Query User{FD6F3950-A90C-492B-A9FE-C829CE2163E6}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.573
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{50150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6B44AEB-3F57-45D7-9A89-5020135CBF90}" = Studie zur Verbesserung von HP Officejet 6600 Produkten
"{C768E610-4DFB-4A60-A59B-71549EB7BF75}" = HP Officejet 6600 - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"Blender" = Blender
"BullGuard" = BullGuard
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Office Professional 15 (Technical Preview) - en-us" = Microsoft Office 365 Home Premium Preview - en-us
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VIRTU_is1" = VIRTU 1.2.106
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
"XFast LAN" = XFast LAN v6.61
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D9C81F2-CF30-47F9-860E-58DACF92ABC9}" = Razer Arctosa
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{48379835-BF2E-4487-9CB1-D5E654502B53}" = Medal of Honor™ Warfighter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{72376EB6-0189-45B3-A4F6-823F549697C3}" = MOUSE Editor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{B8F4A45C-581C-4707-8EF2-2B9E6722270C}" = SketchUp 8
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C818BA3A-226F-4ED0-9CEF-96A0DF300211}" = HP Officejet 6600 Hilfe
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F30787F6-EA4F-4BC8-0001-398BDCC33E1E}" = MovieSaver*3.0
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCD3BA7F-0DFA-2679-44D2-0EC11238AF9D}" = Fragen-Lern-CD 4.3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AJCompressCopy" = AJScreensaver
"Akamai" = Akamai NetSession Interface
"AllemeinePassworte" = Alle meine Passworte 3.20
"aTube Catcher" = aTube Catcher
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cossacks : The Art Of War" = Cossacks - The Art Of War
"de.3m5.wendel.flcd.FLCDB.FC622282278C06838B5CD08883589F2C8AB9EEDC.1" = Fragen-Lern-CD 4.3
"Downloader" = Downloader
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.6.0
"GinyasBrowserCompanion" = GinyasBrowserCompanion
"Guild Wars" = GUILD WARS
"HP Photo Creations" = HP Photo Creations
"iFunbox_is1" = iFunbox (v2.1.2228.731), iFunbox DevTeam
"InstallShield_{72376EB6-0189-45B3-A4F6-823F549697C3}" = Mouse Editor
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = EXPERTool 7.21
"nfsDigitalPaintClockWhite New Free Screensaver_is1" = NewFreeScreensaver nfsDigitalPaintClockWhite
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"Razer Core" = Razer Core
"Steam App 107100" = Bastion
"Steam App 108710" = Alan Wake
"Steam App 113200" = The Binding of Isaac
"Steam App 205790" = Dota 2 Test
"Steam App 206500" = AirMech
"Steam App 207610" = The Walking Dead
"Steam App 31100" = Wallace & Gromit Ep 1: Fright of the Bumblebees
"Steam App 31110" = Wallace & Gromit Ep 2: The Last Resort
"Steam App 31120" = Wallace & Gromit Ep 3: Muzzled!
"Steam App 31130" = Wallace & Gromit Ep 4: The Bogey Man
"Steam App 43110" = Metro 2033
"Steam App 4570" = Warhammer 40,000: Dawn of War - Game of the Year Edition
"Steam App 49520" = Borderlands 2
"Steam App 55000" = Flotilla
"Steam App 55020" = Air Forte
"Steam App 55040" = Atom Zombie Smasher
"Steam App 55230" = Saints Row: The Third
"Steam App 570" = Dota 2
"Steam App 65800" = Dungeon Defenders
"Steam App 72000" = Closure
"Steam App 94600" = Hector: Ep 1
"Steam App 94610" = Hector: Ep 2
"Steam App 94620" = Hector: Ep 3
"TmNationsForever_is1" = TmNationsForever
"TmUnitedForever_is1" = TmUnitedForever
"Trojan Remover_is1" = Trojan Remover 6.8.6
"TrueCrypt" = TrueCrypt
"Uplay" = Uplay
"WNLT" = IB Updater Service
"XFastUsb" = XFastUsb
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"SOE-C:/Users/Fabian/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.06.2013 07:01:36 | Computer Name = Fabian-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 08.06.2013 08:49:30 | Computer Name = Fabian-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Fabian\Desktop\*\SoftonicDownloader_fuer_winds-pro.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 08.06.2013 08:50:56 | Computer Name = Fabian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rads_user_kernel.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4e65c1ac  Name des fehlerhaften Moduls: rads_user_kernel.exe, Version:
 0.0.0.0, Zeitstempel: 0x4e65c1ac  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000b8554
ID
 des fehlerhaften Prozesses: 0x15f0  Startzeit der fehlerhaften Anwendung: 0x01ce6446d136036e
Pfad
 der fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
Pfad
 des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
Berichtskennung:
 0f627e36-d03a-11e2-9ce7-bc5ff41a74a3
 
Error - 08.06.2013 09:28:38 | Computer Name = Fabian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.9, Zeitstempel:
 0x5121f458  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e41b  ID des fehlerhaften Prozesses:
 0x13d8  Startzeit der fehlerhaften Anwendung: 0x01ce644bdb886771  Pfad der fehlerhaften
 Anwendung: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 539603ef-d03f-11e2-9ce7-bc5ff41a74a3
 
Error - 08.06.2013 10:40:21 | Computer Name = Fabian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: PinkVisual-141.002.exe, Version:
0.0.0.0, Zeitstempel: 0x5166aec4  Name des fehlerhaften Moduls: ThriXXX-010278-SYS.dll,
 Version: 0.0.0.0, Zeitstempel: 0x5166ae4c  Ausnahmecode: 0xc0000005  Fehleroffset:
0x000aa3e4  ID des fehlerhaften Prozesses: 0x950c  Startzeit der fehlerhaften Anwendung:
 0x01ce6455a6a3cc62  Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\thriXXX\PinkVisual\Binaries\PinkVisual-141.002.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\thriXXX\PinkVisual\Binaries\ThriXXX-010278-SYS.dll
Berichtskennung:
 581ac0c4-d049-11e2-9ce7-bc5ff41a74a3
 
Error - 08.06.2013 12:25:30 | Computer Name = Fabian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.9, Zeitstempel:
 0x5121f458  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften Prozesses:
 0x96c  Startzeit der fehlerhaften Anwendung: 0x01ce6464be7fe46b  Pfad der fehlerhaften
 Anwendung: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 088f1838-d058-11e2-8b42-bc5ff41a74a3
 
Error - 08.06.2013 12:26:21 | Computer Name = Fabian-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 08.06.2013 12:28:50 | Computer Name = Fabian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: shell.exe, Version: 7.0.13060.0,
Zeitstempel: 0x51ae3b03  Name des fehlerhaften Moduls: MSVCRT.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0x40000015  Fehleroffset: 0x0005620a  ID des fehlerhaften
 Prozesses: 0x14a0  Startzeit der fehlerhaften Anwendung: 0x01ce6464d6aaabb2  Pfad der
 fehlerhaften Anwendung: C:\Users\Fabian\AppData\Roaming\WindowsLogon\shell.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\MSVCRT.dll  Berichtskennung: 7fe2dfbe-d058-11e2-8b42-bc5ff41a74a3
 
Error - 08.06.2013 12:31:12 | Computer Name = Fabian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: shell.exe, Version: 7.0.13060.0,
Zeitstempel: 0x51ae3b03  Name des fehlerhaften Moduls: MSVCRT.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeaf722  Ausnahmecode: 0x40000015  Fehleroffset: 0x0005620a  ID des fehlerhaften
 Prozesses: 0x11e0  Startzeit der fehlerhaften Anwendung: 0x01ce64654daa6a14  Pfad der
 fehlerhaften Anwendung: C:\Users\Fabian\AppData\Roaming\WindowsLogon\shell.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\MSVCRT.dll  Berichtskennung: d451ba2c-d058-11e2-8b42-bc5ff41a74a3
 
Error - 08.06.2013 14:08:26 | Computer Name = Fabian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.9, Zeitstempel:
 0x5121f458  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften Prozesses:
 0x970  Startzeit der fehlerhaften Anwendung: 0x01ce64732197af9c  Pfad der fehlerhaften
 Anwendung: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 69d1f453-d066-11e2-895e-bc5ff41a74a3
 
Error - 08.06.2013 14:09:25 | Computer Name = Fabian-PC | Source = WinMgmt | ID = 10
Description =
 
[ NetLimiter 3 Events ]
Error - 24.04.2013 15:12:26 | Computer Name = Fabian-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 25.04.2013 08:55:36 | Computer Name = Fabian-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 26.04.2013 08:52:42 | Computer Name = Fabian-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 27.04.2013 05:25:36 | Computer Name = Fabian-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 28.04.2013 09:41:28 | Computer Name = Fabian-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 29.04.2013 12:39:12 | Computer Name = Fabian-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 30.04.2013 10:58:01 | Computer Name = Fabian-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 30.04.2013 15:49:56 | Computer Name = Fabian-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 01.05.2013 05:10:05 | Computer Name = Fabian-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
Error - 02.05.2013 09:32:53 | Computer Name = Fabian-PC | Source = NetLimiter 3 Service | ID = 1000
Description = Registration or trial period expired
 
[ System Events ]
Error - 05.12.2012 10:26:20 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 06.12.2012 10:45:53 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Browser Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%3
 
Error - 06.12.2012 10:45:55 | Computer Name = Fabian-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 06.12.2012 10:47:27 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "BullGuard e-mail monitoring service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 06.12.2012 10:48:49 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.12.2012 10:48:49 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
Error - 06.12.2012 15:22:22 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Browser Manager" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%3
 
Error - 06.12.2012 15:22:23 | Computer Name = Fabian-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 06.12.2012 15:24:33 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:  %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 06.12.2012 15:24:33 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%1069
 
 
< End of report >
Kann mir jmd weiterhelfen was ich als nächstes tun soll?

MFG
Fabian Neises

markusg 08.06.2013 19:57
siehe post2b

theNeises 08.06.2013 20:18
Habe Zip Datei erfolgreich hochgeladen

Hier die .txt Datei:
Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\rundll32 not found.
C:\Users\Fabian\AppData\Local\Temp\MSDCSC\msdcsc.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AcroRd32 not found.
C:\Users\Fabian\AppData\Roaming\Acrobat\AcroRd32.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AcroRd32 not found.
File C:\Users\Fabian\AppData\Roaming\Acrobat\AcroRd32.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AcroRd32 not found.
File C:\Users\Fabian\AppData\Roaming\Acrobat\AcroRd32.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\82267msdcsc.exe not found.
C:\Users\Fabian\AppData\Local\Temp\82267msdcsc.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\32992msdcsc.exe not found.
C:\Users\Fabian\AppData\Local\Temp\32992msdcsc.exe moved successfully.
C:\Users\Fabian\AppData\Roaming\dclogs folder moved successfully.
C:\Users\Fabian\AppData\Roaming\M5Q9IL20WA.exe moved successfully.
========== FILES ==========
C:\Users\Fabian\AppData\Local\Temp\MSDCSC\Uhv1HAwUyC9F\Uhv1HAwUyC9F folder moved successfully.
C:\Users\Fabian\AppData\Local\Temp\MSDCSC\Uhv1HAwUyC9F folder moved successfully.
C:\Users\Fabian\AppData\Local\Temp\MSDCSC folder moved successfully.
C:\Users\Fabian\AppData\Roaming\Acrobat folder moved successfully.
File\Folder C:\Users\Fabian\AppData\Roaming\Acrobat not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Fabian
->Temp folder emptied: 1809006455 bytes
->Temporary Internet Files folder emptied: 691987468 bytes
->Java cache emptied: 1327619 bytes
->FireFox cache emptied: 21118946 bytes
->Google Chrome cache emptied: 359719187 bytes
->Flash cache emptied: 97157 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 542121148 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 51845885 bytes
RecycleBin emptied: 1563672 bytes
 
Total Files Cleaned = 3.318,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06082013_210319

Files\Folders moved on Reboot...
C:\Users\Fabian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\_avast_\unp4319538.tmp not found!
File\Folder C:\Windows\temp\_avast_\unp75567540.tmp not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\_asw_aisI.tm~a06012\setup.lok not found!
File move failed. C:\Windows\temp\avast_ash\iTunes (64 Bit)\BIT53BD.tmp scheduled to be moved on reboot.
C:\Windows\temp\FireFly(20130608203252BC4).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2rdll(20130608203252BC4).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(20130608203252BC4).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(20130608203252BC4).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

markusg 08.06.2013 20:22
Danke fürs hochladen
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

theNeises 08.06.2013 20:31
.txt aus TDSSKiller:

Code:
21:24:32.0511 4640  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:24:33.0411 4640  ============================================================
21:24:33.0411 4640  Current date / time: 2013/06/08 21:24:33.0411
21:24:33.0411 4640  SystemInfo:
21:24:33.0411 4640 
21:24:33.0411 4640  OS Version: 6.1.7601 ServicePack: 1.0
21:24:33.0411 4640  Product type: Workstation
21:24:33.0411 4640  ComputerName: FABIAN-PC
21:24:33.0411 4640  UserName: Fabian
21:24:33.0411 4640  Windows directory: C:\Windows
21:24:33.0411 4640  System windows directory: C:\Windows
21:24:33.0411 4640  Running under WOW64
21:24:33.0411 4640  Processor architecture: Intel x64
21:24:33.0411 4640  Number of processors: 4
21:24:33.0411 4640  Page size: 0x1000
21:24:33.0411 4640  Boot type: Normal boot
21:24:33.0411 4640  ============================================================
21:24:34.0246 4640  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:24:34.0251 4640  ============================================================
21:24:34.0251 4640  \Device\Harddisk0\DR0:
21:24:34.0252 4640  MBR partitions:
21:24:34.0252 4640  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:24:34.0252 4640  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
21:24:34.0252 4640  ============================================================
21:24:34.0269 4640  C: <-> \Device\Harddisk0\DR0\Partition2
21:24:34.0269 4640  ============================================================
21:24:34.0269 4640  Initialize success
21:24:34.0269 4640  ============================================================
21:25:11.0173 0188  ============================================================
21:25:11.0174 0188  Scan started
21:25:11.0174 0188  Mode: Manual; SigCheck; TDLFS;
21:25:11.0174 0188  ============================================================
21:25:11.0645 0188  ================ Scan system memory ========================
21:25:11.0645 0188  System memory - ok
21:25:11.0646 0188  ================ Scan services =============================
21:25:11.0760 0188  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:25:11.0852 0188  1394ohci - ok
21:25:11.0875 0188  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:25:11.0887 0188  ACPI - ok
21:25:11.0898 0188  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
21:25:11.0927 0188  AcpiPmi - ok
21:25:12.0114 0188  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:25:12.0124 0188  AdobeFlashPlayerUpdateSvc - ok
21:25:12.0154 0188  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
21:25:12.0169 0188  adp94xx - ok
21:25:12.0186 0188  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
21:25:12.0199 0188  adpahci - ok
21:25:12.0211 0188  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
21:25:12.0222 0188  adpu320 - ok
21:25:12.0246 0188  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
21:25:12.0299 0188  AeLookupSvc - ok
21:25:12.0357 0188  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
21:25:12.0399 0188  AFD - ok
21:25:12.0459 0188  [ A12CC7EA6448C7BADC8677593C2AC55D ] AFW            C:\Windows\system32\DRIVERS\afw.sys
21:25:12.0481 0188  AFW - ok
21:25:12.0524 0188  [ 6BE9AC4EDB62252BA7AA13AF0CA907B8 ] afwcore        C:\Windows\system32\DRIVERS\afwcore.sys
21:25:12.0541 0188  afwcore - ok
21:25:12.0570 0188  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:25:12.0583 0188  agp440 - ok
21:25:12.0946 0188  [ C7074BD8D4B8F564859ED373433030AE ] Akamai          c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll
21:25:12.0946 0188  Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll. md5: C7074BD8D4B8F564859ED373433030AE
21:25:12.0952 0188  Akamai ( HiddenFile.Multi.Generic ) - warning
21:25:12.0952 0188  Akamai - detected HiddenFile.Multi.Generic (1)
21:25:12.0982 0188  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
21:25:13.0014 0188  ALG - ok
21:25:13.0040 0188  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:25:13.0056 0188  aliide - ok
21:25:13.0119 0188  ALSysIO - ok
21:25:13.0130 0188  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:25:13.0146 0188  amdide - ok
21:25:13.0173 0188  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
21:25:13.0204 0188  AmdK8 - ok
21:25:13.0215 0188  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:25:13.0238 0188  AmdPPM - ok
21:25:13.0266 0188  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
21:25:13.0278 0188  amdsata - ok
21:25:13.0294 0188  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:25:13.0308 0188  amdsbs - ok
21:25:13.0345 0188  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
21:25:13.0360 0188  amdxata - ok
21:25:13.0388 0188  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
21:25:13.0440 0188  AppID - ok
21:25:13.0471 0188  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:25:13.0505 0188  AppIDSvc - ok
21:25:13.0538 0188  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo        C:\Windows\System32\appinfo.dll
21:25:13.0573 0188  Appinfo - ok
21:25:13.0662 0188  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:25:13.0674 0188  Apple Mobile Device - ok
21:25:13.0693 0188  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\drivers\arc.sys
21:25:13.0703 0188  arc - ok
21:25:13.0714 0188  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:25:13.0724 0188  arcsas - ok
21:25:13.0765 0188  [ 2B0E02250A4FF9EF8C68020A7315D27B ] Arctosa        C:\Windows\system32\drivers\Arctosa.sys
21:25:13.0793 0188  Arctosa - ok
21:25:13.0897 0188  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:25:13.0912 0188  aspnet_state - ok
21:25:13.0950 0188  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
21:25:13.0964 0188  aswFsBlk - ok
21:25:14.0026 0188  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt      C:\Windows\system32\drivers\aswMonFlt.sys
21:25:14.0041 0188  aswMonFlt - ok
21:25:14.0077 0188  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
21:25:14.0092 0188  aswRdr - ok
21:25:14.0096 0188  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt        C:\Windows\system32\drivers\aswRvrt.sys
21:25:14.0111 0188  aswRvrt - ok
21:25:14.0147 0188  [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
21:25:14.0166 0188  aswSnx - ok
21:25:14.0210 0188  [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP          C:\Windows\system32\drivers\aswSP.sys
21:25:14.0230 0188  aswSP - ok
21:25:14.0268 0188  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
21:25:14.0283 0188  aswTdi - ok
21:25:14.0297 0188  [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
21:25:14.0309 0188  aswVmm - ok
21:25:14.0347 0188  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:25:14.0397 0188  AsyncMac - ok
21:25:14.0405 0188  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
21:25:14.0412 0188  atapi - ok
21:25:14.0473 0188  [ 788914C42AD8318F1DD7A565EAFFB049 ] athrusb        C:\Windows\system32\DRIVERS\athrxusb.sys
21:25:14.0536 0188  athrusb - ok
21:25:14.0661 0188  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:25:14.0728 0188  AudioEndpointBuilder - ok
21:25:14.0743 0188  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:25:14.0773 0188  AudioSrv - ok
21:25:14.0875 0188  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
21:25:14.0890 0188  avast! Antivirus - ok
21:25:14.0957 0188  [ C6F4C466B654C1BE98AF31418BB5AC30 ] AVM WLAN Connection Service C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
21:25:14.0990 0188  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
21:25:14.0990 0188  AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
21:25:15.0039 0188  [ 1DC2F715792CF33428AD7993ACBD224D ] avmeject        C:\Windows\system32\drivers\avmeject.sys
21:25:15.0053 0188  avmeject - ok
21:25:15.0091 0188  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:25:15.0130 0188  AxInstSV - ok
21:25:15.0163 0188  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
21:25:15.0185 0188  b06bdrv - ok
21:25:15.0198 0188  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:25:15.0219 0188  b57nd60a - ok
21:25:15.0242 0188  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:25:15.0263 0188  BDESVC - ok
21:25:15.0329 0188  [ 760D877A396EC5061BF1B7B19502A9E2 ] BdNet          C:\Windows\system32\drivers\BdNet.sys
21:25:15.0347 0188  BdNet - ok
21:25:15.0391 0188  [ AB0B1730E4CAA2A2A3CC8B93EE09C848 ] BdSpy          C:\Windows\system32\drivers\BdSpy.sys
21:25:15.0407 0188  BdSpy - ok
21:25:15.0431 0188  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:25:15.0476 0188  Beep - ok
21:25:15.0513 0188  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
21:25:15.0551 0188  BFE - ok
21:25:15.0580 0188  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:25:15.0622 0188  BITS - ok
21:25:15.0635 0188  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:25:15.0661 0188  blbdrive - ok
21:25:15.0703 0188  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:25:15.0729 0188  bowser - ok
21:25:15.0756 0188  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:25:15.0785 0188  BrFiltLo - ok
21:25:15.0798 0188  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:25:15.0809 0188  BrFiltUp - ok
21:25:15.0858 0188  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
21:25:15.0877 0188  Browser - ok
21:25:15.0892 0188  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
21:25:15.0932 0188  Brserid - ok
21:25:15.0939 0188  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:25:15.0966 0188  BrSerWdm - ok
21:25:15.0988 0188  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:25:16.0008 0188  BrUsbMdm - ok
21:25:16.0021 0188  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:25:16.0043 0188  BrUsbSer - ok
21:25:16.0151 0188  [ C3A932C880EC42513886C51D8F4F51DD ] BsBackup        C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll
21:25:16.0175 0188  BsBackup - ok
21:25:16.0234 0188  [ F9A5AF83BC2140D718E9FEF476F5DA21 ] BsBhvScan      C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
21:25:16.0253 0188  BsBhvScan - ok
21:25:16.0318 0188  [ C1CE309436758FF23E1BE085953FB6A2 ] BsFileScan      c:\program files\bullguard ltd\bullguard\BsFileScan.dll
21:25:16.0339 0188  BsFileScan - ok
21:25:16.0397 0188  [ 5934BBAF56D6A05E2CB9D21AD337D3E7 ] BsFire          c:\program files\bullguard ltd\bullguard\BsFire.dll
21:25:16.0422 0188  BsFire - ok
21:25:16.0497 0188  [ DE5C89DA99E9EB81E4AA7570DB8A6B7E ] BsMailProxy    c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll
21:25:16.0521 0188  BsMailProxy - ok
21:25:16.0582 0188  [ 8FEF16C9A5AA314B1A2EDCFAD5853402 ] BsMain          C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll
21:25:16.0602 0188  BsMain - ok
21:25:16.0621 0188  [ A23B77B41103147CF8969DCADFF3555D ] BsScanner      C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
21:25:16.0631 0188  BsScanner - ok
21:25:16.0695 0188  [ C809A537FA2396CFD7D07BF6518F1010 ] BsUpdate        C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
21:25:16.0716 0188  BsUpdate - ok
21:25:16.0737 0188  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:25:16.0766 0188  BTHMODEM - ok
21:25:16.0797 0188  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
21:25:16.0844 0188  bthserv - ok
21:25:16.0870 0188  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:25:16.0919 0188  cdfs - ok
21:25:16.0934 0188  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
21:25:16.0944 0188  cdrom - ok
21:25:16.0967 0188  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
21:25:17.0002 0188  CertPropSvc - ok
21:25:17.0063 0188  [ 33B82CF69E41B38A2EC0C3CABDE80D6E ] cFosSpeed      C:\Windows\system32\DRIVERS\cfosspeed6.sys
21:25:17.0100 0188  cFosSpeed - ok
21:25:17.0174 0188  [ 760085908644D2988F1B504C3FCA6959 ] cFosSpeedS      C:\Program Files\ASRock\XFast LAN\spd.exe
21:25:17.0195 0188  cFosSpeedS - ok
21:25:17.0221 0188  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
21:25:17.0241 0188  circlass - ok
21:25:17.0277 0188  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:25:17.0301 0188  CLFS - ok
21:25:17.0359 0188  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:25:17.0374 0188  clr_optimization_v2.0.50727_32 - ok
21:25:17.0400 0188  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:25:17.0414 0188  clr_optimization_v2.0.50727_64 - ok
21:25:17.0483 0188  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:25:17.0498 0188  clr_optimization_v4.0.30319_32 - ok
21:25:17.0505 0188  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:25:17.0516 0188  clr_optimization_v4.0.30319_64 - ok
21:25:17.0541 0188  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:25:17.0569 0188  CmBatt - ok
21:25:17.0579 0188  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:25:17.0588 0188  cmdide - ok
21:25:17.0629 0188  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
21:25:17.0662 0188  CNG - ok
21:25:17.0674 0188  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:25:17.0682 0188  Compbatt - ok
21:25:17.0697 0188  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:25:17.0717 0188  CompositeBus - ok
21:25:17.0726 0188  COMSysApp - ok
21:25:17.0809 0188  [ 815F3180B5117E42E422188E9CCC89C6 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:25:17.0822 0188  cphs - ok
21:25:17.0842 0188  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
21:25:17.0850 0188  crcdisk - ok
21:25:17.0898 0188  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:25:18.0004 0188  CryptSvc - ok
21:25:18.0132 0188  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:25:18.0195 0188  DcomLaunch - ok
21:25:18.0240 0188  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
21:25:18.0290 0188  defragsvc - ok
21:25:18.0310 0188  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:25:18.0343 0188  DfsC - ok
21:25:18.0376 0188  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:25:18.0410 0188  Dhcp - ok
21:25:18.0418 0188  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:25:18.0476 0188  discache - ok
21:25:18.0513 0188  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
21:25:18.0522 0188  Disk - ok
21:25:18.0556 0188  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:25:18.0584 0188  Dnscache - ok
21:25:18.0602 0188  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
21:25:18.0638 0188  dot3svc - ok
21:25:18.0652 0188  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
21:25:18.0687 0188  DPS - ok
21:25:18.0713 0188  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
21:25:18.0729 0188  drmkaud - ok
21:25:18.0777 0188  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
21:25:18.0794 0188  DXGKrnl - ok
21:25:18.0819 0188  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
21:25:18.0854 0188  EapHost - ok
21:25:18.0920 0188  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\drivers\evbda.sys
21:25:19.0011 0188  ebdrv - ok
21:25:19.0061 0188  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
21:25:19.0071 0188  EFS - ok
21:25:19.0117 0188  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
21:25:19.0161 0188  ehRecvr - ok
21:25:19.0201 0188  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
21:25:19.0231 0188  ehSched - ok
21:25:19.0263 0188  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
21:25:19.0278 0188  elxstor - ok
21:25:19.0298 0188  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:25:19.0322 0188  ErrDev - ok
21:25:19.0333 0188  EtronHub3 - ok
21:25:19.0337 0188  EtronXHCI - ok
21:25:19.0365 0188  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
21:25:19.0415 0188  EventSystem - ok
21:25:19.0437 0188  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
21:25:19.0502 0188  exfat - ok
21:25:19.0525 0188  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
21:25:19.0559 0188  fastfat - ok
21:25:19.0616 0188  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
21:25:19.0684 0188  Fax - ok
21:25:19.0691 0188  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\drivers\fdc.sys
21:25:19.0716 0188  fdc - ok
21:25:19.0727 0188  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
21:25:19.0757 0188  fdPHost - ok
21:25:19.0768 0188  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:25:19.0809 0188  FDResPub - ok
21:25:19.0843 0188  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:25:19.0851 0188  FileInfo - ok
21:25:19.0867 0188  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
21:25:19.0921 0188  Filetrace - ok
21:25:19.0932 0188  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:25:19.0942 0188  flpydisk - ok
21:25:19.0955 0188  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:25:19.0967 0188  FltMgr - ok
21:25:20.0008 0188  [ FE95AE537B41A7E2F4CFE353064DC4AF ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS
21:25:20.0022 0188  FNETTBOH_305 - ok
21:25:20.0084 0188  [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
21:25:20.0096 0188  FNETURPX - ok
21:25:20.0149 0188  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
21:25:20.0209 0188  FontCache - ok
21:25:20.0242 0188  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:25:20.0256 0188  FontCache3.0.0.0 - ok
21:25:20.0266 0188  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
21:25:20.0277 0188  FsDepends - ok
21:25:20.0327 0188  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:25:20.0339 0188  Fs_Rec - ok
21:25:20.0370 0188  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:25:20.0388 0188  fvevol - ok
21:25:20.0444 0188  [ 444534CBA693DD23C1CC589681E01656 ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
21:25:20.0478 0188  FWLANUSB - ok
21:25:20.0520 0188  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:25:20.0537 0188  gagp30kx - ok
21:25:20.0590 0188  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:25:20.0603 0188  GEARAspiWDM - ok
21:25:20.0639 0188  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
21:25:20.0698 0188  gpsvc - ok
21:25:20.0769 0188  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:25:20.0783 0188  gupdate - ok
21:25:20.0787 0188  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:25:20.0801 0188  gupdatem - ok
21:25:20.0863 0188  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi        C:\Windows\system32\DRIVERS\hamachi.sys
21:25:20.0873 0188  hamachi - ok
21:25:20.0887 0188  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:25:20.0908 0188  hcw85cir - ok
21:25:20.0938 0188  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:25:20.0967 0188  HdAudAddService - ok
21:25:20.0980 0188  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:25:20.0997 0188  HDAudBus - ok
21:25:21.0007 0188  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
21:25:21.0029 0188  HidBatt - ok
21:25:21.0040 0188  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:25:21.0068 0188  HidBth - ok
21:25:21.0094 0188  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\drivers\hidir.sys
21:25:21.0110 0188  HidIr - ok
21:25:21.0134 0188  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
21:25:21.0170 0188  hidserv - ok
21:25:21.0187 0188  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:25:21.0197 0188  HidUsb - ok
21:25:21.0280 0188  [ 9D2C35E06CE117355ABADCEEE1558D21 ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
21:25:21.0298 0188  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
21:25:21.0298 0188  HiPatchService - detected UnsignedFile.Multi.Generic (1)
21:25:21.0327 0188  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:25:21.0387 0188  hkmsvc - ok
21:25:21.0400 0188  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:25:21.0422 0188  HomeGroupListener - ok
21:25:21.0446 0188  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:25:21.0479 0188  HomeGroupProvider - ok
21:25:21.0516 0188  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:25:21.0533 0188  HpSAMD - ok
21:25:21.0564 0188  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:25:21.0623 0188  HTTP - ok
21:25:21.0638 0188  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:25:21.0645 0188  hwpolicy - ok
21:25:21.0673 0188  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:25:21.0683 0188  i8042prt - ok
21:25:21.0734 0188  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
21:25:21.0748 0188  iaStorV - ok
21:25:21.0817 0188  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:25:21.0834 0188  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:25:21.0834 0188  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:25:21.0873 0188  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:25:21.0892 0188  idsvc - ok
21:25:21.0999 0188  [ 348214F96642FD4FEF630DE021BA3540 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:25:22.0136 0188  igfx - ok
21:25:22.0154 0188  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
21:25:22.0162 0188  iirsp - ok
21:25:22.0188 0188  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:25:22.0230 0188  IKEEXT - ok
21:25:22.0329 0188  [ 718A4008EE5DA174400396B27509EF82 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:25:22.0369 0188  IntcAzAudAddService - ok
21:25:22.0376 0188  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:25:22.0384 0188  intelide - ok
21:25:22.0396 0188  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:25:22.0413 0188  intelppm - ok
21:25:22.0434 0188  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
21:25:22.0468 0188  IPBusEnum - ok
21:25:22.0477 0188  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:25:22.0501 0188  IpFilterDriver - ok
21:25:22.0588 0188  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:25:22.0635 0188  iphlpsvc - ok
21:25:22.0693 0188  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
21:25:22.0723 0188  IPMIDRV - ok
21:25:22.0736 0188  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
21:25:22.0796 0188  IPNAT - ok
21:25:22.0880 0188  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:25:22.0911 0188  iPod Service - ok
21:25:22.0932 0188  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:25:22.0958 0188  IRENUM - ok
21:25:22.0971 0188  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:25:22.0979 0188  isapnp - ok
21:25:22.0995 0188  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:25:23.0007 0188  iScsiPrt - ok
21:25:23.0033 0188  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:25:23.0041 0188  kbdclass - ok
21:25:23.0052 0188  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:25:23.0068 0188  kbdhid - ok
21:25:23.0085 0188  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:25:23.0095 0188  KeyIso - ok
21:25:23.0128 0188  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:25:23.0138 0188  KSecDD - ok
21:25:23.0183 0188  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
21:25:23.0202 0188  KSecPkg - ok
21:25:23.0212 0188  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
21:25:23.0247 0188  ksthunk - ok
21:25:23.0268 0188  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
21:25:23.0308 0188  KtmRm - ok
21:25:23.0356 0188  [ CE4347E2D90DB2E5517B6F2BC720A862 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
21:25:23.0367 0188  LADF_CaptureOnly - ok
21:25:23.0404 0188  [ 86DCBF8A41C78561A1DA07AB5E7B1CCC ] LADF_DHP2      C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
21:25:23.0411 0188  LADF_DHP2 - ok
21:25:23.0456 0188  [ 85A9D21D3AE2EA963E111CB150895877 ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
21:25:23.0475 0188  LADF_RenderOnly - ok
21:25:23.0491 0188  [ 175C04C7813CE64616B5CB046E5E1383 ] LADF_SBVM      C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
21:25:23.0505 0188  LADF_SBVM - ok
21:25:23.0532 0188  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:25:23.0576 0188  LanmanServer - ok
21:25:23.0600 0188  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:25:23.0643 0188  LanmanWorkstation - ok
21:25:23.0688 0188  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum      C:\Windows\system32\drivers\LGBusEnum.sys
21:25:23.0699 0188  LGBusEnum - ok
21:25:23.0727 0188  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
21:25:23.0740 0188  LGVirHid - ok
21:25:23.0763 0188  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:25:23.0816 0188  lltdio - ok
21:25:23.0839 0188  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
21:25:23.0873 0188  lltdsvc - ok
21:25:23.0898 0188  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
21:25:23.0937 0188  lmhosts - ok
21:25:24.0001 0188  [ 9AD4BEE2FE76D4CA39AC969B617E94FB ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:25:24.0020 0188  LMS - ok
21:25:24.0044 0188  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:25:24.0062 0188  LSI_FC - ok
21:25:24.0070 0188  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
21:25:24.0084 0188  LSI_SAS - ok
21:25:24.0091 0188  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:25:24.0100 0188  LSI_SAS2 - ok
21:25:24.0109 0188  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:25:24.0118 0188  LSI_SCSI - ok
21:25:24.0129 0188  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
21:25:24.0172 0188  luafv - ok
21:25:24.0215 0188  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
21:25:24.0230 0188  MBAMProtector - ok
21:25:24.0317 0188  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:25:24.0337 0188  MBAMScheduler - ok
21:25:24.0403 0188  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:25:24.0422 0188  MBAMService - ok
21:25:24.0474 0188  [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
21:25:24.0487 0188  MBfilt - ok
21:25:24.0515 0188  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
21:25:24.0545 0188  Mcx2Svc - ok
21:25:24.0554 0188  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\drivers\megasas.sys
21:25:24.0566 0188  megasas - ok
21:25:24.0599 0188  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:25:24.0612 0188  MegaSR - ok
21:25:24.0648 0188  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
21:25:24.0659 0188  MEIx64 - ok
21:25:24.0690 0188  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
21:25:24.0741 0188  MMCSS - ok
21:25:24.0758 0188  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
21:25:24.0807 0188  Modem - ok
21:25:24.0817 0188  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
21:25:24.0837 0188  monitor - ok
21:25:24.0847 0188  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:25:24.0854 0188  mouclass - ok
21:25:24.0870 0188  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:25:24.0894 0188  mouhid - ok
21:25:24.0916 0188  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:25:24.0925 0188  mountmgr - ok
21:25:24.0979 0188  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:25:24.0993 0188  MozillaMaintenance - ok
21:25:25.0007 0188  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:25:25.0020 0188  mpio - ok
21:25:25.0028 0188  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:25:25.0059 0188  mpsdrv - ok
21:25:25.0085 0188  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:25:25.0117 0188  MpsSvc - ok
21:25:25.0131 0188  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:25:25.0173 0188  MRxDAV - ok
21:25:25.0207 0188  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:25:25.0228 0188  mrxsmb - ok
21:25:25.0272 0188  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:25:25.0295 0188  mrxsmb10 - ok
21:25:25.0431 0188  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:25:25.0446 0188  mrxsmb20 - ok
21:25:25.0455 0188  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:25:25.0468 0188  msahci - ok
21:25:25.0479 0188  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
21:25:25.0493 0188  msdsm - ok
21:25:25.0506 0188  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
21:25:25.0531 0188  MSDTC - ok
21:25:25.0552 0188  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:25:25.0598 0188  Msfs - ok
21:25:25.0630 0188  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
21:25:25.0657 0188  mshidkmdf - ok
21:25:25.0672 0188  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:25:25.0680 0188  msisadrv - ok
21:25:25.0695 0188  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
21:25:25.0731 0188  MSiSCSI - ok
21:25:25.0733 0188  msiserver - ok
21:25:25.0757 0188  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
21:25:25.0798 0188  MSKSSRV - ok
21:25:25.0810 0188  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:25:25.0845 0188  MSPCLOCK - ok
21:25:25.0855 0188  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
21:25:25.0894 0188  MSPQM - ok
21:25:25.0909 0188  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
21:25:25.0922 0188  MsRPC - ok
21:25:25.0931 0188  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:25:25.0939 0188  mssmbios - ok
21:25:25.0948 0188  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
21:25:25.0982 0188  MSTEE - ok
21:25:25.0987 0188  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:25:25.0996 0188  MTConfig - ok
21:25:26.0007 0188  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
21:25:26.0015 0188  Mup - ok
21:25:26.0038 0188  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:25:26.0084 0188  napagent - ok
21:25:26.0112 0188  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
21:25:26.0137 0188  NativeWifiP - ok
21:25:26.0196 0188  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:25:26.0236 0188  NDIS - ok
21:25:26.0245 0188  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
21:25:26.0283 0188  NdisCap - ok
21:25:26.0298 0188  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:25:26.0323 0188  NdisTapi - ok
21:25:26.0334 0188  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
21:25:26.0377 0188  Ndisuio - ok
21:25:26.0385 0188  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
21:25:26.0421 0188  NdisWan - ok
21:25:26.0431 0188  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
21:25:26.0461 0188  NDProxy - ok
21:25:26.0475 0188  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
21:25:26.0517 0188  NetBIOS - ok
21:25:26.0527 0188  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
21:25:26.0553 0188  NetBT - ok
21:25:26.0568 0188  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:25:26.0578 0188  Netlogon - ok
21:25:26.0610 0188  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:25:26.0656 0188  Netman - ok
21:25:26.0728 0188  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:26.0745 0188  NetMsmqActivator - ok
21:25:26.0757 0188  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:26.0768 0188  NetPipeActivator - ok
21:25:26.0783 0188  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:25:26.0836 0188  netprofm - ok
21:25:26.0848 0188  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:26.0855 0188  NetTcpActivator - ok
21:25:26.0857 0188  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:25:26.0865 0188  NetTcpPortSharing - ok
21:25:26.0891 0188  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
21:25:26.0899 0188  nfrd960 - ok
21:25:26.0945 0188  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:25:26.0977 0188  NlaSvc - ok
21:25:27.0038 0188  [ AD42FB061166AF0643806800304BD76F ] NLNdisMP        C:\Windows\system32\DRIVERS\nlndis.sys
21:25:27.0053 0188  NLNdisMP - ok
21:25:27.0068 0188  [ AD42FB061166AF0643806800304BD76F ] NLNdisPT        C:\Windows\system32\DRIVERS\nlndis.sys
21:25:27.0082 0188  NLNdisPT - ok
21:25:27.0155 0188  [ 6988373E38223438B09F0C27D7E67393 ] nlsvc          C:\Program Files\NetLimiter 3\nlsvc.exe
21:25:27.0180 0188  nlsvc ( UnsignedFile.Multi.Generic ) - warning
21:25:27.0180 0188  nlsvc - detected UnsignedFile.Multi.Generic (1)
21:25:27.0195 0188  [ 75E6581DE9A0B155EDAB6807E668BE06 ] nltdi          C:\Program Files\NetLimiter 3\nltdi.sys
21:25:27.0202 0188  nltdi - ok
21:25:27.0242 0188  [ 4903177FC90E77ABEB19021451E9475E ] nmwcd          C:\Windows\system32\drivers\ccdcmbx64.sys
21:25:27.0285 0188  nmwcd - ok
21:25:27.0364 0188  [ E6844A4C97E5409BBE24BB4ED000320D ] nmwcdc          C:\Windows\system32\drivers\ccdcmbox64.sys
21:25:27.0406 0188  nmwcdc - ok
21:25:27.0484 0188  [ 510755C17F4AA13605412961F58884B5 ] NovaShieldFilterDriver C:\Windows\system32\DRIVERS\NSKernel.sys
21:25:27.0499 0188  NovaShieldFilterDriver - ok
21:25:27.0549 0188  [ 440469E8505744CCAA3BA294306258AE ] NovaShieldTDIDriver C:\Windows\system32\DRIVERS\NSNetmon.sys
21:25:27.0562 0188  NovaShieldTDIDriver - ok
21:25:27.0582 0188  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:25:27.0611 0188  Npfs - ok
21:25:27.0624 0188  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
21:25:27.0649 0188  nsi - ok
21:25:27.0659 0188  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:25:27.0716 0188  nsiproxy - ok
21:25:27.0770 0188  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:25:27.0814 0188  Ntfs - ok
21:25:27.0834 0188  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:25:27.0870 0188  Null - ok
21:25:27.0923 0188  [ 805F0C2B9C07E4C0F74D0EF70E9E827A ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
21:25:27.0941 0188  NVHDA - ok
21:25:28.0160 0188  [ 7A711D08F1FD1AB8149B6199F84A0EB7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:25:28.0284 0188  nvlddmkm - ok
21:25:28.0359 0188  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:25:28.0378 0188  nvraid - ok
21:25:28.0413 0188  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:25:28.0432 0188  nvstor - ok
21:25:28.0483 0188  [ B9F3591981D761A5CA1D24C369764D96 ] nvsvc          C:\Windows\system32\nvvsvc.exe
21:25:28.0513 0188  nvsvc - ok
21:25:28.0630 0188  [ A9AFE5B0648C8D7A411A72D8222F7F6E ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
21:25:28.0663 0188  nvUpdatusService - ok
21:25:28.0684 0188  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:25:28.0695 0188  nv_agp - ok
21:25:28.0847 0188  [ 71C97F97A909A990C7F60C77908BAFF9 ] OfficeSvc      C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
21:25:28.0887 0188  OfficeSvc - ok
21:25:28.0898 0188  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:25:28.0917 0188  ohci1394 - ok
21:25:28.0988 0188  [ FF93D67903FDEABCD4470CD82F44ACFA ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:25:29.0006 0188  ose - ok
21:25:29.0181 0188  [ 31DC8D825D2C4EB0FF7ED021BB92C541 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:25:29.0236 0188  osppsvc - ok
21:25:29.0263 0188  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:25:29.0282 0188  p2pimsvc - ok
21:25:29.0314 0188  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:25:29.0330 0188  p2psvc - ok
21:25:29.0348 0188  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\drivers\parport.sys
21:25:29.0365 0188  Parport - ok
21:25:29.0400 0188  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
21:25:29.0417 0188  partmgr - ok
21:25:29.0432 0188  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:25:29.0463 0188  PcaSvc - ok
21:25:29.0508 0188  [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
21:25:29.0533 0188  pccsmcfd - ok
21:25:29.0549 0188  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
21:25:29.0561 0188  pci - ok
21:25:29.0599 0188  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:25:29.0614 0188  pciide - ok
21:25:29.0632 0188  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:25:29.0654 0188  pcmcia - ok
21:25:29.0667 0188  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
21:25:29.0675 0188  pcw - ok
21:25:29.0682 0188  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:25:29.0718 0188  PEAUTH - ok
21:25:29.0889 0188  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:25:29.0915 0188  PerfHost - ok
21:25:29.0966 0188  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
21:25:30.0038 0188  pla - ok
21:25:30.0090 0188  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:25:30.0111 0188  PlugPlay - ok
21:25:30.0133 0188  PnkBstrA - ok
21:25:30.0147 0188  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
21:25:30.0157 0188  PNRPAutoReg - ok
21:25:30.0171 0188  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
21:25:30.0183 0188  PNRPsvc - ok
21:25:30.0210 0188  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
21:25:30.0251 0188  PolicyAgent - ok
21:25:30.0268 0188  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
21:25:30.0303 0188  Power - ok
21:25:30.0334 0188  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:25:30.0385 0188  PptpMiniport - ok
21:25:30.0395 0188  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\drivers\processr.sys
21:25:30.0409 0188  Processor - ok
21:25:30.0444 0188  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
21:25:30.0479 0188  ProfSvc - ok
21:25:30.0494 0188  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:25:30.0515 0188  ProtectedStorage - ok
21:25:30.0523 0188  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:25:30.0563 0188  Psched - ok
21:25:30.0608 0188  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:25:30.0653 0188  ql2300 - ok
21:25:30.0666 0188  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:25:30.0675 0188  ql40xx - ok
21:25:30.0696 0188  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
21:25:30.0735 0188  QWAVE - ok
21:25:30.0768 0188  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:25:30.0803 0188  QWAVEdrv - ok
21:25:30.0813 0188  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:25:30.0848 0188  RasAcd - ok
21:25:30.0874 0188  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
21:25:30.0898 0188  RasAgileVpn - ok
21:25:30.0910 0188  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
21:25:30.0946 0188  RasAuto - ok
21:25:30.0955 0188  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
21:25:30.0994 0188  Rasl2tp - ok
21:25:31.0100 0188  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:25:31.0151 0188  RasMan - ok
21:25:31.0164 0188  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:25:31.0195 0188  RasPppoe - ok
21:25:31.0217 0188  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
21:25:31.0257 0188  RasSstp - ok
21:25:31.0266 0188  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
21:25:31.0311 0188  rdbss - ok
21:25:31.0317 0188  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
21:25:31.0328 0188  rdpbus - ok
21:25:31.0341 0188  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:25:31.0364 0188  RDPCDD - ok
21:25:31.0369 0188  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:25:31.0408 0188  RDPENCDD - ok
21:25:31.0422 0188  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:25:31.0446 0188  RDPREFMP - ok
21:25:31.0481 0188  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
21:25:31.0500 0188  RDPWD - ok
21:25:31.0526 0188  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:25:31.0535 0188  rdyboost - ok
21:25:31.0567 0188  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:25:31.0594 0188  RemoteAccess - ok
21:25:31.0632 0188  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:25:31.0671 0188  RemoteRegistry - ok
21:25:31.0685 0188  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:25:31.0725 0188  RpcEptMapper - ok
21:25:31.0741 0188  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:25:31.0771 0188  RpcLocator - ok
21:25:31.0792 0188  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
21:25:31.0834 0188  RpcSs - ok
21:25:31.0854 0188  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:25:31.0878 0188  rspndr - ok
21:25:31.0929 0188  [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
21:25:31.0952 0188  RTL8167 - ok
21:25:32.0013 0188  [ 4FACBCF427B0BB87D5E2FD2F986A7B85 ] RzDxgk          C:\Windows\system32\drivers\RzDxgk.sys
21:25:32.0029 0188  RzDxgk - ok
21:25:32.0076 0188  [ DD29B38DC8FD862EBED0EB56F7698826 ] rzendpt        C:\Windows\system32\DRIVERS\rzendpt.sys
21:25:32.0094 0188  rzendpt - ok
21:25:32.0131 0188  [ 3DCDA3B114E50EFC17AEDBFBF494F02E ] RzFilter        C:\Windows\system32\drivers\RzFilter.sys
21:25:32.0145 0188  RzFilter - ok
21:25:32.0207 0188  [ 0CF9CCB076FDF47385AC9CD8DE02B766 ] RzOvlMon        C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe
21:25:32.0220 0188  RzOvlMon - ok
21:25:32.0263 0188  [ 629D583C28EEADA838D586FF1E4A91BB ] rzudd          C:\Windows\system32\DRIVERS\rzudd.sys
21:25:32.0297 0188  rzudd - ok
21:25:32.0311 0188  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
21:25:32.0330 0188  SamSs - ok
21:25:32.0355 0188  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:25:32.0371 0188  sbp2port - ok
21:25:32.0394 0188  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:25:32.0433 0188  SCardSvr - ok
21:25:32.0438 0188  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:25:32.0471 0188  scfilter - ok
21:25:32.0492 0188  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:25:32.0538 0188  Schedule - ok
21:25:32.0559 0188  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
21:25:32.0581 0188  SCPolicySvc - ok
21:25:32.0628 0188  [ 8B56BDCE6A303DDE63D63440D1CF9AD1 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
21:25:32.0635 0188  ScreamBAudioSvc - ok
21:25:32.0650 0188  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:25:32.0661 0188  SDRSVC - ok
21:25:32.0693 0188  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:25:32.0754 0188  secdrv - ok
21:25:32.0758 0188  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:25:32.0782 0188  seclogon - ok
21:25:32.0798 0188  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:25:32.0841 0188  SENS - ok
21:25:32.0848 0188  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:25:32.0871 0188  SensrSvc - ok
21:25:32.0883 0188  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
21:25:32.0914 0188  Serenum - ok
21:25:32.0935 0188  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:25:32.0967 0188  Serial - ok
21:25:32.0991 0188  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:25:33.0021 0188  sermouse - ok
21:25:33.0105 0188  [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
21:25:33.0131 0188  ServiceLayer - ok
21:25:33.0157 0188  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:25:33.0205 0188  SessionEnv - ok
21:25:33.0213 0188  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
21:25:33.0223 0188  sffdisk - ok
21:25:33.0227 0188  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:25:33.0252 0188  sffp_mmc - ok
21:25:33.0263 0188  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
21:25:33.0283 0188  sffp_sd - ok
21:25:33.0294 0188  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
21:25:33.0308 0188  sfloppy - ok
21:25:33.0333 0188  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:25:33.0369 0188  SharedAccess - ok
21:25:33.0399 0188  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:25:33.0508 0188  ShellHWDetection - ok
21:25:33.0633 0188  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:25:33.0645 0188  SiSRaid2 - ok
21:25:33.0659 0188  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:25:33.0668 0188  SiSRaid4 - ok
21:25:33.0720 0188  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
21:25:33.0734 0188  SkypeUpdate - ok
21:25:33.0755 0188  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
21:25:33.0808 0188  Smb - ok
21:25:33.0837 0188  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:25:33.0873 0188  SNMPTRAP - ok
21:25:33.0884 0188  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
21:25:33.0898 0188  spldr - ok
21:25:33.0949 0188  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
21:25:33.0979 0188  Spooler - ok
21:25:34.0032 0188  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:25:34.0127 0188  sppsvc - ok
21:25:34.0143 0188  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
21:25:34.0168 0188  sppuinotify - ok
21:25:34.0208 0188  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
21:25:34.0237 0188  srv - ok
21:25:34.0256 0188  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:25:34.0284 0188  srv2 - ok
21:25:34.0324 0188  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:25:34.0343 0188  srvnet - ok
21:25:34.0372 0188  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
21:25:34.0413 0188  SSDPSRV - ok
21:25:34.0422 0188  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
21:25:34.0448 0188  SstpSvc - ok
21:25:34.0480 0188  Steam Client Service - ok
21:25:34.0587 0188  [ 0887B293199AA2055888FABA989ED0A6 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:25:34.0608 0188  Stereo Service - ok
21:25:34.0637 0188  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
21:25:34.0652 0188  stexstor - ok
21:25:34.0701 0188  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:25:34.0752 0188  stisvc - ok
21:25:34.0764 0188  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:25:34.0778 0188  swenum - ok
21:25:34.0802 0188  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
21:25:34.0842 0188  swprv - ok
21:25:34.0872 0188  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
21:25:34.0924 0188  SysMain - ok
21:25:34.0934 0188  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:25:34.0952 0188  TabletInputService - ok
21:25:34.0969 0188  tandpl - ok
21:25:35.0009 0188  [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901        C:\Windows\system32\DRIVERS\tap0901.sys
21:25:35.0043 0188  tap0901 - ok
21:25:35.0064 0188  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
21:25:35.0121 0188  TapiSrv - ok
21:25:35.0153 0188  TBPanel - ok
21:25:35.0166 0188  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
21:25:35.0204 0188  TBS - ok
21:25:35.0290 0188  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
21:25:35.0361 0188  Tcpip - ok
21:25:35.0407 0188  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:25:35.0439 0188  TCPIP6 - ok
21:25:35.0484 0188  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:25:35.0501 0188  tcpipreg - ok
21:25:35.0520 0188  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:25:35.0536 0188  TDPIPE - ok
21:25:35.0570 0188  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
21:25:35.0595 0188  TDTCP - ok
21:25:35.0610 0188  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
21:25:35.0647 0188  tdx - ok
21:25:35.0662 0188  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:25:35.0674 0188  TermDD - ok
21:25:35.0703 0188  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
21:25:35.0749 0188  TermService - ok
21:25:35.0757 0188  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:25:35.0771 0188  Themes - ok
21:25:35.0798 0188  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
21:25:35.0823 0188  THREADORDER - ok
21:25:35.0831 0188  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:25:35.0865 0188  TrkWks - ok
21:25:35.0916 0188  [ 370A6907DDF79532A39319492B1FA38A ] truecrypt      C:\Windows\system32\drivers\truecrypt.sys
21:25:35.0934 0188  truecrypt - ok
21:25:35.0994 0188  [ D5F502C6B2E4FA6B125C01448E7A01AB ] Trufos          C:\Windows\system32\DRIVERS\Trufos.sys
21:25:36.0011 0188  Trufos - ok
21:25:36.0053 0188  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:25:36.0090 0188  TrustedInstaller - ok
21:25:36.0101 0188  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:25:36.0132 0188  tssecsrv - ok
21:25:36.0149 0188  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:25:36.0167 0188  TsUsbFlt - ok
21:25:36.0176 0188  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
21:25:36.0185 0188  TsUsbGD - ok
21:25:36.0202 0188  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:25:36.0239 0188  tunnel - ok
21:25:36.0247 0188  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:25:36.0254 0188  uagp35 - ok
21:25:36.0266 0188  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:25:36.0303 0188  udfs - ok
21:25:36.0334 0188  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
21:25:36.0360 0188  UI0Detect - ok
21:25:36.0382 0188  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:25:36.0390 0188  uliagpkx - ok
21:25:36.0414 0188  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
21:25:36.0434 0188  umbus - ok
21:25:36.0447 0188  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
21:25:36.0465 0188  UmPass - ok
21:25:36.0571 0188  [ CD114CE02A10FA79C229770788106842 ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:25:36.0613 0188  UNS - ok
21:25:36.0644 0188  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:25:36.0686 0188  upnphost - ok
21:25:36.0738 0188  [ 907F50B8695DAA65A9445D27AD306E65 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
21:25:36.0755 0188  upperdev - ok
21:25:36.0806 0188  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
21:25:36.0832 0188  USBAAPL64 - ok
21:25:36.0872 0188  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:25:36.0892 0188  usbaudio - ok
21:25:36.0929 0188  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
21:25:36.0947 0188  usbccgp - ok
21:25:36.0971 0188  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:25:36.0984 0188  usbcir - ok
21:25:37.0022 0188  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
21:25:37.0042 0188  usbehci - ok
21:25:37.0059 0188  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:25:37.0087 0188  usbhub - ok
21:25:37.0148 0188  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
21:25:37.0171 0188  usbohci - ok
21:25:37.0181 0188  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:25:37.0250 0188  usbprint - ok
21:25:37.0293 0188  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
21:25:37.0314 0188  usbscan - ok
21:25:37.0355 0188  [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser          C:\Windows\system32\drivers\usbser.sys
21:25:37.0364 0188  usbser - ok
21:25:37.0400 0188  [ 3F7498527B48657091C355F683BEB0DD ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
21:25:37.0438 0188  UsbserFilt - ok
21:25:37.0459 0188  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:25:37.0485 0188  USBSTOR - ok
21:25:37.0529 0188  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
21:25:37.0552 0188  usbuhci - ok
21:25:37.0585 0188  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
21:25:37.0646 0188  UxSms - ok
21:25:37.0660 0188  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:25:37.0669 0188  VaultSvc - ok
21:25:37.0704 0188  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
21:25:37.0736 0188  VClone - ok
21:25:37.0761 0188  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:25:37.0774 0188  vdrvroot - ok
21:25:37.0798 0188  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
21:25:37.0857 0188  vds - ok
21:25:37.0863 0188  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
21:25:37.0873 0188  vga - ok
21:25:37.0886 0188  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
21:25:37.0923 0188  VgaSave - ok
21:25:37.0934 0188  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
21:25:37.0945 0188  vhdmp - ok
21:25:37.0961 0188  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:25:37.0968 0188  viaide - ok
21:25:38.0015 0188  [ 684A755DDFCB35FD52C3FC62A00A8399 ] VirtuWDDM      C:\Windows\system32\DRIVERS\VirtuWDDM.sys
21:25:38.0022 0188  VirtuWDDM - ok
21:25:38.0043 0188  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:25:38.0051 0188  volmgr - ok
21:25:38.0068 0188  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
21:25:38.0080 0188  volmgrx - ok
21:25:38.0084 0188  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
21:25:38.0096 0188  volsnap - ok
21:25:38.0125 0188  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
21:25:38.0135 0188  vsmraid - ok
21:25:38.0177 0188  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
21:25:38.0242 0188  VSS - ok
21:25:38.0253 0188  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:25:38.0273 0188  vwifibus - ok
21:25:38.0296 0188  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
21:25:38.0325 0188  W32Time - ok
21:25:38.0347 0188  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:25:38.0366 0188  WacomPen - ok
21:25:38.0396 0188  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:25:38.0433 0188  WANARP - ok
21:25:38.0440 0188  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:25:38.0464 0188  Wanarpv6 - ok
21:25:38.0491 0188  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:25:38.0539 0188  wbengine - ok
21:25:38.0562 0188  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:25:38.0579 0188  WbioSrvc - ok
21:25:38.0605 0188  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
21:25:38.0632 0188  wcncsvc - ok
21:25:38.0693 0188  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:25:38.0760 0188  WcsPlugInService - ok
21:25:38.0833 0188  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
21:25:38.0887 0188  Wd - ok
21:25:38.0949 0188  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:25:38.0988 0188  Wdf01000 - ok
21:25:38.0998 0188  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:25:39.0022 0188  WdiServiceHost - ok
21:25:39.0024 0188  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
21:25:39.0038 0188  WdiSystemHost - ok
21:25:39.0130 0188  [ D75398987C968DCBABC411E08029E387 ] Web Assistant  C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
21:25:39.0140 0188  Web Assistant - ok
21:25:39.0157 0188  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
21:25:39.0188 0188  WebClient - ok
21:25:39.0204 0188  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:25:39.0257 0188  Wecsvc - ok
21:25:39.0275 0188  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
21:25:39.0301 0188  wercplsupport - ok
21:25:39.0323 0188  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:25:39.0349 0188  WerSvc - ok
21:25:39.0369 0188  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:25:39.0392 0188  WfpLwf - ok
21:25:39.0405 0188  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:25:39.0412 0188  WIMMount - ok
21:25:39.0419 0188  WinDefend - ok
21:25:39.0422 0188  WinHttpAutoProxySvc - ok
21:25:39.0481 0188  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
21:25:39.0521 0188  Winmgmt - ok
21:25:39.0569 0188  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
21:25:39.0632 0188  WinRM - ok
21:25:39.0685 0188  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:25:39.0713 0188  WinUsb - ok
21:25:39.0748 0188  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
21:25:39.0806 0188  Wlansvc - ok
21:25:39.0815 0188  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
21:25:39.0826 0188  WmiAcpi - ok
21:25:39.0850 0188  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:25:39.0871 0188  wmiApSrv - ok
21:25:39.0892 0188  WMPNetworkSvc - ok
21:25:39.0920 0188  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:25:39.0940 0188  WPCSvc - ok
21:25:39.0952 0188  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:25:39.0976 0188  WPDBusEnum - ok
21:25:39.0998 0188  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
21:25:40.0021 0188  ws2ifsl - ok
21:25:40.0035 0188  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
21:25:40.0055 0188  wscsvc - ok
21:25:40.0057 0188  WSearch - ok
21:25:40.0131 0188  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:25:40.0207 0188  wuauserv - ok
21:25:40.0239 0188  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:25:40.0259 0188  WudfPf - ok
21:25:40.0282 0188  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:25:40.0302 0188  WUDFRd - ok
21:25:40.0340 0188  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
21:25:40.0358 0188  wudfsvc - ok
21:25:40.0392 0188  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc        C:\Windows\System32\wwansvc.dll
21:25:40.0405 0188  WwanSvc - ok
21:25:40.0573 0188  [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc          C:\Windows\system32\DRIVERS\xnacc.sys
21:25:40.0618 0188  xnacc - ok
21:25:40.0632 0188  ================ Scan global ===============================
21:25:40.0654 0188  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:25:40.0697 0188  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:25:40.0707 0188  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
21:25:40.0732 0188  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:25:40.0756 0188  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:25:40.0762 0188  [Global] - ok
21:25:40.0763 0188  ================ Scan MBR ==================================
21:25:40.0769 0188  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:25:41.0018 0188  \Device\Harddisk0\DR0 - ok
21:25:41.0018 0188  ================ Scan VBR ==================================
21:25:41.0020 0188  [ D59523B41D162162F170324F4AA4B596 ] \Device\Harddisk0\DR0\Partition1
21:25:41.0022 0188  \Device\Harddisk0\DR0\Partition1 - ok
21:25:41.0050 0188  [ A6CD0B3FDB12D2FF6954E306296C52F0 ] \Device\Harddisk0\DR0\Partition2
21:25:41.0051 0188  \Device\Harddisk0\DR0\Partition2 - ok
21:25:41.0052 0188  ============================================================
21:25:41.0052 0188  Scan finished
21:25:41.0052 0188  ============================================================
21:25:41.0061 5992  Detected object count: 5
21:25:41.0061 5992  Actual detected object count: 5
21:25:55.0094 5992  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
21:25:55.0094 5992  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
21:25:55.0095 5992  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:25:55.0096 5992  AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:25:55.0097 5992  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
21:25:55.0097 5992  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:25:55.0098 5992  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:25:55.0098 5992  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:25:55.0099 5992  nlsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:25:55.0099 5992  nlsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 08.06.2013 20:32
Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

theNeises 08.06.2013 20:45
Combofix.txt
Code:
ComboFix 13-06-08.01 - Fabian 08.06.2013  21:36:20.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8105.5861 [GMT 2:00]
ausgeführt von:: c:\users\Fabian\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: BullGuard Antivirus *Disabled/Updated* {C3CCAC61-52F7-A056-1860-6406566E2578}
FW: BullGuard Firewall *Disabled* {FBF72D44-1898-A10E-333F-CD33A8BD6203}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: BullGuard Antispyware *Disabled/Outdated* {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Vid-Saver
c:\program files (x86)\Vid-Saver\Vid-Saver.ico
c:\program files (x86)\Vid-Saver\Vid-Saver.ini
c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe
c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log
c:\programdata\ntuser.dat
c:\users\Fabian\AppData\Local\Vid-Saver
c:\users\Fabian\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
c:\users\Fabian\AppData\Roaming\local
c:\users\Fabian\AppData\Roaming\technic-launcher.jar
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-08 bis 2013-06-08  ))))))))))))))))))))))))))))))
.
.
2013-06-08 19:41 . 2013-06-08 19:41        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-06-08 19:41 . 2013-06-08 19:41        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-08 19:03 . 2013-06-08 19:12        --------        d-----w-        C:\_OTL
2013-06-08 18:55 . 2013-05-09 08:59        378432        ----a-w-        c:\windows\system32\drivers\aswSP.sys
2013-06-08 18:55 . 2013-05-09 08:59        33400        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
2013-06-08 18:55 . 2013-05-09 08:59        72016        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys
2013-06-08 18:55 . 2013-05-09 08:59        64288        ----a-w-        c:\windows\system32\drivers\aswTdi.sys
2013-06-08 18:55 . 2013-05-09 08:59        1025808        ----a-w-        c:\windows\system32\drivers\aswSnx.sys
2013-06-08 18:55 . 2013-05-09 08:59        189936        ----a-w-        c:\windows\system32\drivers\aswVmm.sys
2013-06-08 18:55 . 2013-05-09 08:59        65336        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys
2013-06-08 18:55 . 2013-05-09 08:59        80816        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys
2013-06-08 18:54 . 2013-05-09 08:58        41664        ----a-w-        c:\windows\avastSS.scr
2013-06-08 18:54 . 2013-06-08 18:54        --------        d-----w-        c:\program files\AVAST Software
2013-06-08 18:53 . 2013-06-08 18:54        --------        d-----w-        c:\programdata\AVAST Software
2013-06-08 17:11 . 2013-06-08 17:11        --------        d-sh--w-        c:\users\Fabian\AppData\Roaming\msnmsg
2013-06-08 17:06 . 2013-06-08 17:06        --------        d-----w-        c:\users\Fabian\AppData\Roaming\Simply Super Software
2013-06-08 17:05 . 2013-06-08 17:07        --------        d-----w-        c:\program files (x86)\Trojan Remover
2013-06-08 17:05 . 2013-06-08 17:05        --------        d-----w-        c:\programdata\Simply Super Software
2013-06-08 16:50 . 2013-06-08 16:50        --------        d-----w-        c:\users\Fabian\AppData\Roaming\Malwarebytes
2013-06-08 16:50 . 2013-06-08 16:50        --------        d-----w-        c:\programdata\Malwarebytes
2013-06-08 16:50 . 2013-06-08 16:50        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-08 16:50 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-06-08 16:19 . 2013-01-04 06:11        2776576        ----a-w-        c:\windows\system32\msmpeg2vdec.dll
2013-06-08 16:18 . 2013-01-13 20:35        9728        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-08 16:18 . 2013-01-13 20:35        2560        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-08 16:18 . 2013-01-13 19:51        2565120        ----a-w-        c:\windows\system32\d3d10warp.dll
2013-06-08 16:18 . 2013-01-13 18:09        522752        ----a-w-        c:\windows\system32\XpsGdiConverter.dll
2013-06-08 16:18 . 2013-01-13 20:31        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-08 16:18 . 2013-01-13 20:31        5632        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-08 16:18 . 2013-01-13 20:31        3072        ---ha-w-        c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-08 16:18 . 2013-01-13 19:59        1643520        ----a-w-        c:\windows\system32\DWrite.dll
2013-06-08 16:18 . 2013-01-13 19:38        296960        ----a-w-        c:\windows\system32\d3d10core.dll
2013-06-08 16:18 . 2013-01-13 19:10        3928064        ----a-w-        c:\windows\system32\d2d1.dll
2013-06-08 16:04 . 2013-05-13 23:48        9460464        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{558E57EF-BB27-437B-A1A6-062C1D6394DE}\mpengine.dll
2013-06-08 16:02 . 2013-06-08 16:02        --------        d-----w-        c:\users\Fabian\AppData\Local\DriverTuner
2013-06-08 12:09 . 2013-06-08 12:09        --------        d-----w-        c:\users\Fabian\AppData\Roaming\GetRightToGo
2013-06-08 11:30 . 2011-12-15 18:29        31232        ----a-w-        c:\windows\system32\drivers\tap0901.sys
2013-06-08 09:59 . 2013-05-05 21:36        17818624        ----a-w-        c:\windows\system32\mshtml.dll
2013-06-08 09:59 . 2013-05-05 21:16        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2013-06-08 09:59 . 2013-05-05 19:12        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2013-06-08 09:50 . 2013-02-27 06:02        111448        ----a-w-        c:\windows\system32\consent.exe
2013-06-08 09:50 . 2013-02-27 05:52        14172672        ----a-w-        c:\windows\system32\shell32.dll
2013-06-08 09:50 . 2013-02-27 05:52        197120        ----a-w-        c:\windows\system32\shdocvw.dll
2013-06-08 09:50 . 2013-02-27 05:48        1930752        ----a-w-        c:\windows\system32\authui.dll
2013-06-08 09:50 . 2013-02-27 04:49        1796096        ----a-w-        c:\windows\SysWow64\authui.dll
2013-06-08 09:50 . 2013-02-27 05:47        70144        ----a-w-        c:\windows\system32\appinfo.dll
2013-06-08 09:49 . 2013-02-15 06:06        3717632        ----a-w-        c:\windows\system32\mstscax.dll
2013-06-08 09:49 . 2013-02-15 04:37        3217408        ----a-w-        c:\windows\SysWow64\mstscax.dll
2013-06-08 09:49 . 2013-02-15 06:08        44032        ----a-w-        c:\windows\system32\tsgqec.dll
2013-06-08 09:49 . 2013-02-15 06:02        158720        ----a-w-        c:\windows\system32\aaclient.dll
2013-06-08 09:49 . 2013-02-15 04:34        131584        ----a-w-        c:\windows\SysWow64\aaclient.dll
2013-06-08 09:49 . 2013-02-15 03:25        36864        ----a-w-        c:\windows\SysWow64\tsgqec.dll
2013-06-08 09:49 . 2013-02-12 04:12        19968        ----a-w-        c:\windows\system32\drivers\usb8023.sys
2013-06-08 09:48 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-06-08 09:48 . 2013-04-10 03:30        3153920        ----a-w-        c:\windows\system32\win32k.sys
2013-06-08 09:48 . 2013-04-10 06:01        265064        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2013-06-08 09:48 . 2013-04-10 06:01        983400        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys
2013-06-08 09:48 . 2011-02-03 11:25        144384        ----a-w-        c:\windows\system32\cdd.dll
2013-06-08 09:48 . 2013-03-19 05:53        48640        ----a-w-        c:\windows\system32\wwanprotdim.dll
2013-06-08 09:48 . 2013-03-19 05:53        230400        ----a-w-        c:\windows\system32\wwansvc.dll
2013-06-08 09:46 . 2013-01-24 06:01        223752        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2013-06-08 09:46 . 2013-03-19 06:04        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-06-08 09:46 . 2013-03-19 05:46        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-06-08 09:46 . 2013-03-19 05:04        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-06-08 09:46 . 2013-03-19 05:04        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-06-08 09:46 . 2013-03-19 04:47        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-06-08 09:46 . 2013-03-19 03:06        112640        ----a-w-        c:\windows\system32\smss.exe
2013-06-08 08:42 . 2013-06-08 17:21        --------        d-----w-        c:\users\Fabian\AppData\Roaming\WindowsLogon
2013-06-07 21:09 . 2013-06-08 18:08        --------        d-sh--w-        c:\programdata\Realtek0
2013-06-05 13:59 . 2013-06-05 13:59        --------        d-----w-        c:\users\Fabian\AppData\Roaming\Awesomium
2013-06-05 13:58 . 2013-06-05 13:58        --------        d-----w-        c:\programdata\Hi-Rez Studios
2013-06-05 13:58 . 2013-06-05 13:58        --------        d-----w-        c:\program files (x86)\Hi-Rez Studios
2013-06-03 13:04 . 2013-06-03 13:04        --------        d-----w-        c:\users\Fabian\AppData\Local\NVIDIA
2013-06-03 13:01 . 2013-06-03 13:01        --------        d-----w-        c:\program files (x86)\AGEIA Technologies
2013-06-03 13:00 . 2013-06-08 16:24        --------        d-----w-        c:\windows\SysWow64\NV
2013-06-03 13:00 . 2013-06-08 16:24        --------        d-----w-        c:\windows\system32\NV
2013-05-29 23:22 . 2013-05-29 23:22        --------        d-----w-        c:\programdata\BrowserProtect
2013-05-29 23:21 . 2013-05-29 23:21        --------        d-----w-        c:\users\Fabian\AppData\Roaming\ExpressFiles
2013-05-29 23:19 . 2013-05-29 23:19        --------        d-----w-        c:\users\Fabian\AppData\Local\iLivid
2013-05-17 03:17 . 2013-05-17 03:17        126464        ----a-w-        c:\windows\system32\drivers\rzudd.sys
2013-05-17 03:17 . 2013-05-17 03:17        31232        ----a-w-        c:\windows\system32\drivers\rzendpt.sys
2013-05-17 03:14 . 2013-05-17 03:14        56832        ----a-w-        c:\windows\SysWow64\rzdevinfo.dll
2013-05-17 03:14 . 2013-05-17 03:14        154112        ----a-w-        c:\windows\SysWow64\rztouchdll.dll
2013-05-17 03:14 . 2013-05-17 03:14        766976        ----a-w-        c:\windows\SysWow64\rzdevicedll.dll
2013-05-17 03:14 . 2013-05-17 03:14        117248        ----a-w-        c:\windows\SysWow64\rzdisplaydll.dll
2013-05-17 03:14 . 2013-05-17 03:14        296448        ----a-w-        c:\windows\SysWow64\rzaudiodll.dll
2013-05-14 19:43 . 2013-05-14 19:43        9195912        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-12 13:43 . 2013-05-12 13:43        566048        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2013-05-11 12:01 . 2013-05-11 12:01        --------        d-----w-        c:\program files (x86)\Common Files\Java
2013-05-11 12:01 . 2013-05-11 12:01        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-10 18:04 . 2013-05-10 18:05        --------        d-----w-        C:\tmp
2013-05-10 17:42 . 2013-05-10 17:42        --------        d-----w-        c:\users\Fabian\AppData\Roaming\Blender Foundation
2013-05-09 19:53 . 2013-05-09 19:53        --------        d-----w-        c:\users\Fabian\.thumbnails
2013-05-09 19:53 . 2013-05-09 19:53        --------        d-----w-        c:\program files\Blender Foundation
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-06 11:19 . 2012-10-25 11:40        282512        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-06-06 11:19 . 2012-10-25 11:40        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2013-05-14 19:43 . 2012-05-28 18:50        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 19:43 . 2012-05-28 18:50        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-12 21:42 . 2012-10-10 20:22        2597344        ----a-w-        c:\windows\SysWow64\nvapi.dll
2013-05-12 21:42 . 2012-10-10 20:22        12426216        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2013-05-12 21:42 . 2012-05-24 18:11        2935696        ----a-w-        c:\windows\system32\nvapi64.dll
2013-05-12 21:42 . 2012-05-24 18:11        27775776        ----a-w-        c:\windows\system32\nvoglv64.dll
2013-05-12 21:42 . 2012-05-24 18:11        15910736        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2013-05-12 21:42 . 2012-05-24 18:11        1059560        ----a-w-        c:\windows\system32\nvumdshimx.dll
2013-05-12 20:34 . 2012-05-24 18:12        6491936        ----a-w-        c:\windows\system32\nvcpl.dll
2013-05-12 20:34 . 2012-05-24 18:12        3514656        ----a-w-        c:\windows\system32\nvsvc64.dll
2013-05-12 20:34 . 2012-05-24 18:12        884512        ----a-w-        c:\windows\system32\nvvsvc.exe
2013-05-12 20:34 . 2012-05-24 18:12        63776        ----a-w-        c:\windows\system32\nvshext.dll
2013-05-12 20:34 . 2012-05-24 18:12        2555680        ----a-w-        c:\windows\system32\nvsvcr.dll
2013-05-12 20:34 . 2012-05-24 18:12        237856        ----a-w-        c:\windows\system32\nvmctray.dll
2013-05-11 12:01 . 2012-05-24 17:42        866720        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-05-11 12:01 . 2012-05-24 17:42        788896        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-05-09 08:58 . 2012-06-20 15:55        287840        ----a-w-        c:\windows\system32\aswBoot.exe
2013-05-08 14:13 . 2012-05-24 18:12        3165737        ----a-w-        c:\windows\system32\nvcoproc.bin
2013-05-03 14:15 . 2012-05-24 19:04        75016696        ----a-w-        c:\windows\system32\MRT.exe
2013-05-02 00:06 . 2010-11-21 03:27        278800        ------w-        c:\windows\system32\MpSigStub.exe
2013-04-18 13:28 . 2013-04-30 19:46        73944        ----a-w-        c:\windows\system32\drivers\RzFilter.sys
2013-04-18 13:28 . 2013-04-30 19:46        128728        ----a-w-        c:\windows\system32\drivers\RzDxgk.sys
2013-04-13 05:49 . 2013-06-08 09:49        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-06-08 09:49        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-06-08 09:49        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-06-08 09:49        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-06-08 09:49        474624        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-08 09:49        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-04-07 18:39 . 2013-04-07 18:39        53248        ----a-w-        c:\windows\SysWow64\unrar.dll
2013-04-07 08:54 . 2012-09-07 16:32        1455408        ----a-w-        c:\windows\system32\dmwu.exe
2013-04-07 08:53 . 2012-09-07 16:32        33792        ----a-w-        c:\windows\system32\ImHttpComm.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2013-01-29 13:28        170840        ----a-w-        c:\program files\Web Assistant\Extension32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-01-26 13:39        2042528        ----a-w-        c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-01-26 13:39        2042528        ----a-w-        c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-01-26 13:39        2042528        ----a-w-        c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OscarEditor"="c:\program files (x86)\MOUSE Editor\MouseEditor.exe" [2012-02-22 3325952]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-17 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Arctosa"="c:\program files (x86)\Razer\Arctosa\razerhid.exe" [2009-08-19 232960]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2013-05-21 609640]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2013-06-08 1648400]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
tbhcn.lnk - c:\users\Fabian\AppData\Roaming\BrowserCompanion\tbhcn.exe [2012-7-2 695448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~1\BULLGU~1\BULLGU~1\Files32\BgAgent.dll c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]
@="Service"
.
R2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Fabian\AppData\Local\Temp\ALSysIO64.sys;c:\users\Fabian\AppData\Local\Temp\ALSysIO64.sys [x]
R3 Arctosa;Arctosa Keyboard;c:\windows\system32\drivers\Arctosa.sys;c:\windows\SYSNATIVE\drivers\Arctosa.sys [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS;c:\windows\SYSNATIVE\drivers\FNETTBOH_305.SYS [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfDHP2amd64.sys [x]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfSBVMamd64.sys [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys;c:\windows\SYSNATIVE\DRIVERS\VirtuWDDM.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys;c:\windows\SYSNATIVE\DRIVERS\afw.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys;c:\windows\SYSNATIVE\drivers\BdSpy.sys [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS;c:\windows\SYSNATIVE\drivers\FNETURPX.SYS [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys;c:\program files\NetLimiter 3\nltdi.sys [x]
S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys;c:\windows\SYSNATIVE\DRIVERS\NSKernel.sys [x]
S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys;c:\windows\SYSNATIVE\DRIVERS\NSNetmon.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [x]
S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x]
S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Web Assistant;Web Assistant;c:\program files\Web Assistant\ExtensionUpdaterService.exe;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys;c:\windows\SYSNATIVE\DRIVERS\afwcore.sys [x]
S3 BdNet;BdNet;c:\windows\system32\drivers\BdNet.sys;c:\windows\SYSNATIVE\drivers\BdNet.sys [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 11392173
*NewlyCreated* - ASWRVRT
*Deregistered* - 11392173
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 19:43]
.
2013-06-08 c:\windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49]
.
2013-06-08 c:\windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49]
.
2013-06-08 c:\windows\Tasks\GinyasBrowserCompanion Runner.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49]
.
2013-06-08 c:\windows\Tasks\GinyasBrowserCompanion Stats Report.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49]
.
2013-06-08 c:\windows\Tasks\GinyasBrowserCompanion Update Checker.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-02-18 10:49]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-08 18:55]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-08 18:55]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3485898032-1890299033-1484769855-1000Core.job
- c:\users\Fabian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 16:37]
.
2013-06-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3485898032-1890299033-1484769855-1000UA.job
- c:\users\Fabian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 16:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-01-26 14:02        2860192        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-01-26 14:02        2860192        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-01-26 14:02        2860192        ----a-w-        c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58        133840        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10        776144        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10        776144        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10        776144        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10        776144        ----a-w-        c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" [2012-12-13 2536288]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~1\LUCIDL~1\VIRTU\appinit_dll.dll c:\progra~1\BULLGU~1\BULLGU~1\BgAgent.dll c:\windows\System32\BgGamingMonitor.dll c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?affID=122304&tt=gc_&babsrc=HP_ss&mntrId=5087BC5FF41A74A3
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;<local>
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\a7zvye9k.default\
FF - prefs.js: browser.startup.homepage -
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=120812_bandext_3312_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 50877b67000000000000bc5ff41a74a3
FF - user.js: extensions.BabylonToolbar.instlDay - 15566
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.619:24
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 50877b67000000000000bc5ff41a74a3
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 15756
FF - user.js: extensions.Softonic.vrsn - 1.8.8.11
FF - user.js: extensions.Softonic.vrsni - 1.8.8.11
FF - user.js: extensions.Softonic_i.vrsnTs - 1.8.8.1121:06
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive
FF - user.js: extensions.Softonic.instlRef - MOY00009
FF - user.js: extensions.Softonic.dfltLng - de
FF - user.js: extensions.Softonic_i.excTlbr - false
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - true
FF - user.js: extensions.Softonic_i.newTab - false
FF - user.js: extensions.claro.tlbrSrchUrl -
FF - user.js: extensions.claro.id - 50877b67000000000000bc5ff41a74a3
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15781
FF - user.js: extensions.claro.vrsn - 1.8.8.5
FF - user.js: extensions.claro.vrsni - 1.8.8.5
FF - user.js: extensions.claro_i.vrsnTs - 1.8.8.513:07
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - uninst
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro_i.excTlbr - false
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
FF - user.js: extensions.claro.autoRvrt - false
FF - user.js: extensions.claro.rvrt - false
FF - user.js: extensions.claro_i.newTab - false
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 50877b67000000000000bc5ff41a74a3
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15854
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.51:22
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122304&tt=gc_
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-Spotify Web Helper - c:\users\Fabian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-BattlEye A2 Free - c:\program files (x86)\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe
AddRemove-GinyasBrowserCompanion - c:\program files (x86)\BrowserCompanion\uninstall.exe
AddRemove-{10CD364B-FFCC-48BE-B469-B9622A033075} - c:\programdata\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}\Fences.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:a8,1c,50,ec,0c,00,ce,01
.
[HKEY_USERS\S-1-5-21-3485898032-1890299033-1484769855-1000\Software\SecuROM\License information*]
"datasecu"=hex:29,d5,1a,a4,37,7a,90,c5,1a,2d,c1,f2,98,f1,59,78,87,b4,49,6b,c7,
  64,c1,9a,b6,6c,53,90,2d,8b,d8,b6,89,b0,bb,99,06,06,14,0d,95,03,a5,36,33,e8,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-08  21:42:15
ComboFix-quarantined-files.txt  2013-06-08 19:42
.
Vor Suchlauf: 16 Verzeichnis(se), 118.735.650.816 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 118.474.653.696 Bytes frei
.
- - End Of File - - 0E3E121BB85D03CF0B447158AD2C8C0B
Mein Bildschirmschoner ist während der Analyse erschienen wenn das ein Problem darstellen sollte werde ich die Analyse nochmal durchführen

markusg 08.06.2013 21:01
hi öffnest du mal bitte Computer, c: qoobox rechtsklick quarantain, packen und im Uploadchannel hochladen, melden bitte, wenn fertig.

theNeises 08.06.2013 21:04
Fertig hochgeladen.

markusg 08.06.2013 21:06
danke dir.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

theNeises 08.06.2013 22:33
Sooo ich melde mich Zurück
Wurden keine Infizierten Dateien gefunden :daumenhoc

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.08.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Fabian :: FABIAN-PC [Administrator]

Schutz: Aktiviert

08.06.2013 22:14:25
mbam-log-2013-06-08 (22-14-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 488587
Laufzeit: 1 Stunde(n), 18 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg 09.06.2013 18:36
Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

theNeises 09.06.2013 19:04
Auftrag erledigt.

Code:
Acrobat.com        Adobe Systems Incorporated        24.05.2012                1.1.377                          Unbekannt
Adobe AIR        Adobe Systems Incorporated        30.05.2013                3.7.0.1860                        Unbekannt
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        14.05.2013        6,00MB        11.7.700.202      Notwendig
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        14.05.2013        6,00MB        11.7.700.202      Notwendig
Adobe Reader 9.5.5 - Deutsch        Adobe Systems Incorporated        09.06.2013        123MB        9.5.5            Unbekannt   
Adobe Shockwave Player 12.0        Adobe Systems, Inc.        09.05.2013                12.0.2.122                Notwenig 
Air Forte                13.04.2013                                                                          unnötig
AirMech                09.12.2012                                                                                  Unnötig
AJScreensaver                20.02.2013                                                                          Unnötig       
Akamai NetSession Interface                20.06.2012                                                          Unbekannt
Akamai NetSession Interface        Akamai Technologies, Inc        18.03.2013                                  Unbekannt
Alan Wake        Remedy Entertainment        31.05.2013                                                          Notwendig
Alle meine Passworte 3.20                28.05.2012                                                          Notwendig
Apple Application Support        Apple Inc.        09.06.2013        64,7MB        2.3.4                            Notwendig
Apple Mobile Device Support        Apple Inc.        13.09.2012        23,7MB        6.0.0.59                          Notwendig
Apple Software Update        Apple Inc.        12.09.2012        2,38MB        2.1.3.127                                Notwendig
applicationupdater        Sony Online Entertainment        29.11.2012                                          Unnötig
Assassin's Creed III 1.01        Ubisoft        23.11.2012                1.01                                      Notwendig
Atom Zombie Smasher                13.04.2013                                                                  Unnötig
aTube Catcher        DsNET Corp        27.10.2012                2.9.1347                                          Unnötig
avast! Internet Security        AVAST Software        09.06.2013                8.0.1489.0                        Notwendig
AVM FRITZ!WLAN        AVM Berlin        02.02.2013                                                                  Notwendig
Bastion        Supergiant Games        20.03.2013                                                                  Notwendig
Battlefield 3™        Electronic Arts        13.12.2012                1.0.0.0                                          Notwendig
Battlelog Web Plugins        EA Digital Illusions CE AB        13.12.2012                2.1.2                    Notwendig
BattlEye (A2Free) Uninstall                21.06.2012                                                          Notwendig
BattlEye for OA Uninstall                21.10.2012                                                        Notwendig               
Blender        Blender Foundation        09.05.2013                2.67                                              Unnötig
Borderlands 2        Gearbox Software        23.04.2013                                                          Notwendig
BullGuard        BullGuard Ltd.        28.10.2012                13.0                                              Unnötig
CCleaner        Piriform        24.05.2013                4.02                                              Notwendig
Closure                20.12.2012                                                                                  Notwendig
Core Temp version 0.99.7        Arthur Liberman        24.05.2012        1,75MB        0.99.7                            Unnötig
Cossacks - The Art Of War                07.04.2013                                                          Notwendig
Dota 2                19.08.2012                                                                                  Notwendig
Dota 2 Test                22.10.2012                                                                          Unnötig
Downloader                16.07.2012                                                                          Unbekannt
Dungeon Defenders                20.07.2012                                                                  Notwendig
ESN Sonar        ESN Social Software AB        13.12.2012                0.70.4                                    Unbekannt
EVEREST Home Edition v2.20        Lavalys Inc        05.03.2013                2.20                              Notwendig
EXPERTool 7.21        Gainward Co., Ltd        24.05.2012        11,2MB                                                  Unbekannt
Fallout 3        Bethesda Softworks        01.08.2012                1.00.0000                                Unnötig
Far Cry 3        Ubisoft        06.06.2013                1.05                                                      Notwendig
FileZilla Client 3.6.0        FileZilla Project        12.11.2012        17,0MB        3.6.0                            Unnötig
Flotilla                13.04.2013                                                                          Unnötig
Fragen-Lern-CD 4.3        Wendel-Verlag GmbH        26.02.2013                4.3.5                            Notwendig
gamelauncher-ps2-live        Sony Online Entertainment        12.01.2013                                          Unnötig
GinyasBrowserCompanion        Ginyas        23.02.2013                                                                  Unbekannt
Google Drive        Google, Inc.        08.06.2013        32,0MB        1.9.4536.8202                                    Unbekannt
GUILD WARS                24.05.2012                                                                          Notwendig
Hector: Ep 1                30.05.2013                                                                          Notwendig
Hector: Ep 2                30.05.2013                                                                          Notwendig
Hector: Ep 3                30.05.2013                                                                          Notwendig
Hi-Rez Studios Authenticate and Update Service        Hi-Rez Studios        05.06.2013                3.0.0.0          Notwendig
HP FWUpdateEDO2        Hewlett-Packard        27.11.2012        1,53MB        1.2.0.0                                          Notwendig
HP Officejet 6600 - Grundlegende Software für das Gerät        Hewlett-Packard Co.        13.11.2012        180MB        25.0.619.0  Notwendig
HP Officejet 6600 Hilfe        Hewlett Packard        13.11.2012        17,6MB        140.0.2.2                                Notwendig
HP Photo Creations        HP        27.11.2012        14,6MB        1.0.0.9572                                        Unbekannt
HP Update        Hewlett-Packard        27.11.2012        3,98MB        5.003.001.001                                    Unnötig
I.R.I.S. OCR        HP        13.11.2012        68,9MB        12.3.4.0                                                  Unbekannt
IB Updater Service                11.04.2013                3.0.4.6                                          Unbekannt
iCloud        Apple Inc.        27.09.2012        80,2MB        2.0.2.187                                                Unnötig
iFunbox (v2.1.2228.731), iFunbox DevTeam                22.02.2013        40,6MB        v2.1.2228.731            Unnötig
Intel(R) Control Center        Intel Corporation        24.05.2012                1.2.1.1007                        Unbekannt
Intel(R) Management Engine Components        Intel Corporation        25.05.2012                7.0.0.1144        Notwendig
Intel(R) Processor Graphics        Intel Corporation        08.06.2013                9.17.10.2932              Notwendig
iTunes        Apple Inc.        13.09.2012        182MB        10.7.0.21                                                Notwendig
Java 7 Update 21        Oracle        11.05.2013        129MB        7.0.210                                          Notwendig
Java 7 Update 21 (64-bit)        Oracle        09.06.2013        128MB        7.0.210                                  Notwendig
JavaFX 2.1.0        Oracle Corporation        24.05.2012        20,8MB        2.1.0                                    Notwendig
League of Legends        Riot Games        16.06.2012                1.3                                      Notwendig
LOLReplay        www.leaguereplays.com        14.02.2013                0.8.1.4                                  Unnötig
Malwarebytes Anti-Malware Version 1.75.0.1300        Malwarebytes Corporation        08.06.2013        19,2MB        1.75.0.1300  Notwendig
Medal of Honor™ Warfighter        Electronic Arts        25.10.2012        16,0GB        1.0.0.0                          Notwendig
Metro 2033        THQ        05.12.2012                                                                          Notwendig
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        25.05.2012        38,8MB        4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        25.05.2012        2,93MB        4.0.30319
Microsoft .NET Framework 4 Extended        Microsoft Corporation        01.07.2012        51,9MB        4.0.30319
Microsoft Games for Windows - LIVE Redistributable        Microsoft Corporation        01.08.2012        28,3MB        1.2.0241
Microsoft Office 365 Home Premium Preview - en-us        Microsoft Corporation        24.01.2013                15.0.4128.1025
Microsoft Silverlight        Microsoft Corporation        09.06.2013        50,6MB        5.1.20125.0
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        09.06.2013        298KB        8.0.61001
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        25.05.2012        252KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        24.05.2012        788KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        14.03.2013        788KB        9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        30.05.2012        240KB        9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        24.05.2012        596KB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        14.03.2013        600KB        9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219        Microsoft Corporation        09.06.2013        16,9MB        10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        09.06.2013        11,1MB        10.0.40219
Microsoft XNA Framework Redistributable 3.1        Microsoft Corporation        20.03.2013        7,48MB        3.1.10527.0
Microsoft XNA Framework Redistributable 4.0        Microsoft Corporation        01.07.2012        8,03MB        4.0.20823.0
Mouse Editor        Ihr Firmenname        30.10.2012        53,2MB        12.02.0004                                        Notwendig
MovieSaver*3.0        Engelmann Media GmbH        03.01.2013        4,96MB        3.0.11.1100                              Unnötig
Mozilla Firefox 21.0 (x86 de)        Mozilla        09.06.2013        44,5MB        21.0                                      Notwendig
Mozilla Maintenance Service        Mozilla        09.06.2013        333KB        21.0                                      Notwendig
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        09.06.2012        1,27MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        09.06.2012        1,33MB        4.20.9876.0
MSXML 4.0 SP3 Parser        Microsoft Corporation        09.06.2013        1,47MB        4.30.2100.0
MSXML 4.0 SP3 Parser (KB2758694)        Microsoft Corporation        09.06.2013        1,54MB        4.30.2117.0
NetLimiter 3        Locktime Software s.r.o.        09.04.2013        9,78MB        3.0.0.11                          Unnötig
NewFreeScreensaver nfsDigitalPaintClockWhite                20.02.2013        1,35MB                                  Unnötig
Nokia Connectivity Cable Driver        Nokia        03.11.2012        3,95MB        7.1.92.0                                  Unnötig
NVIDIA 3D Vision Controller-Treiber 320.18        NVIDIA Corporation        03.06.2013                320.18    Notwendig
NVIDIA 3D Vision Treiber 320.18        NVIDIA Corporation        03.06.2013                320.18                    Notwendig
NVIDIA GeForce Experience 1.5        NVIDIA Corporation        03.06.2013                1.5                      Notwendig
NVIDIA Grafiktreiber 320.18        NVIDIA Corporation        03.06.2013                320.18                    Notwendig
NVIDIA HD-Audiotreiber 1.3.24.2        NVIDIA Corporation        03.06.2013                1.3.24.2                  Notwendig
NVIDIA PhysX-Systemsoftware 9.12.1031        NVIDIA Corporation        03.06.2013                9.12.1031        Notwendig
OpenOffice.org 3.4.1        Apache Software Foundation        14.03.2013        331MB        3.41.9593                Notwendig
Origin        Electronic Arts, Inc.        25.10.2012                9.0.13.2135                                      Notwendig
Panda USB Vaccine 1.0.1.4        Panda Security        09.06.2013                                                  Notwendig
Pando Media Booster        Pando Networks Inc.        17.12.2012        5,46MB        2.6.0.8                          Unbekannt
PC Connectivity Solution        Nokia        03.11.2012        21,2MB        12.0.48.0                                Unbekannt
PunkBuster Services        Even Balance, Inc.        06.06.2013                0.993                            Notwendig
QuickTime        Apple Inc.        09.06.2013        74,6MB        7.74.80.86                                        Unnötig
RaidCall        raidcall.com        06.03.2013                7.1.6-1.0.4843.7                                  Notwendig
Razer Arctosa        Razer USA Ltd.        10.02.2013                1.00.0000                                        Unnötig
Razer Core        Razer USA Ltd.        30.04.2013                0.01.137                                          Notwendig
Razer Synapse 2.0        Razer Inc.        04.06.2013        17,3MB        1.10.6                                    Notwendig
Realtek Ethernet Controller Driver        Realtek        24.05.2012                7.44.421.2011                    Notwendig
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        24.05.2012                6.0.1.6392 Notwendig
Saints Row: The Third        Volition        06.06.2013                                                          Notwendig
SanDiskSecureAccess_Manager.exe        Gemalto N.V.        15.03.2013                1.1.19269                        Notwendig
Secunia PSI (3.0.0.7009)        Secunia        09.06.2013        5,65MB        3.0.0.7009                                Notwendig
SimCity 4 Deluxe                24.08.2012                                                                  Notwendig
SimCity™        Electronic Arts        07.03.2013        283MB        1.0.0.0                                          Notwendig                                           
Skype™ 6.3        Skype Technologies S.A.        19.05.2013        21,1MB        6.3.107                                  Notwendig
Smite        Hi-Rez Studios        06.06.2013                0.1.1556.2                                                Notwendig
SPORE™        Electronic Arts        07.06.2012                1.00.0000                                                Notwendig
Spotify        Spotify AB        06.05.2013                0.9.0.133.gd18ed589                                      Notwendig
Steam        Valve Corporation        29.05.2012        35,4MB        1.0.0.0                                          Notwendig
Studie zur Verbesserung von HP Officejet 6600 Produkten        Hewlett-Packard Co.        13.11.2012        8,28MB        25.0.619.0 Unnötig
System Requirements Lab for Intel        Husdawg, LLC        15.12.2012        1,02MB        4.5.11.0                  Unbekannt
TeamSpeak 3 Client        TeamSpeak Systems GmbH        05.11.2012                3.0.9.2                          Notwendig
The Binding of Isaac                20.12.2012                                                                  Notwendig
The Walking Dead                30.05.2013                                                                  Notwendig
THX TruStudio        Creative Technology Limited        24.05.2012                1.00.01                          Notwendig
TmNationsForever        Nadeo        01.06.2012                                                                  Notwendig
TmUnitedForever        Nadeo        05.06.2012                                                                          Notwendig
TrueCrypt        TrueCrypt Foundation        03.07.2012                7.1a                                      Unbekannt
Uplay        Ubisoft        23.11.2012                2.0                                                              Notwendig
VIRTU 1.2.106        Lucfidlogix Technologies LTD        24.05.2012        15,5MB        1.2.106                          Notwendig
Wallace & Gromit Ep 1: Fright of the Bumblebees        Telltale Games        30.05.2013                                  Notwendig
Wallace & Gromit Ep 2: The Last Resort        Telltale Games        30.05.2013                                          Notwendig
Wallace & Gromit Ep 3: Muzzled!        Telltale Games        30.05.2013                                                  Notwendig
Wallace & Gromit Ep 4: The Bogey Man        Telltale Games        30.05.2013                                          Notwendig
Warhammer 40,000: Dawn of War - Game of the Year Edition        Relic Entertainment        03.06.2013        Unnötig
Web Assistant 2.0.0.573        IncrediBar        04.03.2013        2,27MB        2.0.0.573                                Unnötig
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)        Nokia        03.11.2012                05/31/2012 7.1.2.0  Unbekannt
WinRAR 4.11 (64-Bit)        win.rar GmbH        28.05.2012                4.11.0                                    Notwendig
XFast LAN v6.61        cFos Software GmbH, Bonn        24.05.2012                6.61                              Notwendig
XFastUsb                24.05.2012                                                                          Notwendig
XIII                05.08.2012                1.00.000                                                          Notwendig

markusg 09.06.2013 19:11
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Air : alle
AJScreensaver
applicationupdater
Atom
aTube
Blender
BullGuard
Core
Dota 2 Test
Downloader
ESN
EXPERTool
Fallout
FileZilla
Flotilla
gamelauncher
GinyasBrowserCompanion
Google Drive
IB Updater
iCloud
iFunbox
LOLReplay
MovieSaver
NetLimiter
NewFreeScreensaver
Nokia
PC Connectivity
QuickTime
Razer Arctosa
Studie
TrueCrypt
Warhammer
Web Assistant

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

theNeises 09.06.2013 19:57
Alles Erledigt hier die .txt vom AdwCleaner:
Code:
# AdwCleaner v2.303 - Datei am 09/06/2013 um 20:49:31 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Fabian - FABIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Fabian\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\a7zvye9k.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\a7zvye9k.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\a7zvye9k.default\searchplugins\BabylonMngr.xml
Datei Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\a7zvye9k.default\searchplugins\BrowserProtect.xml
Datei Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\a7zvye9k.default\searchplugins\claro.xml
Datei Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\a7zvye9k.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\a7zvye9k.default\searchplugins\MyStart Search.xml
Datei Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\a7zvye9k.default\searchplugins\softonic.xml
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Runner.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job
Gelöscht mit Neustart : C:\ProgramData\GinyasBrowserCompanion
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\DeviceVM
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Fabian N\AppData\Roaming\Mozilla\Firefox\Profiles\f40ng019.default\extensions\bbrs_002@blabbers.com
Ordner Gelöscht : C:\Users\Fabian\AppData\Local\APN
Ordner Gelöscht : C:\Users\Fabian\AppData\Local\Ilivid
Ordner Gelöscht : C:\Users\Fabian\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Fabian\AppData\LocalLow\Claro LTD
Ordner Gelöscht : C:\Users\Fabian\AppData\LocalLow\incredibar.com
Ordner Gelöscht : C:\Users\Fabian\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\DeviceVM
Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\ExpressFiles
Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\a7zvye9k.default\extensions\bbrs_002@blabbers.com
Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\a7zvye9k.default\extensions\ffxtlbra@softonic.com
Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\PerformerSoft

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Vid-Saver
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\BrowserMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ExpressFiles
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\5e6d6deb36eea46
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\Software\BrowserMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\ExpressFiles
Schlüssel Gelöscht : HKLM\Software\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5e6d6deb36eea46
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=122304&tt=gc_&babsrc=HP_ss&mntrId=5087BC5FF41A74A3 --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\a7zvye9k.default\prefs.js

C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\a7zvye9k.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "50877b67000000000000bc5ff41a74a3");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15566");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=120812_bandext_3312_6");
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=114506&tt=120[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.619:24:24");
Gelöscht : user_pref("extensions.Softonic.admin", false);
Gelöscht : user_pref("extensions.Softonic.aflt", "SD");
Gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Gelöscht : user_pref("extensions.Softonic.cntry", "DE");
Gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Gelöscht : user_pref("extensions.Softonic.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,60371[...]
Gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Gelöscht : user_pref("extensions.Softonic.hdrMd5", "9624E6CA997AA4ECEE3430BBD3F9DD0B");
Gelöscht : user_pref("extensions.Softonic.id", "50877b67000000000000bc5ff41a74a3");
Gelöscht : user_pref("extensions.Softonic.instlDay", "15756");
Gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00009");
Gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "");
Gelöscht : user_pref("extensions.Softonic.pnu_BASEirobinhoodActive", "{\"newVrsn\":\"44\",\"lastVrsn\":\"44\",\[...]
Gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Gelöscht : user_pref("extensions.Softonic.rvrt", "true");
Gelöscht : user_pref("extensions.Softonic.sg", "{smplGrp}");
Gelöscht : user_pref("extensions.Softonic.tlbrId", "BASEirobinhoodActive");
Gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00009/tb_v1?SearchSource[...]
Gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.8.11");
Gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.8.11");
Gelöscht : user_pref("extensions.Softonic_i.excTlbr", false);
Gelöscht : user_pref("extensions.Softonic_i.newTab", false);
Gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none");
Gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.8.8.1121:06:27");
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.autoRvrt", "false");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "50877b67000000000000bc5ff41a74a3");
Gelöscht : user_pref("extensions.claro.instlDay", "15781");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.rvrt", "false");
Gelöscht : user_pref("extensions.claro.tlbrId", "uninst");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.8.5");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.8.5");
Gelöscht : user_pref("extensions.claro_i.excTlbr", false);
Gelöscht : user_pref("extensions.claro_i.newTab", false);
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.8.513:07:33");
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "50877b67000000000000bc5ff41a74a3");
Gelöscht : user_pref("extensions.delta.instlDay", "15854");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.51:22:08");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=122304&tt=gc_");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbra%40softonic.com:1.6.0,%7B73a6fe31-595d-460b-a920-fcc0[...]
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

Datei : C:\Users\Fabian N\AppData\Roaming\Mozilla\Firefox\Profiles\f40ng019.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [26609 octets] - [09/06/2013 20:49:31]

########## EOF - C:\AdwCleaner[S1].txt - [26670 octets] ##########

markusg 09.06.2013 20:06
Hi,
neustarten bitte.
HitmanPro - Download - Filepony

Hitmanpro starten, auf Scan klicken, nichts löschen
auf weiter klicken, Log speichern bzw als xml exportieren, dann posten, bzw packen und anhängen

theNeises 09.06.2013 20:28
Hi,
Scan von HitmanPro als Zip Datei im Anhang

markusg 09.06.2013 20:37
Hi,
sei so gut, schließe alle Browser, lösche mit hitmanpro Kookies und PUP's.
starte neu, prüfe, mit nem erneuten Scan, dass nur noch suspicious files, gefunden werden, wenn du dir nicht sicher bist, häng ein neues Log an + neues otl Log.

theNeises 09.06.2013 20:45
Hi habe neuen Scann durchgeführt allerdings hat er diesmal kein alarm geschlagen bei Firefox sondern bei etwas anderem.
Code:
HitmanPro 3.7.6.201
www.hitmanpro.com

  Computer name . . . . : FABIAN-PC
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : Fabian-PC\Fabian
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2013-06-09 21:38:52
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 2m 56s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 172

  Objects scanned . . . : 1.805.884
  Files scanned . . . . : 72.839
  Remnants scanned  . . : 634.183 files / 1.098.862 keys

Suspicious files ____________________________________________________________

  C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
      Size . . . . . . . : 953.886 bytes
      Age  . . . . . . . : 0.3 days (2013-06-09 13:37:25)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 31.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
        -1.3s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\
        -1.3s C:\Users\Fabian N\AppData\Local\PunkBuster\
        -1.3s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\
        -1.3s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsvgame.cfg
        -1.3s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsv.dll
        -1.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbags.dll
        -1.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
        -1.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\htm\
        -1.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\dll\
        -1.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\svlogs\
        -1.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\svss\
        -1.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsv.dat
        -0.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
          0.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
          0.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbag.dll
          0.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcl.db
          0.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\scrnshot\
          0.9s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
          0.9s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
          5.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns.dat
          5.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns.dat
          5.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns_c.dat
        14.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys

  C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
      Size . . . . . . . : 953.886 bytes
      Age  . . . . . . . : 0.3 days (2013-06-09 13:37:24)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 31.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
        -0.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\
        -0.2s C:\Users\Fabian N\AppData\Local\PunkBuster\
        -0.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\
        -0.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsvgame.cfg
        -0.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsv.dll
        -0.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbags.dll
          0.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
          0.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\htm\
          0.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\dll\
          0.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\svlogs\
          0.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\svss\
          0.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsv.dat
          1.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
          1.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
          1.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbag.dll
          1.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcl.db
          1.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\scrnshot\
          2.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
          2.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
          6.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns.dat
          6.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns.dat
          6.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns_c.dat
        15.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys

  C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
      Size . . . . . . . : 138.032 bytes
      Age  . . . . . . . : 0.3 days (2013-06-09 13:37:39)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 24.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
        -15.4s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\
        -15.4s C:\Users\Fabian N\AppData\Local\PunkBuster\
        -15.4s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\
        -15.4s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsvgame.cfg
        -15.4s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsv.dll
        -15.3s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbags.dll
        -15.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
        -15.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\htm\
        -15.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\dll\
        -15.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\svlogs\
        -15.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\svss\
        -15.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsv.dat
        -14.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
        -14.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
        -14.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbag.dll
        -14.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcl.db
        -14.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\scrnshot\
        -13.3s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
        -13.3s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
        -9.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns.dat
        -9.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns.dat
        -9.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns_c.dat
          0.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys

  C:\Users\Fabian\AppData\Local\PunkBuster\AC3\pb\PnkBstrK.sys
      Size . . . . . . . : 138.736 bytes
      Age  . . . . . . . : 197.9 days (2012-11-23 22:54:27)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : B02A579C524B68FFFBF83E546637DADFF39C5F18D7B7A9A9D4CF17302A1A19B5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\Fabian\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 177.3 days (2012-12-14 14:42:19)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Fabian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 166.0 days (2012-12-25 20:53:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Fabian\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 177.3 days (2012-12-14 14:03:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Fabian\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 139.328 bytes
      Age  . . . . . . . : 177.3 days (2012-12-14 14:03:29)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : F6552C37C04FD92554BD715F9E98B41E3D711C8AC37C757FBCFDDD69738FBE5E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
      Size . . . . . . . : 953.886 bytes
      Age  . . . . . . . : 0.9 days (2013-06-08 23:03:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 31.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbsvgame.cfg
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbsv.dll
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbags.dll
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\htm\
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\dll\
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\svlogs\
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\svss\
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbsv.dat
        -0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbag.dll
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbag.dll
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcl.db
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\scrnshot\
          0.2s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
          0.2s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe

  C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
      Size . . . . . . . : 953.886 bytes
      Age  . . . . . . . : 0.9 days (2013-06-08 23:03:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 31.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
        -0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\
        -0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\
        -0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbsvgame.cfg
        -0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbsv.dll
        -0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbags.dll
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\htm\
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\dll\
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\svlogs\
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\svss\
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbsv.dat
          0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
          0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
          0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbag.dll
          0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbag.dll
          0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcl.db
          0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\scrnshot\
          0.7s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
          0.7s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe

  C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
      Size . . . . . . . : 138.032 bytes
      Age  . . . . . . . : 0.9 days (2013-06-09 00:22:18)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 24.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
        -8.1s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbns_c.dat
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys

  C:\Users\Fabian\AppData\Local\PunkBuster\WF\pb\pbcl.dll
      Size . . . . . . . : 951.565 bytes
      Age  . . . . . . . : 227.3 days (2012-10-25 14:41:18)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 28FDCBC64DEB82D8A64A4770F2B616CE5E95B4751BBE6FA459DD2B64A12298CF
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Fabian\AppData\Local\PunkBuster\WF\pb\PnkBstrK.sys
      Size . . . . . . . : 139.128 bytes
      Age  . . . . . . . : 227.3 days (2012-10-25 14:41:30)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : DD1DC609F49E1D61C5269CEBAA7603EFD9BDD5234A3D1C46A2F34EE637A6061D
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\Fabian\Documents\Assassin's Creed III\pb\pbcl.dll
      Size . . . . . . . : 953.640 bytes
      Age  . . . . . . . : 197.9 days (2012-11-23 22:53:52)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E7264646B28B8060B93B4374651638428243104DD427CA4970EA6AA956ADD4D5
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Fabian\Documents\Assassin's Creed III\pb\pbcls.dll
      Size . . . . . . . : 953.640 bytes
      Age  . . . . . . . : 197.9 days (2012-11-23 22:54:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E7264646B28B8060B93B4374651638428243104DD427CA4970EA6AA956ADD4D5
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

  HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591}\ (VidSaver)
  HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066346691}\ (VidSaver)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022342291}\ (VidSaver)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066346691}\ (VidSaver)
  HKU\.DEFAULT\Software\Blabbers      \ (Blabbers)
  HKU\S-1-5-18\Software\Blabbers      \ (Blabbers)
  HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\Software\Blabbers      \ (Blabbers)
  HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)

markusg 09.06.2013 21:37
die bitte löschen
Potential Unwanted Programs

theNeises 09.06.2013 22:06
Gescannt PuP gelöscht, neu gestartet und wieder gescannt sind nurnoch Suspicious files vorhanden:
Code:
HitmanPro 3.7.6.201
www.hitmanpro.com

  Computer name . . . . : FABIAN-PC
  Windows . . . . . . . : 6.1.1.7601.X64/4
  User name . . . . . . : Fabian-PC\Fabian
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Trial (30 days left)

  Scan date . . . . . . : 2013-06-09 22:48:08
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 14m 34s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 132

  Objects scanned . . . : 1.806.939
  Files scanned . . . . : 73.011
  Remnants scanned  . . : 635.065 files / 1.098.863 keys

Suspicious files ____________________________________________________________

  C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
      Size . . . . . . . : 953.886 bytes
      Age  . . . . . . . : 0.4 days (2013-06-09 13:37:25)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 31.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
        -1.3s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\
        -1.3s C:\Users\Fabian N\AppData\Local\PunkBuster\
        -1.3s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\
        -1.3s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsvgame.cfg
        -1.3s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsv.dll
        -1.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbags.dll
        -1.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
        -1.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\htm\
        -1.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\dll\
        -1.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\svlogs\
        -1.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\svss\
        -1.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsv.dat
        -0.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
          0.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
          0.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbag.dll
          0.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcl.db
          0.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\scrnshot\
          0.9s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
          0.9s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
          5.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns.dat
          5.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns.dat
          5.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns_c.dat
        14.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
        14.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys

  C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
      Size . . . . . . . : 953.886 bytes
      Age  . . . . . . . : 0.4 days (2013-06-09 13:37:24)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 31.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
        -0.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\
        -0.2s C:\Users\Fabian N\AppData\Local\PunkBuster\
        -0.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\
        -0.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsvgame.cfg
        -0.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsv.dll
        -0.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbags.dll
          0.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
          0.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\htm\
          0.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\dll\
          0.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\svlogs\
          0.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\svss\
          0.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsv.dat
          1.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
          1.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
          1.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbag.dll
          1.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcl.db
          1.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\scrnshot\
          2.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
          2.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
          6.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns.dat
          6.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns.dat
          6.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns_c.dat
        15.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
        15.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys

  C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
      Size . . . . . . . : 138.032 bytes
      Age  . . . . . . . : 0.4 days (2013-06-09 13:37:39)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 24.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
        -15.4s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\
        -15.4s C:\Users\Fabian N\AppData\Local\PunkBuster\
        -15.4s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\
        -15.4s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsvgame.cfg
        -15.4s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsv.dll
        -15.3s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbags.dll
        -15.2s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
        -15.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\htm\
        -15.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\dll\
        -15.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\svlogs\
        -15.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\svss\
        -15.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbsv.dat
        -14.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
        -14.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
        -14.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbag.dll
        -14.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbcl.db
        -14.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\scrnshot\
        -13.3s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
        -13.3s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
        -9.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns.dat
        -9.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns.dat
        -9.1s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\pbns_c.dat
          0.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
          0.0s C:\Users\Fabian N\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys

  C:\Users\Fabian\AppData\Local\PunkBuster\AC3\pb\PnkBstrK.sys
      Size . . . . . . . : 138.736 bytes
      Age  . . . . . . . : 198.0 days (2012-11-23 22:54:27)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : B02A579C524B68FFFBF83E546637DADFF39C5F18D7B7A9A9D4CF17302A1A19B5
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\Fabian\AppData\Local\PunkBuster\BF3\pb\dll\wc002317.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 177.3 days (2012-12-14 14:42:19)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Fabian\AppData\Local\PunkBuster\BF3\pb\pbcl.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 166.1 days (2012-12-25 20:53:08)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Fabian\AppData\Local\PunkBuster\BF3\pb\pbclold.dll
      Size . . . . . . . : 949.613 bytes
      Age  . . . . . . . : 177.4 days (2012-12-14 14:03:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 15059F09B1D62DEA6B5D22EF9E0D062411C167378D870AE339AAB50B0BDC7FC0
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Fabian\AppData\Local\PunkBuster\BF3\pb\PnkBstrK.sys
      Size . . . . . . . : 139.328 bytes
      Age  . . . . . . . : 177.4 days (2012-12-14 14:03:29)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : F6552C37C04FD92554BD715F9E98B41E3D711C8AC37C757FBCFDDD69738FBE5E
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
      Size . . . . . . . : 953.886 bytes
      Age  . . . . . . . : 1.0 days (2013-06-08 23:03:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 31.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbsvgame.cfg
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbsv.dll
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbags.dll
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\htm\
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\dll\
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\svlogs\
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\svss\
        -0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbsv.dat
        -0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbag.dll
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbag.dll
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcl.db
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\scrnshot\
          0.2s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
          0.2s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe

  C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
      Size . . . . . . . : 953.886 bytes
      Age  . . . . . . . : 1.0 days (2013-06-08 23:03:28)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6D5E2CD4A7A43EB00B600BA783AD3BEE6B817C030A40600D40367173A6ECEB13
      Fuzzy  . . . . . . : 31.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
        -0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\
        -0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\
        -0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbsvgame.cfg
        -0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbsv.dll
        -0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbags.dll
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcls.dll
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\htm\
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\dll\
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\svlogs\
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\svss\
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbsv.dat
          0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbclgame.cfg
          0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcl.dll
          0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbag.dll
          0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbag.dll
          0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbcl.db
          0.5s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\scrnshot\
          0.7s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe
          0.7s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\PnkBstrB.exe

  C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys
      Size . . . . . . . : 138.032 bytes
      Age  . . . . . . . : 0.9 days (2013-06-09 00:22:18)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : ABAF3FACF01E10E4C685F79C3B9E5D2118B3CF8629C4277EBE035B2A10474148
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 24.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.
      Forensic Cluster
        -8.1s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\pbns_c.dat
          0.0s C:\Users\Fabian\AppData\Local\PunkBuster\FC3\pb\PnkBstrK.sys

  C:\Users\Fabian\AppData\Local\PunkBuster\WF\pb\pbcl.dll
      Size . . . . . . . : 951.565 bytes
      Age  . . . . . . . : 227.3 days (2012-10-25 14:41:18)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 28FDCBC64DEB82D8A64A4770F2B616CE5E95B4751BBE6FA459DD2B64A12298CF
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Fabian\AppData\Local\PunkBuster\WF\pb\PnkBstrK.sys
      Size . . . . . . . : 139.128 bytes
      Age  . . . . . . . : 227.3 days (2012-10-25 14:41:30)
      Entropy  . . . . . : 7.7
      SHA-256  . . . . . : DD1DC609F49E1D61C5269CEBAA7603EFD9BDD5234A3D1C46A2F34EE637A6061D
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.
        Program is code signed with a valid Authenticode certificate.

  C:\Users\Fabian\Documents\Assassin's Creed III\pb\pbcl.dll
      Size . . . . . . . : 953.640 bytes
      Age  . . . . . . . : 198.0 days (2012-11-23 22:53:52)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E7264646B28B8060B93B4374651638428243104DD427CA4970EA6AA956ADD4D5
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

  C:\Users\Fabian\Documents\Assassin's Creed III\pb\pbcls.dll
      Size . . . . . . . : 953.640 bytes
      Age  . . . . . . . : 198.0 days (2012-11-23 22:54:10)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E7264646B28B8060B93B4374651638428243104DD427CA4970EA6AA956ADD4D5
      Fuzzy  . . . . . . : 29.0
        The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Authors name is missing in version info. This is not common to most programs.
        Version control is missing. This file is probably created by an individual. This is not typical for most programs.
        Program contains PE structure anomalies. This is not typical for most programs.

markusg 09.06.2013 22:09
ok, neues otl log bitte

theNeises 10.06.2013 13:15
OTL.Txt
Code:
OTL logfile created on: 10.06.2013 14:04:26 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Fabian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 76,14% Memory free
15,83 Gb Paging File | 13,83 Gb Available in Paging File | 87,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 120,61 Gb Free Space | 25,90% Space Free | Partition Type: NTFS
 
Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Panda Security)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\153143f74d840484b510d8cf5187796b\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a9594959e951127f16eb49644ba92f79\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7cfbbd029ef945fbcdaedd24b2b67a24\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\2f9e0112e10f9e70d3430d0be9863976\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\af18b8a8f56494da44cc448f3b9704a5\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\233661f3a2b632e9553915c8639637d0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll ()
MOD - C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HitmanProScheduler) -- C:\Programme\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (avast! Firewall) -- C:\Programme\AVAST Software\Avast\afwServ.exe (AVAST Software)
SRV - (HiPatchService) -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (RzOvlMon) -- C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe (Razer)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (OfficeSvc) -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (cFosSpeedS) -- C:\Programme\ASRock\XFast LAN\spd.exe (cFos Software GmbH)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer Inc)
DRV:64bit: - (rzendpt) -- C:\Windows\SysNative\drivers\rzendpt.sys (Razer Inc)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswNdis2) -- C:\Windows\SysNative\drivers\aswNdis2.sys (AVAST Software)
DRV:64bit: - (aswFW) -- C:\Windows\SysNative\drivers\aswFW.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswKbd) -- C:\Windows\SysNative\drivers\aswKbd.sys (AVAST Software)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys (Secunia)
DRV:64bit: - (RzDxgk) -- C:\Windows\SysNative\drivers\RzDxgk.sys (Razer USA Ltd)
DRV:64bit: - (RzFilter) -- C:\Windows\SysNative\drivers\RzFilter.sys (Razer USA Ltd)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswNdis) -- C:\Windows\SysNative\drivers\aswNdis.sys (ALWIL Software)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (VirtuWDDM) -- C:\Windows\SysNative\drivers\VirtuWDDM.sys (Lucidlogix Inc.)
DRV:64bit: - (cFosSpeed) -- C:\Windows\SysNative\drivers\cfosspeed6.sys (cFos Software GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (LADF_RenderOnly) -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys (Logitech)
DRV:64bit: - (LADF_CaptureOnly) -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys (Logitech)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (Arctosa) -- C:\Windows\SysNative\drivers\Arctosa.sys (Razer USA Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (tandpl) -- C:\Windows\SysWOW64\drivers\tandpl.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 46 A7 B4 BC 44 CD 01  [binary data]
IE - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
IE - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\..\SearchScopes\{32D25FF0-DED2-4F55-8808-D75183262EC7}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=6E7F53E6-DA4D-4DD5-BECC-02892B368336&apn_sauid=B69CFF74-9B41-4718-BB59-06F8B6687D05
IE - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\..\SearchScopes\{407B02DB-A303-4e4a-BCAA-D1DE53A58BFE}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;<local>
 
IE - HKU\S-1-5-21-3485898032-1890299033-1484769855-1003\..\SearchScopes,DefaultScope =
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.2
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Fabian\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.08 20:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.06.09 20:26:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.13 18:07:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions
[2013.06.09 20:49:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\a7zvye9k.default\extensions
[2013.06.09 12:38:26 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\a7zvye9k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.03.17 14:08:50 | 000,000,000 | ---D | M] (Pagealicious) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\a7zvye9k.default\extensions\Pagealicious
[2013.06.09 12:31:40 | 000,534,261 | ---- | M] () (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\a7zvye9k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.06.09 12:34:28 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\a7zvye9k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.27 21:41:39 | 000,002,515 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\a7zvye9k.default\searchplugins\ask-search.xml
[2013.06.09 12:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.09 12:28:37 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013.06.08 21:41:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000..\Run: [OscarEditor] C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe ()
O4 - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3485898032-1890299033-1484769855-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3485898032-1890299033-1484769855-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3485898032-1890299033-1484769855-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B21C34B-3B2A-4FD8-BF09-539620025832}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC905FBF-6003-4722-9B68-D197B46315A4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\appinit_dll.dll) - C:\Programme\Lucidlogix Technologies\VIRTU\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\ C:\Windows\System32\nvinitx.dll) -  File not found
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.09 21:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.06.09 21:14:28 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.06.09 21:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.09 21:11:38 | 009,833,328 | ---- | C] (SurfRight B.V.) -- C:\Users\Fabian\Desktop\HitmanPro_x64.exe
[2013.06.09 20:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.06.09 20:30:45 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.09 20:30:45 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.09 19:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.06.09 19:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.06.09 13:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.06.09 13:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.06.09 13:02:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.06.09 13:00:30 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Sicherheits Tool
[2013.06.09 12:48:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.06.09 12:44:13 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\WindowsUpdate
[2013.06.09 12:37:55 | 000,311,200 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.06.09 12:37:52 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.06.09 12:37:52 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.06.09 12:37:52 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.06.09 12:37:44 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.06.09 12:27:58 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Secunia PSI
[2013.06.09 12:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.06.09 12:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013.06.09 12:24:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2013.06.09 12:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013.06.09 10:13:35 | 000,270,824 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013.06.09 10:13:34 | 000,131,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013.06.09 10:13:33 | 000,022,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013.06.09 10:13:33 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys
[2013.06.09 09:57:05 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Simply Super Software
[2013.06.09 09:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013.06.08 22:12:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.08 21:34:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.08 21:34:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.08 21:34:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.08 21:34:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.08 21:34:31 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.08 21:33:35 | 005,078,669 | R--- | C] (Swearware) -- C:\Users\Fabian\Desktop\ComboFix.exe
[2013.06.08 21:24:05 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Fabian\Desktop\tdsskiller.exe
[2013.06.08 21:03:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.08 20:55:56 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.06.08 20:55:56 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.06.08 20:55:52 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.06.08 20:55:49 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.06.08 20:55:47 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.06.08 20:55:39 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.06.08 20:54:34 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.06.08 20:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.08 20:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.06.08 19:31:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2013.06.08 19:11:05 | 000,000,000 | -HSD | C] -- C:\Users\Fabian\AppData\Roaming\msnmsg
[2013.06.08 19:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2013.06.08 19:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2013.06.08 18:50:38 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes
[2013.06.08 18:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.08 18:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.08 18:50:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.08 18:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.08 18:19:00 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.06.08 18:18:58 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.06.08 18:18:58 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.06.08 18:18:58 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.06.08 18:18:58 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.06.08 18:18:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.06.08 18:18:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.06.08 18:18:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.06.08 18:18:55 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.06.08 18:18:55 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.06.08 18:18:54 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.06.08 18:02:39 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\DriverTuner
[2013.06.08 14:09:06 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\GetRightToGo
[2013.06.08 13:30:03 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2013.06.08 11:58:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.06.08 11:58:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.06.08 11:58:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 11:58:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.06.08 11:58:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.06.08 11:58:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.08 11:58:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.06.08 11:58:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.06.08 11:58:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.08 11:58:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.06.08 11:58:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.06.08 11:58:24 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.08 11:58:24 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.08 11:58:24 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.08 11:58:24 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.06.08 11:50:36 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.06.08 11:50:36 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.06.08 11:50:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.06.08 11:50:36 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.06.08 11:49:55 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.06.08 11:49:55 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.06.08 11:49:54 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.06.08 11:49:54 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.06.08 11:49:54 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.06.08 11:49:54 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.06.08 11:49:47 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.06.08 11:48:35 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.06.08 11:48:35 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.06.08 11:48:33 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.06.08 11:46:30 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.06.08 11:46:29 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.06.08 11:46:29 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.06.08 11:46:29 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.06.08 11:46:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.06.08 11:46:29 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.06.08 10:42:53 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\WindowsLogon
[2013.06.07 23:09:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\Realtek0
[2013.06.05 15:59:19 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Awesomium
[2013.06.05 15:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2013.06.05 15:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2013.06.05 15:58:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2013.06.03 15:04:12 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\NVIDIA
[2013.06.03 15:01:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.06.03 15:01:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.06.03 15:00:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2013.06.03 15:00:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2013.06.03 14:59:21 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.06.03 14:59:21 | 021,096,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.06.03 14:59:21 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.06.03 14:59:21 | 015,143,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.06.03 14:59:21 | 013,403,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.06.03 14:59:21 | 009,233,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.06.03 14:59:21 | 007,682,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.06.03 14:59:21 | 007,641,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.06.03 14:59:21 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.06.03 14:59:21 | 002,942,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.06.03 14:59:21 | 002,754,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.06.03 14:59:21 | 002,363,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.06.03 14:59:21 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.06.03 14:59:21 | 001,832,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432018.dll
[2013.06.03 14:59:21 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432018.dll
[2013.06.03 14:59:21 | 000,925,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.06.03 14:59:21 | 000,550,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013.06.03 14:59:21 | 000,518,944 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013.06.03 14:59:21 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013.06.03 14:59:21 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013.06.03 14:59:21 | 000,266,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.06.03 14:59:21 | 000,218,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013.06.03 14:59:21 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.06.03 14:59:21 | 000,194,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.06.03 14:59:21 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013.06.03 14:59:21 | 000,031,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2013.06.03 14:01:30 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Remedy
[2013.05.31 11:47:12 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Telltale Games
[2013.05.17 05:17:30 | 000,126,464 | ---- | C] (Razer Inc) -- C:\Windows\SysNative\drivers\rzudd.sys
[2013.05.17 05:17:28 | 000,031,232 | ---- | C] (Razer Inc) -- C:\Windows\SysNative\drivers\rzendpt.sys
[2013.05.17 05:14:34 | 000,154,112 | ---- | C] (Razer Inc) -- C:\Windows\SysWow64\rztouchdll.dll
[2013.05.17 05:14:34 | 000,056,832 | ---- | C] (Razer Inc) -- C:\Windows\SysWow64\rzdevinfo.dll
[2013.05.17 05:14:30 | 000,766,976 | ---- | C] (Razer Inc) -- C:\Windows\SysWow64\rzdevicedll.dll
[2013.05.17 05:14:30 | 000,117,248 | ---- | C] (Razer Inc) -- C:\Windows\SysWow64\rzdisplaydll.dll
[2013.05.17 05:14:28 | 000,296,448 | ---- | C] (Razer Inc) -- C:\Windows\SysWow64\rzaudiodll.dll
[2013.05.14 21:43:25 | 009,195,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.12 15:43:36 | 000,566,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.10 14:07:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.10 14:02:28 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.10 14:01:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.10 14:01:17 | 2078,801,919 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.09 22:55:00 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 22:55:00 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 22:51:42 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.09 22:42:52 | 000,001,622 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013.06.09 21:25:31 | 000,001,637 | ---- | M] () -- C:\Users\Fabian\Desktop\HitmanPro_20130609_2124.zip
[2013.06.09 21:24:53 | 000,011,194 | ---- | M] () -- C:\Users\Fabian\Desktop\HitmanPro_20130609_2124.xml
[2013.06.09 21:14:28 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.06.09 21:13:22 | 009,833,328 | ---- | M] (SurfRight B.V.) -- C:\Users\Fabian\Desktop\HitmanPro_x64.exe
[2013.06.09 20:50:22 | 000,000,105 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.09 20:48:28 | 000,648,201 | ---- | M] () -- C:\Users\Fabian\Desktop\adwcleaner.exe
[2013.06.09 20:38:29 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.06.09 20:30:45 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.09 20:30:45 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.09 20:17:45 | 000,000,480 | ---- | M] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013.06.09 19:42:36 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.09 17:15:22 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.06.09 17:15:22 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.06.09 13:37:32 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.06.09 12:37:48 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.06.09 12:37:46 | 000,311,200 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.06.09 12:37:46 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.06.09 12:37:46 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.06.09 12:37:45 | 001,092,512 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.06.09 12:37:45 | 000,971,680 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.06.09 12:27:41 | 000,001,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.06.09 10:13:33 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.08 21:41:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.08 21:34:18 | 005,078,669 | R--- | M] (Swearware) -- C:\Users\Fabian\Desktop\ComboFix.exe
[2013.06.08 21:24:26 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fabian\Desktop\tdsskiller.exe
[2013.06.08 19:31:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2013.06.08 19:11:27 | 000,000,056 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\mbam.context.scan
[2013.06.08 18:15:09 | 000,000,916 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\EasyToolz.ini
[2013.06.08 13:00:18 | 000,487,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.08 12:12:16 | 001,633,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.08 12:12:16 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.08 12:12:16 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.08 12:12:16 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.08 12:12:16 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.06 13:19:47 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.06.04 13:25:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzendpt_01009.Wdf
[2013.06.04 13:25:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2013.05.17 05:17:30 | 000,126,464 | ---- | M] (Razer Inc) -- C:\Windows\SysNative\drivers\rzudd.sys
[2013.05.17 05:17:28 | 000,031,232 | ---- | M] (Razer Inc) -- C:\Windows\SysNative\drivers\rzendpt.sys
[2013.05.17 05:14:34 | 000,154,112 | ---- | M] (Razer Inc) -- C:\Windows\SysWow64\rztouchdll.dll
[2013.05.17 05:14:34 | 000,056,832 | ---- | M] (Razer Inc) -- C:\Windows\SysWow64\rzdevinfo.dll
[2013.05.17 05:14:30 | 000,766,976 | ---- | M] (Razer Inc) -- C:\Windows\SysWow64\rzdevicedll.dll
[2013.05.17 05:14:30 | 000,117,248 | ---- | M] (Razer Inc) -- C:\Windows\SysWow64\rzdisplaydll.dll
[2013.05.17 05:14:28 | 000,296,448 | ---- | M] (Razer Inc) -- C:\Windows\SysWow64\rzaudiodll.dll
[2013.05.14 21:43:25 | 009,195,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.12 23:42:27 | 027,775,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.05.12 23:42:27 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.05.12 23:42:27 | 021,096,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.05.12 23:42:27 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.05.12 23:42:27 | 015,910,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.05.12 23:42:27 | 015,143,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.05.12 23:42:27 | 013,403,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.05.12 23:42:27 | 012,426,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.05.12 23:42:27 | 009,233,688 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.05.12 23:42:27 | 007,682,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.05.12 23:42:27 | 007,641,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.05.12 23:42:27 | 006,324,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.05.12 23:42:27 | 002,942,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.05.12 23:42:27 | 002,935,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.05.12 23:42:27 | 002,754,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.05.12 23:42:27 | 002,597,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.05.12 23:42:27 | 002,363,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.05.12 23:42:27 | 002,002,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.05.12 23:42:27 | 001,832,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6432018.dll
[2013.05.12 23:42:27 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6432018.dll
[2013.05.12 23:42:27 | 001,059,560 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.05.12 23:42:27 | 000,925,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.05.12 23:42:27 | 000,550,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvFBC64.dll
[2013.05.12 23:42:27 | 000,518,944 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NvIFR64.dll
[2013.05.12 23:42:27 | 000,443,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvFBC.dll
[2013.05.12 23:42:27 | 000,421,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\NvIFR.dll
[2013.05.12 23:42:27 | 000,266,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.05.12 23:42:27 | 000,218,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglshim64.dll
[2013.05.12 23:42:27 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.05.12 23:42:27 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglshim32.dll
[2013.05.12 23:42:27 | 000,020,536 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.05.12 22:34:14 | 006,491,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.05.12 22:34:14 | 003,514,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.05.12 22:34:12 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.05.12 22:34:12 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.05.12 22:34:11 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.05.12 15:43:36 | 000,566,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
 
========== Files Created - No Company Name ==========
 
[2013.06.09 22:42:52 | 000,001,622 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013.06.09 21:25:31 | 000,001,637 | ---- | C] () -- C:\Users\Fabian\Desktop\HitmanPro_20130609_2124.zip
[2013.06.09 21:24:53 | 000,011,194 | ---- | C] () -- C:\Users\Fabian\Desktop\HitmanPro_20130609_2124.xml
[2013.06.09 21:14:28 | 000,001,909 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.06.09 20:49:40 | 000,000,105 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.09 20:48:22 | 000,648,201 | ---- | C] () -- C:\Users\Fabian\Desktop\adwcleaner.exe
[2013.06.09 20:38:29 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.06.09 20:38:29 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.06.09 20:30:46 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.09 20:17:45 | 000,000,480 | ---- | C] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2013.06.09 19:42:36 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.09 12:27:41 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.06.09 12:27:41 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.06.08 21:34:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.08 21:34:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.08 21:34:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.08 21:34:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.08 21:34:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.08 20:56:09 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.08 20:56:05 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.08 20:55:45 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.06.08 20:55:41 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.06.08 19:11:27 | 000,000,056 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\mbam.context.scan
[2013.06.08 18:12:46 | 000,000,916 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\EasyToolz.ini
[2013.06.04 13:25:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzendpt_01009.Wdf
[2013.06.04 13:25:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf
[2013.05.01 11:19:22 | 000,034,816 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\RZR_00208e6943aabcb45c048e5a9758.db
[2013.04.07 20:39:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.03.15 15:30:46 | 000,000,288 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\.backup.dm
[2013.03.14 20:36:53 | 000,000,600 | ---- | C] () -- C:\Users\Fabian\PUTTY.RND
[2012.12.14 02:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 02:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.11.21 21:27:55 | 000,007,597 | ---- | C] () -- C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg
[2012.11.13 14:53:41 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.11.08 20:16:32 | 000,583,306 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\technic-launcher.jar.bak
[2012.10.25 13:40:44 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.25 13:40:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.25 15:34:00 | 001,145,382 | ---- | C] () -- C:\Users\Fabian\AppData\Local\Tempmusic.ogg
[2012.08.13 16:32:24 | 000,001,441 | ---- | C] () -- C:\Windows\chhm-pdd48.ini
[2012.08.13 16:26:51 | 000,000,856 | ---- | C] () -- C:\Users\Fabian\AppData\Local\recently-used.xbel
[2012.08.05 22:21:53 | 000,007,552 | ---- | C] () -- C:\Windows\SysWow64\drivers\enodpl.sys
[2012.08.05 22:21:52 | 000,004,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\tandpl.sys
[2012.07.01 19:19:01 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.05.30 18:43:47 | 000,017,408 | ---- | C] () -- C:\Users\Fabian\AppData\Local\WebpageIcons.db
[2012.05.24 19:41:55 | 000,000,412 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\All CPU Meter_Settings.ini
[2012.05.24 14:21:14 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012.05.24 14:21:14 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012.05.24 14:21:14 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012.05.24 14:21:12 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.05.24 14:21:12 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.05.24 14:18:38 | 000,000,003 | ---- | C] () -- C:\Users\Fabian\AppData\Local\user_data.ini
[2012.05.24 14:12:02 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.05.24 14:12:01 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.05.24 14:12:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.08.11 04:06:32 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.29 15:59:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\.minecraft
[2012.10.01 13:18:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\.Nitrous
[2012.12.05 21:54:28 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\.techniclauncher
[2012.07.26 00:35:00 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\.terasology
[2012.05.28 16:58:28 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Alle meine Passworte
[2013.04.17 19:01:35 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AtomZombieData
[2013.06.05 15:59:19 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Awesomium
[2013.05.10 19:42:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Blender Foundation
[2012.12.09 15:13:30 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Carbon
[2013.02.26 22:10:08 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\de.3m5.wendel.flcd.FLCDB.FC622282278C06838B5CD08883589F2C8AB9EEDC.1
[2013.02.11 02:29:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Downloaded Installations
[2013.06.08 18:30:51 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoft
[2012.11.22 19:26:25 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Easy Thumbnails
[2013.03.15 15:30:31 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\eBayDesktopShortcut
[2013.01.12 20:22:50 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Engelmann Media
[2013.06.07 23:10:03 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\FileZilla
[2013.06.08 14:09:19 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\GetRightToGo
[2012.11.22 19:55:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Hobbyist Software
[2013.02.22 19:41:26 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\iFunbox_UserCache
[2012.09.19 16:48:33 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\IrfanView
[2012.05.24 12:43:05 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Leadertech
[2012.12.05 21:54:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\logs
[2012.07.03 16:47:34 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\LolClient
[2012.06.02 18:17:54 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\LolClient2
[2013.06.08 19:11:05 | 000,000,000 | -HSD | M] -- C:\Users\Fabian\AppData\Roaming\msnmsg
[2012.10.06 00:15:13 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Nokia
[2013.03.14 20:41:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenOffice.org
[2012.12.08 21:21:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Origin
[2012.06.23 10:49:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PC Suite
[2013.03.06 15:18:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\raidcall
[2013.04.08 17:07:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SanDisk
[2013.03.16 19:55:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SanDisk SecureAccess
[2012.12.15 14:19:30 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Screaming Bee
[2012.10.28 00:04:50 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SecondLife
[2012.06.24 13:36:40 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\six-zsync
[2013.05.09 11:58:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Sony Online Entertainment
[2012.08.13 17:25:49 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Spirited Machine
[2012.06.07 20:09:07 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SPORE
[2013.06.08 16:38:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Spotify
[2012.07.01 20:08:09 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Stardock
[2012.06.20 17:19:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Teeworlds
[2012.10.03 17:07:48 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\thriXXX
[2013.06.09 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TS3Client
[2012.11.22 20:15:19 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TuneUp Software
[2013.06.08 19:21:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\WindowsLogon
[2013.06.09 19:39:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian N\AppData\Roaming\Spotify
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.01.19 16:44:38 | 000,001,024 | ---- | M] ()(C:\Users\Fabian\AppData\Local\PMB Fik?s) -- C:\Users\Fabian\AppData\Local\PMB Fik聥s
[2013.01.19 16:44:38 | 000,001,024 | ---- | C] ()(C:\Users\Fabian\AppData\Local\PMB Fik?s) -- C:\Users\Fabian\AppData\Local\PMB Fik聥s
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >
Extras.Txt folgt in einem weiteren Post.

theNeises 10.06.2013 13:16
Extras.Txt:

Code:
OTL Extras logfile created on: 10.06.2013 14:04:26 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Fabian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,03 Gb Available Physical Memory | 76,14% Memory free
15,83 Gb Paging File | 13,83 Gb Available in Paging File | 87,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 120,61 Gb Free Space | 25,90% Space Free | Partition Type: NTFS
 
Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3485898032-1890299033-1484769855-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C0475E-7B72-46E1-A586-E9B6E39E3A6E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0FF4C4DF-D55A-40D5-8699-708EB3DBA8F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FF6A0B9-07B2-46D3-91B3-5A7A8E8D565D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{43E29356-22F0-47AD-A491-2E8414F1BFAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A0EF280-F752-410B-8762-ACD3123B98FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63A7DC8B-F722-4D07-96B9-24F55F0ED05B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6566CC95-643D-456E-8CE5-9FF155E53A0E}" = lport=138 | protocol=17 | dir=in | app=system |
"{688E1440-4E1D-40F9-A6AA-4ED61F9BE9D5}" = rport=139 | protocol=6 | dir=out | app=system |
"{74A4D958-350E-48DA-AE61-DE41DDBBB31A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78460461-0F97-4C13-8EC6-07175ADFFCF9}" = lport=139 | protocol=6 | dir=in | app=system |
"{7EEA1AC2-B620-4748-964A-F24834AC83EE}" = lport=445 | protocol=6 | dir=in | app=system |
"{8C81D55C-283C-4FA8-9CBA-D959A5487B36}" = lport=10243 | protocol=6 | dir=in | app=system |
"{98FEC081-7B3F-4047-A795-3FAF0A5E42CD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A34259D4-1C13-40D0-9162-62EE88CB9D4C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ABEBF008-AE30-4000-A085-7F2FC0B82973}" = rport=137 | protocol=17 | dir=out | app=system |
"{B22C4422-F339-4DD7-BEAD-85F9A0FF7882}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B525976E-E44C-457D-9024-B50B1D3BBA8B}" = lport=137 | protocol=17 | dir=in | app=system |
"{BC8BA62A-823A-48C4-9E2E-2C8F5443D266}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C09AB0F4-74F6-4FA6-95CB-CFFD7D607D9A}" = rport=138 | protocol=17 | dir=out | app=system |
"{DDA8F6F9-B0E1-478C-B5F2-38AD99ABC64A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E32F35A0-BC7B-4BA7-B229-B6FCE839BC88}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E43C00BE-D819-40A1-9258-7F65F75F1D5E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{E58AA575-8AA4-44E9-81BD-36F59AFB33A1}" = rport=445 | protocol=6 | dir=out | app=system |
"{F0BD6E67-FB76-4DED-A87B-FE6D86B70EE9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00C7A906-5DEA-46C5-B8CC-A5478C9FFD25}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep1\wallacegromit101.exe |
"{04FEF248-A67A-40CA-8CCF-892D4A71BE83}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{059CAC44-0D4E-438E-8296-AC2A277CA1F4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{0D9D2A1C-426D-4185-91C5-EC466B27AA4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{0DC1C999-E0F4-41C8-A1B7-E29CAFBAEBB9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{0E2E214B-0718-4076-9F6E-7681BF5B6B75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E720C65-B6F8-4311-AF43-178923C9E42F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{12D79C5D-8351-43D9-9E56-6BFFC1666B0D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{1318D643-6F20-4498-9469-83D8EE36858B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{13842B8E-E457-4B28-BFD3-E459E0BD8EF9}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\mdnsresponder.exe |
"{16F8A8B5-CD6E-48C4-8A3F-F89EA7A7C105}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep4\wallacegromit104.exe |
"{17F1B815-2EFB-4142-9469-35FD5454CCB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{191468C4-15D1-4F33-A833-A5F8F9B3B8C9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{197E7431-AE17-40D0-8E0F-76B1F59B9EFB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{1A91988E-77F5-4B52-A8A7-990C4DA72909}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{1E56F566-D28A-4B00-A2C7-1641DC660D57}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airforte\data\airforte.exe |
"{1E837585-652F-42ED-B663-F45FD5F2CC67}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep3\wallacegromit103.exe |
"{1F632E48-1399-47BC-99AF-9EC9F83F34AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F8E9433-03A6-4DD1-A83C-C1BEB2FD7577}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{266855C2-81D6-418D-987B-1618A80DAF58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
"{2A4CA343-E987-41C4-9432-0D85E77B4666}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe |
"{2A7BFC67-C1EA-41FC-A399-A64A5914A724}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe |
"{2C0C2835-3D6F-4D08-B73A-F8D12559675D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2F4DD163-A1F0-4173-9F5F-FA8A10553583}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{31A722C5-3EE5-4846-B19D-54B9B27F7CB7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\airforte\data\airforte.exe |
"{334DBB40-3726-4FB2-B7BB-7E4AF2D1B560}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{342B08BC-A7E5-4A8C-921B-956B9A163B78}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{34F45429-DE7B-4DB1-8C95-C7DC02157165}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{380B3662-469A-40B3-8176-912F38C925E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{39473C15-BB15-4F24-BBFA-F5C0A5DE1CBB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{3AEDE667-AF92-4612-95FC-7134F11D542C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3E669EBB-EAF3-4F8E-9077-9A6EA694C163}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{3F3B53DC-64AC-49E9-8C08-7FF299B9901E}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{3F7432B1-C752-49EC-AA40-F0E8AAC04164}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{3F7D76BB-4782-4D85-B62A-0C08E8AFDA5E}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe |
"{444D55CA-717B-4ED4-8712-324E27577E92}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe |
"{45B7FBB7-D359-433A-81F7-EC0D9471821B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{48AF3327-832D-42B3-ABD2-04FF05529419}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe |
"{4A8D5575-28ED-4BC1-AA5C-571A03700B39}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep1\wallacegromit101.exe |
"{4B1B028E-3C68-4C75-A1D1-C09A9A93F9E7}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher1.exe |
"{4B9241C0-5F4D-4273-BAC1-420F6B11F9C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep2\wallacegromit102.exe |
"{4CBB2B00-6425-4674-A7E8-FAA908C3C4E5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher1.exe |
"{4D419B23-FD40-4397-8E90-4D191D8746CD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4D4F65E6-7499-419D-8826-D17CE8918597}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4D76262C-274A-4C99-A85B-FCECC77FBB2A}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{55D36B7C-3386-463B-95D5-7F31628D51F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5972CF0D-CDC4-4B29-A1AE-D5FE14CD5DD1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5AA567B4-12CF-4FB5-9C1B-F93B6FE216E9}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{5B0C844D-A709-41E0-9AAD-5CDBBFD2F22F}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{5C2296BE-0AAA-4F87-B168-2182537930ED}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{5E9846D7-6F17-4FB5-9C4D-23A4CAC11D30}" = protocol=6 | dir=in | app=c:\users\fabian\appdata\local\akamai\netsession_win.exe |
"{61C7BDCD-71A2-4DAF-BA64-D0980C512561}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{6226E14A-F1C8-4E93-9EA0-9985E83C3D82}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{623190EE-2DF2-4BDC-AC05-8B604E2AE3FF}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{6481526C-E24E-4E2A-A562-8E84EF969DB5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{6A76578F-F31C-4A3A-9240-9C8AAB069629}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{70B045DC-5F70-475F-84C8-73753620C031}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71CB00D2-DF1B-48F8-8FE7-606A45C82136}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{749EE999-FB3A-40DD-9A2C-43B0D74D0795}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe |
"{752A4FB0-1F43-4F7D-A884-5A64CA323BE5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{78F69B4B-CE06-49D0-BCF6-48B80999C42C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{79FB0048-FD4B-489E-8D95-FAFDE7801169}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7B79A55E-7515-48F5-8052-5178C2455B8A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{7CCC1726-9CFA-41AF-BFF7-70AFDC41EE49}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{804257B4-F946-4CCD-ADB1-AB4698DF4F69}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8145BB86-5DD9-4305-97DD-BF17679F0F6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{821E8E77-35E5-4384-9DE1-3336F4194EE2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\bastion\bastion.exe |
"{857ABEFB-634B-4160-B9DB-43F1707550C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85B6F6E8-A090-4E80-BE76-36E87E0E8C9E}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{8945C972-931C-48EE-AB09-E2AD8D745E8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8A3A25A8-01D9-47C5-84BB-C216AE34895C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8AC2F353-41A8-403E-ACF0-83CB68983143}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{8CD01BDF-6A52-4766-9776-9E841E7608A0}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{8D3EF20A-1E7C-44BD-8828-7A5CB9B0E91B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe |
"{8E1C8DED-7D93-423F-AD04-2E488B089516}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hector episode 1\hector101.exe |
"{8EBA13AE-49B4-4529-BDE8-725E3AE37267}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8F493007-59F8-4CB8-AA35-196E8FC60B58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep3\wallacegromit103.exe |
"{9137EFF0-BD81-4B70-B713-2BDEA989F65E}" = protocol=6 | dir=in | name=mc tdp |
"{914A4A5A-467C-479F-BC61-A6BD57451A2D}" = protocol=17 | dir=in | name=mc udp |
"{91B4A46D-6D96-4DC3-AF56-C744AB24B07B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe |
"{9558687C-D557-48B4-A81B-DE7CA83955D6}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{9748E8B0-46D9-4580-984C-A94C735730AA}" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\s2gs.exe |
"{99C02B56-FFCB-469E-94C1-1A149A84BF34}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B2DEA81-A08A-4FF0-8B84-015132368EB4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{9B533948-9651-4839-A23A-4D565250A817}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9D0F81EE-BA97-43A7-AB49-A8F109F91C5F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9D82BC2E-FF58-4BD0-84DE-9BEA56A4256B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{A3F07ADD-B6B6-47ED-B147-0229A33A1110}" = dir=in | app=c:\program files (x86)\hobbyist software\vlc streamer\vlc streamer configuration.exe |
"{A852E488-445A-4985-AD29-04EB1AF8AE4E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A88B51C9-4605-4E18-B24E-09DD22D04501}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\closure\closure.exe |
"{AA85C98F-4D56-42C7-A4D0-818CB698395D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"{AAD901E8-9CFE-4035-B0A5-45210181264C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe |
"{AE449C63-5478-41D0-9D63-B865C216BDE5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AFA64A5C-B12A-4856-84C5-B18E1DDEE084}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\medal of honor warfighter\mohw.exe |
"{B4E3AC02-C625-4ADC-96FE-C804D30B1624}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe |
"{B887A15C-D822-40D6-A318-50A0E0CBCAC2}" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred 2 - fallen angel\system\sacred2.exe |
"{BB939239-55C8-4898-B7A2-C6FC3F0488AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C642549D-C181-428E-9265-63A838AE901A}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{C7F96920-243A-416C-92E2-390284ADE3F8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{CD5AE668-C43A-4F83-9B88-1BB8F6D65EF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hector episode 1\hector101.exe |
"{D02F437D-4A17-42F0-9A22-20D94A62D1C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1B66B5E-CE2E-4C18-AB95-6D8BE4047EE0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D3C1330D-7DD2-4FAC-8C39-C428B46E175A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe |
"{D52519AB-D77A-4970-91C9-ABB93C06333F}" = protocol=17 | dir=in | app=c:\users\fabian\appdata\local\akamai\netsession_win.exe |
"{D6961109-95A8-4BB3-BB39-CB2AADC6C0C5}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{D874E4E0-B2F2-4359-9A3A-1CF19446D22E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep4\wallacegromit104.exe |
"{D91147B2-4F61-4321-BFF4-9AB594B74668}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{DE255ABA-2A9E-4473-9488-AC59F59BEF75}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wallace and gromit ep2\wallacegromit102.exe |
"{E19EE700-6BD8-41CE-A5B5-A59D960E6E8F}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{E2FBF41B-127F-4418-BA09-95457A8B5CC4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe |
"{E6378F91-0C7E-4AD8-830F-EF66538A3401}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{E9476A17-336D-4A40-BDC4-0D84F3AED99E}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{E984455C-31C7-42D9-9178-1CC9C57DC148}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe |
"{E9CADF4E-FDBC-4E49-A6DE-88F6B631648F}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe |
"{E9F4F016-1FDE-48A6-8753-D744C1198C55}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{EA43A660-DECF-425F-89B6-49C0AF89E7B8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{EBDB6826-DEF2-4E6C-8630-D3B4E89CFC63}" = protocol=6 | dir=out | app=system |
"{EC53F5A0-9EE8-47BC-906C-E44DC4DBA8B7}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe |
"{ED23419A-EB4D-4739-B2CB-A28211A6A587}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EFE16EDF-B789-434A-8CE9-550F3F6460DA}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe |
"{F16AC757-5516-4EE0-A430-50C634AB0D1E}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{F4CE2DB0-F99E-407F-B475-4B7A11E4FC6D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FDAD265F-3C95-4449-8C2D-4A03E46A34C5}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{FDF23DF5-5546-49C6-91DC-D195F61710E1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{FEA2EAD0-2CD7-41D3-94AC-CC7A4F711D70}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"TCP Query User{0136348C-BF9B-4A32-BF5F-30609B6D8121}C:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe |
"TCP Query User{083FBD11-C329-42FE-9388-36ACA6D62B6A}C:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe |
"TCP Query User{097A1033-2CC6-4F7B-9523-2859F9A3C9B9}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"TCP Query User{0A819CD6-6F70-4EDA-94D5-7F65B26B82BD}C:\program files (x86)\maniaplanet\maniaplanet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\maniaplanet\maniaplanet.exe |
"TCP Query User{1D2E8A30-6F60-4758-94E6-10FCBEBBC244}C:\users\fabian\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\fabian\appdata\local\akamai\netsession_win.exe |
"TCP Query User{1ED63C1F-4D39-4337-84B8-8FAB246A5E80}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"TCP Query User{2A42BF2F-D85D-4311-B431-8A64A18A50B7}C:\users\fabian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\spotify\spotify.exe |
"TCP Query User{2F275784-B2A3-4C04-91A9-0A8A1CCEAEA3}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{2FA25496-A70F-4C0D-BCF1-BD8C9595C7EE}C:\program files (x86)\ubisoft\xiii\system\xiii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\xiii\system\xiii.exe |
"TCP Query User{3B4F8B9F-8C97-4529-AB3E-D56CC8BEF0DC}C:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe |
"TCP Query User{3C1C3D80-C17F-4597-8107-0F5A7AB98684}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"TCP Query User{3DAEEF68-A04C-4C1C-B386-1A8953D7A970}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"TCP Query User{45E0DC29-F7DC-47E8-AC12-737947A9CFB6}C:\program files (x86)\team17\worms 2\frontend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\team17\worms 2\frontend.exe |
"TCP Query User{4C1B3D2B-8C20-4C57-A46E-25D1D4D78F77}C:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe |
"TCP Query User{53702275-C954-449D-8D23-D01EFAA0DC29}C:\users\fabian\desktop\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\fabian\desktop\guild wars 2\gw2.exe |
"TCP Query User{54363B56-3D1B-4470-9A3A-295BAEBFE264}C:\users\fabian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\fabian\appdata\roaming\spotify\spotify.exe |
"TCP Query User{66CBB960-DA6B-49AA-BCDE-88F4C57F8111}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"TCP Query User{6C4775B1-9B18-49D9-90FE-BBE1E506208F}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{71394FF0-85AA-47F3-9EAC-69B10ABE38DC}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{99D1B461-EE0B-4C34-BE36-BA43730FC2D8}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{A4065F8B-B496-4B91-AE4D-75FB6AF8AD50}C:\users\fabian\desktop\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\users\fabian\desktop\spiele\guild wars 2\gw2.exe |
"TCP Query User{AEECB13C-FC77-402D-851D-58741CA4C6BE}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"TCP Query User{BD2FDC44-8E32-4250-AA23-B9629FECE508}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"TCP Query User{BFB83684-7F3C-4E1F-8650-5A95501E4727}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"TCP Query User{DC472359-E342-4787-B26E-2BB20D15D8C4}C:\users\fabian\appdata\local\temp\rar$exa0.170\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\fabian\appdata\local\temp\rar$exa0.170\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe |
"TCP Query User{DCC9958F-05A1-4DDB-92AE-B9193A64E35D}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{E4657D13-07EE-4819-A85A-F8F00D7DC3FC}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{F9852E57-4454-4314-A1A2-E1F992CED39A}C:\users\fabian\appdata\local\temp\rar$exa0.027\survivers_beta_3.exe" = protocol=6 | dir=in | app=c:\users\fabian\appdata\local\temp\rar$exa0.027\survivers_beta_3.exe |
"UDP Query User{16B8B3D8-FD5D-49D2-9DBE-2605D9CC7DD1}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{18190CA8-01C6-4358-BEB0-7332F9AC9473}C:\users\fabian\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\fabian\appdata\local\akamai\netsession_win.exe |
"UDP Query User{1C3CBF17-FEF4-4D39-ACCF-BC3F5B7BC449}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
"UDP Query User{1F706D98-3D04-4FAA-80D5-FF981028DEF1}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{2820604F-E23D-4FEB-AA11-A67B4B1E9BCF}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"UDP Query User{3FDE79BF-F3B1-4F60-B0A4-1BD9717FA6B8}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"UDP Query User{48D13E88-3674-4A97-9205-5C3A0A1EA0F7}C:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"UDP Query User{4A0666B2-5077-4C7A-99E5-E8F52EE28298}C:\program files (x86)\maniaplanet\maniaplanet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\maniaplanet\maniaplanet.exe |
"UDP Query User{4A18344C-B41F-4E96-829C-1F17F023200A}C:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe |
"UDP Query User{621E30B8-DEAD-4449-BDF3-0EFA5FB2FAA6}C:\users\fabian\desktop\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\fabian\desktop\guild wars 2\gw2.exe |
"UDP Query User{6309E64D-471B-41B6-BF75-52E57F85F4AB}C:\users\fabian\appdata\local\temp\rar$exa0.170\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\fabian\appdata\local\temp\rar$exa0.170\teeworlds-b122-r50edfd37-win32\teeworlds_srv.exe |
"UDP Query User{672D3A9F-F456-4D18-A68D-AE8F5EE5DB6C}C:\users\fabian\desktop\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\fabian\desktop\spiele\guild wars 2\gw2.exe |
"UDP Query User{73E13BFE-A6B7-4FD4-A0DA-F50AB9E28480}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{7BA1E02B-7E71-4169-A361-78B68119EE6C}C:\users\fabian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\spotify\spotify.exe |
"UDP Query User{7BD0B291-E974-4666-91AC-5782CCB70C96}C:\program files (x86)\team17\worms 2\frontend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\team17\worms 2\frontend.exe |
"UDP Query User{8C0231FE-C5FC-4D77-9041-6B7A53B35E66}C:\users\fabian\appdata\local\temp\rar$exa0.027\survivers_beta_3.exe" = protocol=17 | dir=in | app=c:\users\fabian\appdata\local\temp\rar$exa0.027\survivers_beta_3.exe |
"UDP Query User{9E82D9AF-29C2-48F8-B597-CD5684236B0D}C:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe |
"UDP Query User{AC0E9B34-232F-4F18-82C0-BB066C2ACF36}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{B458A061-24A1-4BF4-B693-47EB73FED130}C:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\fabian\desktop\*\spiele\guild wars 2\gw2.exe |
"UDP Query User{BF20FDED-86ED-4D49-B42B-D198418174BA}C:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe |
"UDP Query User{C152BE24-41C9-45DF-8D9F-7DC5E87FF24F}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"UDP Query User{D4AC6DB3-14D8-4D78-9246-C978E346D5C7}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{D8C47059-6AD9-4F0A-A849-B143F334DEA2}C:\program files (x86)\ubisoft\xiii\system\xiii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\xiii\system\xiii.exe |
"UDP Query User{E5F6991C-AFC5-4D87-9EB1-6AA08659DBA0}C:\users\fabian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\fabian\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F2342B56-FBFB-41EF-9EF0-2B096A9443D3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{F6D3DF2E-D0B8-4CAA-891D-0A64F9D3C17D}C:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\users\fabian\desktop\*\spiele\sonstige\guild wars 2\gw2.exe |
"UDP Query User{FA61BDBE-BB3A-43C6-B378-6BFDECF2CB59}C:\program files (x86)\six projects\six updater\tools\bin\rsync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\six projects\six updater\tools\bin\rsync.exe |
"UDP Query User{FD6F3950-A90C-492B-A9FE-C829CE2163E6}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417021FF}" = Java 7 Update 21 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{50150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C768E610-4DFB-4A60-A59B-71549EB7BF75}" = HP Officejet 6600 - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Office Professional 15 (Technical Preview) - en-us" = Microsoft Office 365 Home Premium Preview - en-us
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VIRTU_is1" = VIRTU 1.2.106
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
"XFast LAN" = XFast LAN v6.61
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{42BC0474-6E50-464A-8183-5E3D32E41B1B}" = XIII
"{48379835-BF2E-4487-9CB1-D5E654502B53}" = Medal of Honor™ Warfighter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63B7AC7E-0178-4F4F-A79B-08D97ADD02D7}" = System Requirements Lab for Intel
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72376EB6-0189-45B3-A4F6-823F549697C3}" = MOUSE Editor
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed III 1.01
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{C818BA3A-226F-4ED0-9CEF-96A0DF300211}" = HP Officejet 6600 Hilfe
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCD3BA7F-0DFA-2679-44D2-0EC11238AF9D}" = Fragen-Lern-CD 4.3
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Akamai" = Akamai NetSession Interface
"AllemeinePassworte" = Alle meine Passworte 3.20
"aTube Catcher" = aTube Catcher
"avast" = avast! Internet Security
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cossacks : The Art Of War" = Cossacks - The Art Of War
"de.3m5.wendel.flcd.FLCDB.FC622282278C06838B5CD08883589F2C8AB9EEDC.1" = Fragen-Lern-CD 4.3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Guild Wars" = GUILD WARS
"HP Photo Creations" = HP Photo Creations
"InstallShield_{72376EB6-0189-45B3-A4F6-823F549697C3}" = Mouse Editor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"Razer Core" = Razer Core
"Secunia PSI" = Secunia PSI (3.0.0.7009)
"Steam App 107100" = Bastion
"Steam App 108710" = Alan Wake
"Steam App 113200" = The Binding of Isaac
"Steam App 207610" = The Walking Dead
"Steam App 31100" = Wallace & Gromit Ep 1: Fright of the Bumblebees
"Steam App 31110" = Wallace & Gromit Ep 2: The Last Resort
"Steam App 31120" = Wallace & Gromit Ep 3: Muzzled!
"Steam App 31130" = Wallace & Gromit Ep 4: The Bogey Man
"Steam App 43110" = Metro 2033
"Steam App 49520" = Borderlands 2
"Steam App 55230" = Saints Row: The Third
"Steam App 570" = Dota 2
"Steam App 65800" = Dungeon Defenders
"Steam App 72000" = Closure
"Steam App 94600" = Hector: Ep 1
"Steam App 94610" = Hector: Ep 2
"Steam App 94620" = Hector: Ep 3
"TmNationsForever_is1" = TmNationsForever
"TmUnitedForever_is1" = TmUnitedForever
"Uplay" = Uplay
"XFastUsb" = XFastUsb
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3485898032-1890299033-1484769855-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
"Akamai" = Akamai NetSession Interface
"SOE-C:/Users/Fabian/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.06.2013 14:45:58 | Computer Name = Fabian-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 09.06.2013 14:46:04 | Computer Name = Fabian-PC | Source = Windows Search Service | ID = 3029
Description =
 
Error - 09.06.2013 14:46:04 | Computer Name = Fabian-PC | Source = Windows Search Service | ID = 3028
Description =
 
Error - 09.06.2013 14:46:04 | Computer Name = Fabian-PC | Source = Windows Search Service | ID = 3058
Description =
 
Error - 09.06.2013 14:46:04 | Computer Name = Fabian-PC | Source = Windows Search Service | ID = 7010
Description =
 
Error - 09.06.2013 14:46:06 | Computer Name = Fabian-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 09.06.2013 14:53:15 | Computer Name = Fabian-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 09.06.2013 15:10:05 | Computer Name = Fabian-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 09.06.2013 16:45:36 | Computer Name = Fabian-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 09.06.2013 17:11:56 | Computer Name = Fabian-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 13c0    Startzeit:
 01ce6555abc46259    Endzeit: 5    Anwendungspfad: C:\Users\Fabian\Desktop\OTL.exe    Berichts-ID:
 
 
Error - 10.06.2013 08:03:14 | Computer Name = Fabian-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 09.06.2013 15:08:59 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Hi-Rez Studios Authenticate and Update Service erreicht.
 
Error - 09.06.2013 15:09:10 | Computer Name = Fabian-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 09.06.2013 15:14:57 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 09.06.2013 16:43:56 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "HitmanPro 3.7 Crusader (Boot)" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%0.
 
Error - 09.06.2013 16:44:10 | Computer Name = Fabian-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 09.06.2013 16:45:55 | Computer Name = Fabian-PC | Source = DCOM | ID = 10005
Description =
 
Error - 09.06.2013 16:45:55 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 09.06.2013 16:45:55 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1053
 
Error - 10.06.2013 08:01:50 | Computer Name = Fabian-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\tandpl.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 10.06.2013 08:02:25 | Computer Name = Fabian-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst MBAMService erreicht.
 
 
< End of report >

markusg 10.06.2013 15:24
Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
IE - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\..\SearchScopes\{32D25FF0-DED2-4F55-8808-D75183262EC7}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=6E7F53E6-DA4D-4DD5-BECC-02892B368336&apn_sauid=B69CFF74-9B41-4718-BB59-06F8B6687D05
O3 - HKU\S-1-5-21-3485898032-1890299033-1484769855-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.

theNeises 10.06.2013 16:42
.Txt Datei:
Code:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-3485898032-1890299033-1484769855-1000\Software\Microsoft\Internet Explorer\SearchScopes\{32D25FF0-DED2-4F55-8808-D75183262EC7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32D25FF0-DED2-4F55-8808-D75183262EC7}\ not found.
Registry value HKEY_USERS\S-1-5-21-3485898032-1890299033-1484769855-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Fabian
->Temp folder emptied: 109522500 bytes
->Temporary Internet Files folder emptied: 213198 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 113797074 bytes
->Opera cache emptied: 197737 bytes
->Flash cache emptied: 1106 bytes
 
User: Fabian N
->Temp folder emptied: 9961562 bytes
->Temporary Internet Files folder emptied: 20774123 bytes
->FireFox cache emptied: 48803150 bytes
->Flash cache emptied: 1361 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 94703366 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 380,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06102013_172918

Files\Folders moved on Reboot...
C:\Users\Fabian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\FireFly(201306101401488E0).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2rdll(201306101401498E0).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(201306101401488E0).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(201306101401498E0).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Zu Firefox und co gibt es keine Toolbars oder sonstiges
Programme laufen schneller und spiele flüssiger. Ist es normal das Firefox 200k Arbeitsspeicher benötigt bei einem Tab? Ansonsten ist alles in Ordnung (:
Zum Pc es kommt mir so vor das er auch wieder schneller hochfährt und Programme schneller ausführt.

markusg 10.06.2013 19:15
du meinst 2000 mb, ja das sollte passen
öffne otl, bereinigen, PC startet neu, Remover werden gelöscht.
lösche übrig gebliebene Logs, Setups, von uns verwendete Programme.
pc absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
http://support.google.com/chrome/bin...&answer=118663
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

theNeises 10.06.2013 20:16
Liste der Anhänge anzeigen (Anzahl: 1)
Hi,
Habe alle Schritte durchgeführt und lade grad das Emisoft Anti Malware programm runter was ich dann auch nach ablauf der testzeit kaufen werde.
Habe nur eine frage in dem Shop gibts noch Angebote die man dabei kaufen kann sind die wichtig oder kann man die weglassen? Habe mal ein Screenshot gemacht und das Angebot rot umrandet. Und dann hätt ich noch eine frage welche programme beim Start ausgeführt werden sollen z.B Secunia für den Update Check oder Panda USB Vaccine sollen einfach starten bei bedarf oder beim hochfahren ausführen?

markusg 10.06.2013 21:39
hi nur emsisoft kaufen.

emsisoft öffnen, einstellungen klicken.
geplanter scan.
wähle starten um, ich persönlich hab monatlich, kannst aber auch wöchendlich einstellen.
uhrzeit, und bei monatlich ebenfalls datum wählen.
unsichtbar, falls du das scan fenster nicht sehen möchtest.
und verpasste scans nachholen.
auto update:
intervall, täglich, stündlich von 00.00 bis 23.59
heißt jede stunde updates.
einstellung: update
am antimalware network teilnemen.
die andern beiden haken, beta updates und zusätzliche sprachen, nicht setzen.

rest bleibt.
klicke jetzt auf wächter:
dort auf wächter.
verhaltensanalyse aktivieren, alles selektieren.
jetzt auf alarme:
aktiviere dort comunety basierte alarm reduktion.
unter anderem dafür gibt es das antimalware network.
die comunety basierte alarm reduktion betrifft die verhaltensanalyse.
emsisoft gibt, bei einigen programmen, meldungen raus, weil das verhalten des programmes dies notwendig macht.
da manche user sich damit nicht auskennen, was keine schande ist, :-) wird hier geprüft, wie viele nutzer haben programm x erlaubt oder blockiert.
hier haben wir im moment 90 % eingestellt, also wenn 90 % sagen, das programm ist io, wird ne erlauben regel angelegt, wenn sie sagen, programm x ist bösartig, automatisch blockiert.
wenn du dir das allein zutraust, musst du den haken nicht setzen.
wenn zb nur 70 % aller user sagen programm x ist gut oder bösartig, wird dir dies in einer grafik angezeigt
jetzt auf datei wächter.
standard atkion für erkannte objekte, alarmieren.
surf schutz:
hier alles auf blockieren mit info.
wenn es eine seite gibt, die versehens blockiert wird, kanns du die direkt über das popup erlauben was es bei der blockierung gibt, oder über host regeln.
wenn dir diese info popups nicht gefallen musst du alles auf unsichtbar blockieren stellen, aber drann denken, zu prüfen wenn du ne seite hast, die nicht geladen wird, ob emsi sie geblockt hatt.

das währe es, hoffe es war verständlich.

die von mir genannten Programme automatisch starten.
kannst ja mal den ccleaner öffnen, extras, autostartliste, Windows, als txt speichern und posten.

theNeises 10.06.2013 21:49
Vielen Dank hab Einstellung alles übernommen.
Hier sind startprogramme als .txt:

Code:
Nein        HKCU:Run        ApplePhotoStreams                C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Nein        HKCU:Run        EADM        Electronic Arts        "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
Nein        HKCU:Run        GAINWARD                C:\Program Files (x86)\EXPERTool\TBPanel.exe /A
Nein        HKCU:Run        Hobbyist Software VLC Streamer                "C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup
Nein        HKCU:Run        iFunBoxConnector                "C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe"
Nein        HKCU:Run        LOLReplay Recorder                "C:\Program Files (x86)\LOLReplay\LOLRecorder.exe" -minimize
Nein        HKCU:Run        NetLimiter                C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
Nein        HKCU:Run        NokiaSuite.exe                C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
Ja        HKCU:Run        OscarEditor                "C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe" Minimum
Ja        HKCU:Run        Pando Media Booster        Pando Networks, Inc.        C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
Ja        HKCU:Run        SandboxieControl        SANDBOXIE L.T.D        "C:\Program Files\Sandboxie\SbieCtrl.exe"
Nein        HKCU:Run        SanDiskSecureAccess_Manager.exe        Gemalto N.V.        C:\Users\Fabian\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
Nein        HKCU:Run        Skype        Skype Technologies S.A.        "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Ja        HKCU:Run        Spotify Web Helper                "C:\Users\Fabian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
Nein        HKCU:Run        Steam        Valve Corporation        "C:\Program Files (x86)\Steam\Steam.exe" -silent
Ja        HKLM:Run        Adobe ARM        Adobe Systems Incorporated        "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja        HKLM:Run        APSDaemon        Apple Inc.        "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Nein        HKLM:Run        AutoShutdownManager                C:\Program Files (x86)\AutoShutdownManager\AutoShutdownManager.exe
Nein        HKLM:Run        AVMWlanClient        AVM Berlin        C:\Program Files (x86)\avmwlanstick\wlangui.exe
Nein        HKLM:Run        BullGuard                "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
Ja        HKLM:Run        emsisoft anti-malware        Emsisoft GmbH        "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
Ja        HKLM:Run        HotKeysCmds        Intel Corporation        C:\Windows\system32\hkcmd.exe
Ja        HKLM:Run        HP Software Update        Hewlett-Packard        C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
Ja        HKLM:Run        IgfxTray        Intel Corporation        C:\Windows\system32\igfxtray.exe
Nein        HKLM:Run        iTunesHelper        Apple Inc.        "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Ja        HKLM:Run        Launch LCore        Logitech Inc.        C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
Nein        HKLM:Run        Logitech G35                C:\Program Files (x86)\Logitech\G35\G35.exe
Nein        HKLM:Run        LogMeIn Hamachi Ui                "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
Ja        HKLM:Run        Nvtmru        NVIDIA Corporation        "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
Ja        HKLM:Run        Persistence        Intel Corporation        C:\Windows\system32\igfxpers.exe
Nein        HKLM:Run        QuickTime Task                "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Nein        HKLM:Run        RaidCall        RAIDCALL.COM        C:\Program Files (x86)\RaidCall\raidcall.exe
Ja        HKLM:Run        Razer Synapse        Razer Inc.        "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
Ja        HKLM:Run        RTHDVCPL        Realtek Semiconductor        C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Nein        HKLM:Run        THX TruStudio NB Settings        Creative Technology Ltd        "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
Ja        HKLM:Run        THXCfg64        Microsoft Corporation        C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
Ja        HKLM:Run        UpdReg        Creative Technology Ltd.        C:\Windows\UpdReg.EXE
Nein        HKLM:Run        VIRTU        Lucidlogix Technologies LTD        C:\Program Files\Lucidlogix Technologies\VIRTU\VirtuControlPanel.Exe /hide
Nein        HKLM:Run        XFast LAN        cFos Software GmbH        C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe
Nein        HKLM:Run        XFastUsb        FNet Co., Ltd.        C:\Program Files (x86)\XFastUsb\XFastUsb.exe
Ja        Startup Common        Secunia PSI Tray.lnk        Secunia        C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
Nein        Startup User        OpenOffice.org 3.4.1.lnk                C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE
Nein        Startup User        tbhcn.lnk                C:\Users\Fabian\AppData\Roaming\BROWSE~1\tbhcn.exe -interval=10 -IEhome=0 -IEsearch=0 -FFhome=0 -FFsearch=0 -CHhome=0 -CHsearch=0 -pubId=ginyas_377 -affId=g377_sfexp_de

markusg 10.06.2013 22:20
deaktiviere alles außer:
SandboxieControl
emsisoft
HotKeysCmds
Common Secunia
2 mal neustarten, wenn was wichtiges fehlt, reaktivieren

theNeises 11.06.2013 13:12
Hi Markus
startprogramme wurden geändert hätte noch eine letzte frage wie oft sollte man ein Backup der festplatte durchführen?

markusg 11.06.2013 13:22
na, kommt auf dein Nutzungsverhalten an. würd schon mindestens 2x pro monat eines machen.auf eine externe platte, die nur zum Zeitpunkt des Backups angeschlossen wird, und sonst irgendwo sicher bliegt

theNeises 11.06.2013 13:24
Alles Klar (:
Sind wir damit Fertig oder soll ich noch irgendwas machen?

markusg 11.06.2013 13:31
hi
ja keine Upgrade instalation, sondern ne neue machen, falls da win8 drauf soll
das neue system bzw das hier falls du es behältst absichern.
otl öffnen, bereinigen, pc startetneu, löscht remover.
Lösche übrig gebliebene Logs, Setups, von uns verwendete Programme
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
http://support.google.com/chrome/bin...&answer=118663
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

theNeises 11.06.2013 13:48
Gut hab ich gestern schon gemacht (:
Dann vielen vielen Dank für deine Hilfe (:
hoffentlich hab ich mich nicht all zu dumm angestellt sodass man mit mir gut arbeiten konnte.
Spende ist auch schon unterwegs (:
Hoffentlich muss ich nichtmehr wieder kommen wegen einem Trojaner oder sonstigem Problem.

markusg 11.06.2013 13:52
bitte noch mal melden wenn die Anleitung durch ist, passwörter ändern, danke fürs spenden

theNeises 11.06.2013 14:07
Hast mir die Anleitung gestern schon geschickt hab die Anleitung bereits fertig (:

markusg 11.06.2013 18:05
sorry, ja dann haben wirdb

theNeises 11.06.2013 19:13
Alles Klar (:
Vielen Vielen Dank
Hoffe man konnte mit mir gut Arbeiten ;)
Werde bei Problemen sehr wahrscheinlich direkt wieder kommen :D

markusg 11.06.2013 19:16
kann nich klagen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:04 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131