| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: JS:agent-AXQ [Trj] beim Aufrufen von einer WebsiteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.01.2013, 16:20
| #1 |
 | ![JS:agent-AXQ [Trj] beim Aufrufen von einer Website - Standard](images/icons/icon1.gif){kind=icon} JS:agent-AXQ [Trj] beim Aufrufen von einer Website Hallo, gestern Abend war unsere Webseite für eine gewisse Zeit nicht erreichbar. Firefox meldete bei mir z.B. Code:
ATTFilter Content Encoding Error
The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression.
Please contact the website owners to inform them of this problem.
Zur gleichen Zeit, oder etwas später meldeten sich erste User, dass ihr Antivirenprogramm den Zugriff auf die Seite verwehrt. Anscheinend wurde eine Sicherheitslücke in der Forensoftware unserer Seite ausgenutzt, um den oben genannten Schädling in sämtliche index.php zu injizieren. Die Bezeichnung "JS:agent-AXQ [Trj]" bezieht sich auf die Meldung von Avast, die bei einem der Admins ausgelöst hat. Glücklicherweise wurde dies recht schnell erkannt, so dass die Seite offline genommen werden konnte, um den Schadcode zu entfernen und die Sicherheitslücke zu schließen. Dennoch gab es einen gewissen Zeitraum, wo dieser Schädling sein Werk verrichten konnte, wie auch immer das aussehen mag. Nun hab ich aber Angst, dass ich auch davon betroffen sein könnte, weil ich zu dem Zeitpunkt leider ohne Virenschutz unterwegs war. Ich hab im Nachhinein Antivir und MBAM installiert und erstmal einen Check durchgeführt, dabei aber natürlich nix gefunden. Vielleicht hab ich auch Glück und er konnte sein Werk gar nicht vollbringen, weil bei anderen Mitgliedern des Boards Infizierungen im temporary internet files Ordner gefunden wurden. Ich hab Firefox jedoch so eingestellt, das er jedesmal beim Beenden den Cache löscht. Desweiteren schließe ich aus dem "JS", dass es sich dabei um einen Javascript Virus handelt? Nun hab ich aber JRE nicht installiert und im Firefox taucht weder unter Plugins noch unter Addons Java auf, in den Einstellungen war Java jedoch aktiviert? Angst bleibt natürlich trotzdem, dass ich irgendwas aufm Rechner hab, zumal ich nichtmal weiß, wie sich dieser Schädling bemerkbar machen würde. Deshalb hab ich mich nun erstmal hier gemeldet und hoffe, das mir jemand helfen kann, mit an 100%iger Sicherheit grenzender Wahrscheinlichkeit zu sagen, ob mein System infiziert ist oder nicht. Entsprechend der Anweisungen hänge ich nun noch die gewünschten Logs an: OTL.txt Code:
ATTFilter OTL logfile created on: 24.01.2013 15:25:08 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,89 Gb Total Physical Memory | 14,19 Gb Available Physical Memory | 89,32% Memory free 31,77 Gb Paging File | 30,00 Gb Available in Paging File | 94,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78,12 Gb Total Space | 32,65 Gb Free Space | 41,80% Space Free | Partition Type: NTFS Drive D: | 160,35 Gb Total Space | 45,32 Gb Free Space | 28,26% Space Free | Partition Type: NTFS Drive E: | 292,97 Gb Total Space | 292,75 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive F: | 556,64 Gb Total Space | 556,32 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive G: | 1013,41 Gb Total Space | 1009,63 Gb Free Space | 99,63% Space Free | Partition Type: NTFS Drive H: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe (Andreas Sammann) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\C2DtoG15\C2DtoG15.exe (Andreas Sammann) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\C2DtoG15\LgLcdLibWrapper.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SystoG15Svc) -- C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe (Andreas Sammann) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.) DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (AsrRamDisk) -- C:\Windows\SysNative\drivers\AsrRamDisk.sys (ASRock Inc.) DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\C2DtoG15\WinRing0x64.sys (OpenLibSys.org) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB C3 A6 48 85 EE CD 01 [binary data] IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB C3 A6 48 85 EE CD 01 [binary data] IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4 FF - prefs.js..extensions.enabledAddons: %7Bd166ee2a-36bb-4f33-aff7-e85f912df509%7D:0.5.0.0b3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.01.09 20:12:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.20 19:49:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.20 19:49:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.01.09 20:04:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.01.10 20:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jaahpqz4.default\extensions [2013.01.10 16:16:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jaahpqz4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.01.10 16:16:27 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jaahpqz4.default\extensions\firefox@ghostery.com [2013.01.10 16:11:40 | 000,001,372 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jaahpqz4.default\extensions\appbuttonclear@mozilla.org.xpi [2013.01.10 16:11:46 | 000,001,306 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jaahpqz4.default\extensions\appbuttonclose@mozilla.org.xpi [2013.01.10 16:14:12 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jaahpqz4.default\extensions\compatibility@addons.mozilla.org.xpi [2013.01.10 16:14:26 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jaahpqz4.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013.01.10 16:12:42 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jaahpqz4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.10 20:38:13 | 000,128,884 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jaahpqz4.default\extensions\{d166ee2a-36bb-4f33-aff7-e85f912df509}.xpi [2013.01.09 20:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 02:22:52 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3915190912-495410321-2236549280-1000..\Run: [ASRockXTU] File not found O4 - HKU\S-1-5-21-3915190912-495410321-2236549280-1000..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-3915190912-495410321-2236549280-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3915190912-495410321-2236549280-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk = C:\Program Files (x86)\C2DtoG15\C2DtoG15.exe (Andreas Sammann) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{789D210E-1D4E-46C2-A200-AB619D371539}: DhcpNameServer = 192.168.1.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.06.12 03:27:33 | 000,000,140 | R--- | M] () - H:\autorun.inf -- [ UDF ] O33 - MountPoints2\{ea859051-5aad-11e2-8e8e-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{ea859051-5aad-11e2-8e8e-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Setup\rsrc\AUTORUN.EXE -- [2007.03.23 00:57:09 | 000,051,336 | R--- | M] () O33 - MountPoints2\{ea859051-5aad-11e2-8e8e-806e6f6e6963}\Shell\dinstall\command - "" = H:\DirectX\DXSETUP.exe -- [2007.06.01 04:23:56 | 000,503,144 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.24 15:18:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.23 22:38:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2013.01.23 22:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.23 22:33:14 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.01.23 22:33:14 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.01.23 22:33:14 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.23 22:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.01.23 22:33:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.01.23 22:29:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.01.23 22:29:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.23 22:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.23 22:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.23 22:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.23 22:29:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.01.22 22:13:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Florian Klein Software [2013.01.21 10:37:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2013.01.20 19:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.01.20 19:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.01.20 19:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.01.20 19:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.01.20 19:49:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2013.01.20 19:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.01.20 19:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.01.19 02:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.01.19 02:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.01.14 22:22:44 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Games [2013.01.14 18:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.01.14 18:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.01.11 21:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision [2013.01.11 21:16:40 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Wasteland_United_takistan.takistan [2013.01.11 21:16:38 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Wasteland_United_Chernarus.Chernarus [2013.01.11 21:16:33 | 000,000,000 | ---D | C] -- C:\Users\***w\AppData\Local\PboM [2013.01.11 20:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps [2013.01.11 19:44:07 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails [2013.01.11 19:43:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\gegl-0.2 [2013.01.11 19:43:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\fontconfig [2013.01.11 19:43:42 | 000,000,000 | ---D | C] -- C:\Users\***\.gimp-2.8 [2013.01.11 19:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2013.01.11 00:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\PBO Manager v.1.4 beta [2013.01.11 00:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PBO Manager [2013.01.11 00:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.01.10 22:59:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.01.10 22:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.01.10 22:59:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Notepad++ [2013.01.10 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2013.01.10 22:00:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.01.10 21:57:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Google [2013.01.10 21:56:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2013.01.10 21:06:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Buldozer Viewer [2013.01.10 20:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive [2013.01.10 18:56:37 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2013.01.10 18:56:37 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2013.01.10 18:56:37 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2013.01.10 18:56:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2013.01.10 18:56:36 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2013.01.10 18:56:36 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2013.01.10 18:56:36 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2013.01.10 18:56:36 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2013.01.10 18:56:36 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2013.01.10 18:56:36 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2013.01.10 18:56:36 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2013.01.10 18:56:36 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2013.01.10 18:56:36 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2013.01.10 18:56:36 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2013.01.10 18:56:36 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2013.01.10 18:56:36 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2013.01.10 18:56:36 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2013.01.10 18:56:36 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2013.01.10 16:02:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Thunderbird [2013.01.10 16:02:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Thunderbird [2013.01.10 16:02:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.01.10 15:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.01.10 15:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.01.09 23:43:09 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.01.09 23:43:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.01.09 23:42:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.01.09 23:42:30 | 000,000,000 | -HSD | C] -- C:\Boot [2013.01.09 22:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio [2013.01.09 22:18:28 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2013.01.09 22:18:28 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2013.01.09 22:18:28 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2013.01.09 22:18:28 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2013.01.09 22:18:28 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2013.01.09 22:18:28 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2013.01.09 21:48:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TS3Client [2013.01.09 21:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.01.09 21:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2013.01.09 21:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2013.01.09 21:42:20 | 000,000,000 | ---D | C] -- C:\Fraps [2013.01.09 21:41:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2013.01.09 21:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.01.09 21:29:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ArmA 2 OA [2013.01.09 21:29:03 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ArmA 2 [2013.01.09 21:26:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2013.01.09 21:18:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\C2DtoG15 [2013.01.09 21:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C2DtoG15 [2013.01.09 21:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\C2DtoG15 [2013.01.09 20:12:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2013.01.09 20:12:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Logishrd [2013.01.09 20:12:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2013.01.09 20:12:30 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2013.01.09 20:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2013.01.09 20:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2013.01.09 20:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2013.01.09 20:10:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NVIDIA [2013.01.09 20:10:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Logitech [2013.01.09 20:10:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Leadertech [2013.01.09 20:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.01.09 20:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2013.01.09 20:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2013.01.09 20:09:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Logitech [2013.01.09 20:09:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Logishrd [2013.01.09 20:08:48 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2013.01.09 20:08:48 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2013.01.09 20:08:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2013.01.09 20:08:48 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2013.01.09 20:08:47 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2013.01.09 20:08:47 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2013.01.09 20:08:47 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2013.01.09 20:08:47 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2013.01.09 20:08:47 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2013.01.09 20:08:47 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2013.01.09 20:08:47 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2013.01.09 20:08:47 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2013.01.09 20:08:46 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2013.01.09 20:08:46 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2013.01.09 20:08:46 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2013.01.09 20:08:46 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2013.01.09 20:08:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2013.01.09 20:08:46 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2013.01.09 20:08:46 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2013.01.09 20:08:46 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2013.01.09 20:08:46 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2013.01.09 20:08:46 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2013.01.09 20:08:46 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2013.01.09 20:08:46 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2013.01.09 20:08:46 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2013.01.09 20:08:46 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2013.01.09 20:08:45 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2013.01.09 20:08:45 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2013.01.09 20:08:45 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2013.01.09 20:08:45 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2013.01.09 20:08:45 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2013.01.09 20:08:45 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2013.01.09 20:08:45 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2013.01.09 20:08:45 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2013.01.09 20:08:45 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2013.01.09 20:08:45 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2013.01.09 20:08:45 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2013.01.09 20:08:45 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2013.01.09 20:08:45 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2013.01.09 20:08:45 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2013.01.09 20:08:44 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2013.01.09 20:08:44 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2013.01.09 20:08:44 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2013.01.09 20:08:44 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2013.01.09 20:08:44 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2013.01.09 20:08:44 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2013.01.09 20:08:44 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2013.01.09 20:08:44 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2013.01.09 20:08:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2013.01.09 20:08:44 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2013.01.09 20:08:44 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2013.01.09 20:08:44 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2013.01.09 20:08:44 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2013.01.09 20:08:44 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2013.01.09 20:08:43 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2013.01.09 20:08:43 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2013.01.09 20:08:43 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2013.01.09 20:08:43 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2013.01.09 20:08:43 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2013.01.09 20:08:43 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2013.01.09 20:08:43 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2013.01.09 20:08:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2013.01.09 20:08:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2013.01.09 20:08:43 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2013.01.09 20:08:43 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2013.01.09 20:08:43 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2013.01.09 20:08:43 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2013.01.09 20:08:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2013.01.09 20:08:42 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2013.01.09 20:08:42 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2013.01.09 20:08:42 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2013.01.09 20:08:42 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2013.01.09 20:08:42 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2013.01.09 20:08:42 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2013.01.09 20:08:42 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2013.01.09 20:08:42 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2013.01.09 20:08:42 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2013.01.09 20:08:42 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2013.01.09 20:08:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2013.01.09 20:08:42 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2013.01.09 20:08:42 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2013.01.09 20:08:42 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2013.01.09 20:08:41 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2013.01.09 20:08:41 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2013.01.09 20:08:41 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2013.01.09 20:08:41 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2013.01.09 20:08:41 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2013.01.09 20:08:41 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2013.01.09 20:08:41 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2013.01.09 20:08:41 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2013.01.09 20:08:40 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2013.01.09 20:08:40 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2013.01.09 20:08:40 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2013.01.09 20:08:40 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2013.01.09 20:08:40 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2013.01.09 20:08:40 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2013.01.09 20:08:40 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2013.01.09 20:08:40 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2013.01.09 20:08:40 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2013.01.09 20:08:40 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2013.01.09 20:08:40 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2013.01.09 20:08:40 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2013.01.09 20:08:40 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2013.01.09 20:08:40 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2013.01.09 20:08:39 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2013.01.09 20:08:39 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2013.01.09 20:08:39 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2013.01.09 20:08:39 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2013.01.09 20:08:39 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2013.01.09 20:08:39 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2013.01.09 20:08:39 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2013.01.09 20:08:39 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2013.01.09 20:08:39 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2013.01.09 20:08:39 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2013.01.09 20:08:39 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2013.01.09 20:08:39 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2013.01.09 20:08:38 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2013.01.09 20:08:38 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2013.01.09 20:08:38 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2013.01.09 20:08:38 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2013.01.09 20:08:38 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2013.01.09 20:08:38 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2013.01.09 20:08:38 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2013.01.09 20:08:38 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2013.01.09 20:08:38 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2013.01.09 20:08:38 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2013.01.09 20:08:38 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2013.01.09 20:08:38 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2013.01.09 20:08:37 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2013.01.09 20:08:37 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2013.01.09 20:08:37 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2013.01.09 20:08:37 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2013.01.09 20:08:37 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2013.01.09 20:08:37 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2013.01.09 20:08:37 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2013.01.09 20:08:37 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2013.01.09 20:08:37 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2013.01.09 20:08:37 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2013.01.09 20:08:37 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2013.01.09 20:08:37 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2013.01.09 20:08:36 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2013.01.09 20:08:36 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2013.01.09 20:08:36 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2013.01.09 20:08:36 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2013.01.09 20:08:36 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2013.01.09 20:08:36 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2013.01.09 20:08:35 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2013.01.09 20:08:35 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2013.01.09 20:08:35 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2013.01.09 20:08:35 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2013.01.09 20:08:35 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2013.01.09 20:08:35 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2013.01.09 20:08:34 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2013.01.09 20:08:34 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2013.01.09 20:08:34 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2013.01.09 20:08:34 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2013.01.09 20:08:34 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2013.01.09 20:08:34 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2013.01.09 20:08:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2013.01.09 20:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2013.01.09 20:04:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2013.01.09 20:04:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2013.01.09 20:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.09 17:52:20 | 000,031,016 | ---- | C] (ASRock Inc.) -- C:\Windows\SysNative\drivers\AsrRamDisk.sys [2013.01.09 17:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility [2013.01.09 17:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility [2013.01.09 17:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASRock Utility [2013.01.09 17:47:40 | 000,032,320 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS [2013.01.09 17:47:38 | 000,016,648 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS [2013.01.09 17:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XFastUSB [2013.01.09 17:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast USB [2013.01.09 17:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET [2013.01.09 17:37:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.01.09 17:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.01.09 17:37:25 | 003,845,736 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2013.01.09 17:37:25 | 002,652,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2013.01.09 17:37:25 | 002,603,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.01.09 17:37:25 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.01.09 17:37:25 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2013.01.09 17:37:25 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2013.01.09 17:37:25 | 000,958,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.01.09 17:37:25 | 000,894,040 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll [2013.01.09 17:37:25 | 000,823,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2013.01.09 17:37:25 | 000,750,680 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll [2013.01.09 17:37:25 | 000,626,264 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBTHX64.dll [2013.01.09 17:37:25 | 000,561,752 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBTHX32.dll [2013.01.09 17:37:25 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.01.09 17:37:25 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.01.09 17:37:25 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2013.01.09 17:37:25 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.01.09 17:37:25 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.01.09 17:37:25 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.01.09 17:37:25 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.01.09 17:37:25 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.01.09 17:37:25 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.01.09 17:37:25 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.01.09 17:37:25 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2013.01.09 17:37:25 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.01.09 17:37:25 | 000,100,968 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2013.01.09 17:37:25 | 000,080,984 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll [2013.01.09 17:37:25 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.01.09 17:37:25 | 000,032,344 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\MBfilt64.sys [2013.01.09 17:37:25 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2013.01.09 17:37:24 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.01.09 17:37:24 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2013.01.09 17:37:24 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2013.01.09 17:37:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.01.09 17:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.01.09 17:37:20 | 001,698,408 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2013.01.09 17:37:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.01.09 17:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.01.09 17:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.01.09 17:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.01.09 17:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.01.09 17:24:31 | 006,382,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2013.01.09 17:24:31 | 003,455,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2013.01.09 17:24:31 | 002,558,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2013.01.09 17:24:31 | 000,118,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2013.01.09 17:24:31 | 000,063,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2013.01.09 17:24:25 | 000,061,368 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.01.09 17:24:25 | 000,053,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.01.09 17:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.01.09 17:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.01.09 17:24:13 | 026,931,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.01.09 17:24:13 | 025,256,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.01.09 17:24:13 | 020,450,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.01.09 17:24:13 | 018,054,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.01.09 17:24:13 | 017,560,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.01.09 17:24:13 | 015,129,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013.01.09 17:24:13 | 015,052,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013.01.09 17:24:13 | 012,641,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.01.09 17:24:13 | 009,389,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.01.09 17:24:13 | 007,931,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.01.09 17:24:13 | 007,565,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.01.09 17:24:13 | 006,263,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.01.09 17:24:13 | 002,904,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.01.09 17:24:13 | 002,824,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2013.01.09 17:24:13 | 002,720,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.01.09 17:24:13 | 002,504,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013.01.09 17:24:13 | 002,344,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.01.09 17:24:13 | 001,985,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.01.09 17:24:13 | 001,813,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2013.01.09 17:24:13 | 001,504,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2013.01.09 17:24:13 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll [2013.01.09 17:24:13 | 001,107,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2013.01.09 17:24:13 | 000,958,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013.01.09 17:24:13 | 000,420,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll [2013.01.09 17:24:13 | 000,364,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll [2013.01.09 17:24:13 | 000,246,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013.01.09 17:24:13 | 000,201,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2013.01.09 17:24:13 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2013.01.09 17:24:13 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2013.01.09 17:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.01.09 17:23:36 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.01.09 17:21:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2013.01.09 17:21:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2013.01.09 17:21:10 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 17:21:10 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.09 17:21:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.01.09 17:21:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.01.09 17:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom [2013.01.09 17:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM106xSATA [2013.01.09 17:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology [2013.01.09 17:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3 [2013.01.09 17:17:27 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.01.09 17:17:02 | 000,041,984 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\USB3Ver.dll [2013.01.09 17:14:28 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.01.09 17:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.01.09 17:14:13 | 000,000,000 | ---D | C] -- C:\Intel [2013.01.09 17:10:52 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll [2013.01.09 17:10:52 | 000,016,152 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iusb3hcs.sys [2013.01.09 17:10:51 | 000,788,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iusb3xhc.sys [2013.01.09 17:10:51 | 000,356,120 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iusb3hub.sys [2013.01.09 16:48:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.01.09 16:47:09 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.01.09 16:47:09 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2013.01.09 16:47:09 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.01.09 16:47:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2013.01.09 16:47:03 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2013.01.09 16:47:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2013.01.09 16:47:00 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2013.01.09 16:47:00 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2013.01.09 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2013.01.09 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2013.01.09 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\Programme [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.12.29 02:54:24 | 000,550,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe ========== Files - Modified Within 30 Days ========== [2013.01.24 15:17:00 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.24 15:14:18 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe [2013.01.24 14:46:37 | 000,040,082 | ---- | M] () -- C:\Users\***\Documents\immernoch.png [2013.01.24 14:46:37 | 000,004,540 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.01.24 14:39:08 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 14:39:08 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.24 14:37:54 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.24 14:37:54 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.24 14:37:54 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.24 14:37:54 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.24 14:37:54 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.24 14:33:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.24 14:31:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.24 14:31:57 | 4204,974,078 | -HS- | M] () -- C:\hiberfil.sys [2013.01.23 16:44:38 | 000,001,998 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2013.01.20 23:13:29 | 000,000,907 | ---- | M] () -- C:\Users\***\Desktop\SobchakZ.lnk [2013.01.19 20:38:58 | 000,000,877 | ---- | M] () -- C:\Users\***\Desktop\Wasteland.lnk [2013.01.14 21:59:50 | 001,641,962 | ---- | M] () -- C:\Users\***\Desktop\Wasteland_United_takistan.takistan.pbo.bak [2013.01.11 21:36:27 | 000,000,273 | ---- | M] () -- C:\Windows\game.ini [2013.01.11 20:18:12 | 000,182,703 | ---- | M] () -- C:\Users\***\Documents\tarrain.png [2013.01.10 21:59:04 | 000,176,154 | ---- | M] () -- C:\Users\***\Documents\test.jpg [2013.01.09 23:44:21 | 000,161,548 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.01.09 23:44:21 | 000,161,548 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.01.09 23:42:31 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2013.01.09 21:41:34 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 21:41:34 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.09 21:22:57 | 000,266,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 21:18:26 | 000,001,049 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk [2013.01.09 20:12:30 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2013.01.09 17:47:40 | 000,032,320 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS [2013.01.09 17:47:38 | 000,016,648 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS [2013.01.09 17:17:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.01.09 17:13:03 | 000,467,824 | RHS- | M] () -- C:\IJTZE [2013.01.09 17:12:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.12.29 11:34:47 | 026,931,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.12.29 11:34:47 | 025,256,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.12.29 11:34:47 | 020,450,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.12.29 11:34:47 | 018,054,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.12.29 11:34:47 | 017,560,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.12.29 11:34:47 | 015,129,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.12.29 11:34:47 | 015,052,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.12.29 11:34:47 | 012,641,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.12.29 11:34:47 | 009,389,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.12.29 11:34:47 | 007,931,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.12.29 11:34:47 | 007,565,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.12.29 11:34:47 | 006,263,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.12.29 11:34:47 | 002,904,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.12.29 11:34:47 | 002,824,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.12.29 11:34:47 | 002,720,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.12.29 11:34:47 | 002,504,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.12.29 11:34:47 | 002,344,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.12.29 11:34:47 | 001,985,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.12.29 11:34:47 | 001,813,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012.12.29 11:34:47 | 001,504,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.12.29 11:34:47 | 001,107,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2012.12.29 11:34:47 | 000,958,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.12.29 11:34:47 | 000,420,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll [2012.12.29 11:34:47 | 000,364,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll [2012.12.29 11:34:47 | 000,246,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.12.29 11:34:47 | 000,201,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.12.29 11:34:47 | 000,061,368 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.12.29 11:34:47 | 000,053,176 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.12.29 11:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.29 09:40:27 | 006,382,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012.12.29 09:40:27 | 003,455,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012.12.29 09:40:11 | 002,923,201 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2012.12.29 09:40:09 | 002,558,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.12.29 09:40:09 | 000,118,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012.12.29 09:40:09 | 000,063,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012.12.29 02:54:24 | 000,550,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe ========== Files Created - No Company Name ========== [2013.01.24 15:18:09 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe [2013.01.24 15:17:00 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.01.24 14:46:37 | 000,040,082 | ---- | C] () -- C:\Users\***\Documents\immernoch.png [2013.01.24 14:46:37 | 000,004,540 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.01.20 19:49:02 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.01.14 02:30:05 | 001,641,962 | ---- | C] () -- C:\Users\***\Desktop\Wasteland_United_takistan.takistan.pbo.bak [2013.01.11 21:36:27 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini [2013.01.11 20:39:53 | 000,000,907 | ---- | C] () -- C:\Users\***\Desktop\SobchakZ.lnk [2013.01.11 20:17:40 | 000,182,703 | ---- | C] () -- C:\Users\***\Documents\tarrain.png [2013.01.11 19:43:20 | 000,000,898 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2013.01.10 21:59:04 | 000,176,154 | ---- | C] () -- C:\Users\***\Documents\test.jpg [2013.01.10 16:02:13 | 000,002,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013.01.09 23:44:16 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.01.09 23:44:15 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.01.09 23:43:01 | 4204,974,078 | -HS- | C] () -- C:\hiberfil.sys [2013.01.09 23:42:31 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2013.01.09 23:42:30 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2013.01.09 22:27:18 | 000,000,877 | ---- | C] () -- C:\Users\***\Desktop\Wasteland.lnk [2013.01.09 21:42:34 | 000,001,998 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp [2013.01.09 21:18:26 | 000,001,049 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk [2013.01.09 20:03:49 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.09 17:37:25 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat [2013.01.09 17:37:25 | 000,223,608 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.01.09 17:24:31 | 002,923,201 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.01.09 17:24:13 | 000,017,266 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.01.09 17:17:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.01.09 17:13:03 | 000,467,824 | RHS- | C] () -- C:\IJTZE [2013.01.09 17:12:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.01.09 16:47:12 | 000,001,405 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.01.09 16:47:10 | 000,001,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010.11.21 04:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.11.21 04:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.09 20:10:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2013.01.11 00:24:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2013.01.10 16:02:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2013.01.24 15:18:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.01.2013 15:25:08 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,89 Gb Total Physical Memory | 14,19 Gb Available Physical Memory | 89,32% Memory free
31,77 Gb Paging File | 30,00 Gb Available in Paging File | 94,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 32,65 Gb Free Space | 41,80% Space Free | Partition Type: NTFS
Drive D: | 160,35 Gb Total Space | 45,32 Gb Free Space | 28,26% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 292,75 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive F: | 556,64 Gb Total Space | 556,32 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive G: | 1013,41 Gb Total Space | 1009,63 Gb Free Space | 99,63% Space Free | Partition Type: NTFS
Drive H: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3915190912-495410321-2236549280-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020E812D-6D00-48EC-96E7-10A5E8A7BEEF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{076F53BA-687C-4487-AC19-793517D9B882}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{0AF4BB35-71C3-4B8B-8819-F0BC69ABC307}" = protocol=6 | dir=in | app=d:\arma2\arma2oa.exe |
"{1427E919-5C85-4072-98C9-3CC27386F079}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{1CB8A606-2A68-4F09-BC42-A623468F99B5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{24846F25-867A-400D-9089-3F0F47424D2F}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{2487C656-DB15-4CBE-8442-51914A9D8713}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{273FE7DD-F7F1-4C70-A7E3-242C25056912}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe |
"{2AAB59CC-2D91-463E-A61E-67ACE7CD20F5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{3024F91C-530A-415E-A41B-40F0F751C5BC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{3080DCF6-2DC7-459E-939A-B9850886AA68}" = protocol=6 | dir=in | app=d:\steam\steamapps\hottex667\half-life\hl.exe |
"{3255B5B5-50E7-466B-8CE2-36335CFFC236}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{34619000-BF25-43D5-A64B-85852E66907F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{347B341C-CD12-40D0-B9FF-9F3D4C061E2A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{51432A19-FFEE-41D9-9EAF-2C7257627CA9}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{66D828D8-0778-4242-9FED-13A57DF89B1D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{6E22F036-FD81-44E3-94B5-846F6E390F0F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{763AE5D3-1390-4731-8451-9EB8CA646929}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{78355BF2-B786-4E1F-A5D0-4AADCB97AC5F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{7F238191-BF22-45C6-885E-F242DD76CC1A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{82C3F54E-CB0B-47CB-BD85-8C5A28DE25A7}" = protocol=17 | dir=in | app=d:\arma2\arma2.exe |
"{9A2F9CAA-51BB-422C-AC1D-3EAEAA7EB056}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{9A3D461E-1403-43D3-A85F-A33DA70A273C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe |
"{A4BA6C46-A0E4-4207-A55F-B76B90423455}" = protocol=17 | dir=in | app=d:\arma2\arma2oa.exe |
"{AC4F37F9-4CC5-437D-BA08-CE7AEE4005E8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{B2BFED84-F10C-4074-AE37-7BDB6508BA1F}" = protocol=6 | dir=in | app=d:\arma2\arma2.exe |
"{C297B8C8-DC0D-4F8C-8E98-B39E4C2E230E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackops.exe |
"{C9BA7EB4-0778-4808-AC5B-87239FB40612}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{CC3CA1FE-5EFE-42B7-A66F-5639F7450260}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{CE47E79F-1782-4B0C-80AF-996D4136AC32}" = protocol=17 | dir=in | app=d:\steam\steamapps\hottex667\half-life\hl.exe |
"{CF614F43-6D4C-4EFA-908E-BC66B3520FBF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackops.exe |
"{D4F6744B-66D4-43DB-9D8C-8B38BC836F6E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{EB12660F-89D8-4566-B762-2C7C12116439}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{ECCA883B-DF14-4CB1-8FAA-41F00707A9FE}" = protocol=6 | dir=in | app=d:\moh4\iw3mp.exe |
"{F030D642-BE53-453A-A597-5A374FECD317}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{F3D78B54-E584-4589-921E-91257566A8DA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{F7CFA4CE-D4EB-42A8-8316-D00A85AF8BE2}" = protocol=17 | dir=in | app=d:\moh4\iw3mp.exe |
"{FE32A957-E612-4F91-8CD3-2F83EF906DE6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{FF451145-B69A-40A2-8020-609C6893ACE3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"TCP Query User{8B992697-3AE7-47CA-ACE8-DB401372531E}D:\arma2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\arma2\expansion\beta\arma2oa.exe |
"TCP Query User{DECBAC1D-D134-4A85-B17B-1881751031B5}D:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgam.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgam.exe |
"UDP Query User{4346E00B-1D72-4291-AEE8-B544271647FD}D:\arma2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\arma2\expansion\beta\arma2oa.exe |
"UDP Query User{F184C413-CAD5-46E7-8505-4F1F20D94852}D:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgam.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgam.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{127B5371-1802-4EDD-A25A-A43BF761D383}" = PBO Manager v.1.4 beta
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"GIMP-2_is1" = GIMP 2.8.2
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.51
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0E062D-3235-406B-8D3C-090923EDFC00}_is1" = C2DtoG15 2.0.2.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArmA 2" = ArmA 2 Uninstall
"Arma 2 Army of The Czech Republic (LITE)" = Arma 2 Army of The Czech Republic (LITE) Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.257
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Fraps" = Fraps
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 11.0.1 (x86 de)" = Mozilla Thunderbird 11.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"XFastUSB" = XFastUSB
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.01.2013 12:00:05 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 18.01.2013 19:54:47 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: XComGame.exe, Version: 1.0.0.20072,
Zeitstempel: 0x50c79e1d Name des fehlerhaften Moduls: XComGame.exe, Version: 1.0.0.20072,
Zeitstempel: 0x50c79e1d Ausnahmecode: 0xc0000005 Fehleroffset: 0x006103ee ID des fehlerhaften
Prozesses: 0x450 Startzeit der fehlerhaften Anwendung: 0x01cdf5d132500273 Pfad der
fehlerhaften Anwendung: D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
Pfad
des fehlerhaften Moduls: D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
Berichtskennung:
6fd16e57-61ca-11e2-b8bd-bc5ff45b05d8
Error - 19.01.2013 08:36:09 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 20.01.2013 11:25:05 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 21.01.2013 05:38:41 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 22.01.2013 09:37:42 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 22.01.2013 19:54:37 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: XComGame.exe, Version: 1.0.0.20072,
Zeitstempel: 0x50c79e1d Name des fehlerhaften Moduls: XComGame.exe, Version: 1.0.0.20072,
Zeitstempel: 0x50c79e1d Ausnahmecode: 0xc0000005 Fehleroffset: 0x002b884d ID des fehlerhaften
Prozesses: 0xfc0 Startzeit der fehlerhaften Anwendung: 0x01cdf8ea452a9077 Pfad der
fehlerhaften Anwendung: D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
Pfad
des fehlerhaften Moduls: D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
Berichtskennung:
13dfa301-64ef-11e2-9f8e-bc5ff45b05d8
Error - 22.01.2013 19:54:42 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: XComGame.exe, Version: 1.0.0.20072,
Zeitstempel: 0x50c79e1d Name des fehlerhaften Moduls: XComGame.exe, Version: 1.0.0.20072,
Zeitstempel: 0x50c79e1d Ausnahmecode: 0xc0000005 Fehleroffset: 0x00f1bc91 ID des fehlerhaften
Prozesses: 0xfc0 Startzeit der fehlerhaften Anwendung: 0x01cdf8ea452a9077 Pfad der
fehlerhaften Anwendung: D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
Pfad
des fehlerhaften Moduls: D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
Berichtskennung:
16cd09ea-64ef-11e2-9f8e-bc5ff45b05d8
Error - 23.01.2013 11:00:56 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 24.01.2013 09:33:50 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 09.01.2013 13:39:02 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%1062
Error - 09.01.2013 17:25:25 | Computer Name = *** | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 10.01.2013 10:57:37 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 10.01.2013 10:57:37 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 18.01.2013 11:58:28 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 18.01.2013 11:58:28 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-24 16:16:32
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-AGILITY3 rev.2.22 238,47GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\***\AppData\Local\Temp\kwtdypob.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000778f1401 2 bytes [8F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000778f1419 2 bytes [8F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000778f1431 2 bytes [8F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000778f144a 2 bytes [8F, 77]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000778f14dd 2 bytes [8F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000778f14f5 2 bytes [8F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000778f150d 2 bytes [8F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000778f1525 2 bytes [8F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000778f153d 2 bytes [8F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000778f1555 2 bytes [8F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000778f156d 2 bytes [8F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000778f1585 2 bytes [8F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000778f159d 2 bytes [8F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000778f15b5 2 bytes [8F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000778f15cd 2 bytes [8F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000778f16b2 2 bytes [8F, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1424] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000778f16bd 2 bytes [8F, 77]
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1832:2400] 00000000741ee2db
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1832:2796] 0000000072128de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1832:2800] 0000000072128de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1832:2804] 0000000072128de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1832:2808] 0000000072124e00
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2508:2900] 0000000073ee8d07
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2508:2904] 0000000073ee8fdc
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2508:2908] 0000000073ee88f0
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1832] 00000000742d0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2508] 00000000723f0000
---- EOF - GMER 2.0 ----
|
|
25.01.2013, 12:40
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | JS:agent-AXQ [Trj] beim Aufrufen von einer Website Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
25.01.2013, 16:18
| #3 |
| | JS:agent-AXQ [Trj] beim Aufrufen von einer Website Hallo und danke für die Antwort
__________________ Lediglich Scans, nachdem der Angriff bekannt wurde. Quasi bei der Installation von Antivir und MBAM erstellt. Antivir: Die Warnungen über "TR/ATRAPS.Gen" können eigentlich ignoriert werden, weil ich die "SystoG15Svc.exe" (Sysmonitor Applet für das LCD meiner Logitech Tastatur) schon lange vorher hatte und Antivir als einer der wenigen Scanner Alarm schlägt. Hier eine virustotal Analyse: hxxps://www.virustotal.com/file/797284f85a6e22081a8827c904279b040f40a781d54e65376d6b08920c75498c/analysis/1359126754/ Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Donnerstag, 24. Januar 2013 14:35 Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Ultimate Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : *** Versionsinformationen: BUILD.DAT : 13.0.0.2890 48567 Bytes 05.12.2012 17:11:00 AVSCAN.EXE : 13.6.0.402 639264 Bytes 04.12.2012 14:37:47 AVSCANRC.DLL : 13.4.0.360 64800 Bytes 28.11.2012 14:09:15 LUKE.DLL : 13.6.0.400 67360 Bytes 04.12.2012 11:13:05 AVSCPLR.DLL : 13.6.0.402 93984 Bytes 04.12.2012 14:37:55 AVREG.DLL : 13.6.0.406 248096 Bytes 04.12.2012 17:40:31 avlode.dll : 13.6.1.402 428832 Bytes 04.12.2012 14:36:57 avlode.rdf : 13.0.0.26 7958 Bytes 22.11.2012 10:59:16 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 13:50:29 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:50:31 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:50:34 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 13:50:36 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:50:37 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:42:40 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 13:42:40 VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 12:43:11 VBASE008.VDF : 7.11.55.142 2214912 Bytes 03.01.2013 21:34:08 VBASE009.VDF : 7.11.55.143 2048 Bytes 03.01.2013 21:34:08 VBASE010.VDF : 7.11.55.144 2048 Bytes 03.01.2013 21:34:08 VBASE011.VDF : 7.11.55.145 2048 Bytes 03.01.2013 21:34:08 VBASE012.VDF : 7.11.55.146 2048 Bytes 03.01.2013 21:34:08 VBASE013.VDF : 7.11.55.196 260096 Bytes 04.01.2013 21:34:08 VBASE014.VDF : 7.11.56.23 206848 Bytes 07.01.2013 21:34:09 VBASE015.VDF : 7.11.56.83 186880 Bytes 08.01.2013 21:34:09 VBASE016.VDF : 7.11.56.145 135168 Bytes 09.01.2013 21:34:09 VBASE017.VDF : 7.11.56.211 139776 Bytes 11.01.2013 21:34:09 VBASE018.VDF : 7.11.57.11 153088 Bytes 13.01.2013 21:34:09 VBASE019.VDF : 7.11.57.75 165888 Bytes 15.01.2013 21:34:09 VBASE020.VDF : 7.11.57.163 190976 Bytes 17.01.2013 21:34:10 VBASE021.VDF : 7.11.57.219 119808 Bytes 18.01.2013 21:34:10 VBASE022.VDF : 7.11.58.7 167936 Bytes 21.01.2013 21:34:10 VBASE023.VDF : 7.11.58.49 140288 Bytes 22.01.2013 21:34:10 VBASE024.VDF : 7.11.58.50 2048 Bytes 22.01.2013 21:34:10 VBASE025.VDF : 7.11.58.51 2048 Bytes 22.01.2013 21:34:10 VBASE026.VDF : 7.11.58.52 2048 Bytes 22.01.2013 21:34:10 VBASE027.VDF : 7.11.58.53 2048 Bytes 22.01.2013 21:34:10 VBASE028.VDF : 7.11.58.54 2048 Bytes 22.01.2013 21:34:10 VBASE029.VDF : 7.11.58.55 2048 Bytes 22.01.2013 21:34:10 VBASE030.VDF : 7.11.58.56 2048 Bytes 22.01.2013 21:34:10 VBASE031.VDF : 7.11.58.102 111616 Bytes 23.01.2013 21:34:11 Engineversion : 8.2.10.236 AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55 AESCRIPT.DLL : 8.1.4.82 467323 Bytes 23.01.2013 21:34:14 AESCN.DLL : 8.1.10.0 131445 Bytes 23.01.2013 21:34:13 AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06 AERDL.DLL : 8.2.0.88 643444 Bytes 23.01.2013 21:34:13 AEPACK.DLL : 8.3.1.2 819574 Bytes 23.01.2013 21:34:13 AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05.11.2012 14:00:38 AEHEUR.DLL : 8.1.4.180 5665144 Bytes 23.01.2013 21:34:13 AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32 AEGEN.DLL : 8.1.6.14 434548 Bytes 23.01.2013 21:34:11 AEEXP.DLL : 8.3.0.12 188789 Bytes 23.01.2013 21:34:14 AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55 AECORE.DLL : 8.1.30.0 201079 Bytes 23.01.2013 21:34:11 AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38 AVWINLL.DLL : 13.4.0.163 25888 Bytes 19.09.2012 17:09:30 AVPREF.DLL : 13.4.0.360 50464 Bytes 28.11.2012 14:05:52 AVREP.DLL : 13.4.0.360 177952 Bytes 28.11.2012 14:06:10 AVARKT.DLL : 13.6.0.402 260384 Bytes 04.12.2012 14:36:03 AVEVTLOG.DLL : 13.6.0.400 167200 Bytes 04.12.2012 11:04:02 SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40 AVSMTP.DLL : 13.4.0.163 62240 Bytes 19.09.2012 17:08:54 NETNT.DLL : 13.4.0.360 15648 Bytes 28.11.2012 14:07:51 RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 28.11.2012 14:09:40 RCTEXT.DLL : 13.4.0.360 68384 Bytes 28.11.2012 14:09:40 Konfiguration für den aktuellen Suchlauf: Job Name..............................: AVGuardAsyncScan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_510137d0\guard_slideup.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Beginn des Suchlaufs: Donnerstag, 24. Januar 2013 14:35 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'nvSCPAPISvr.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '135' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '76' Modul(e) wurden durchsucht Durchsuche Prozess 'nvxdsync.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'nvvsvc.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '77' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '45' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamscheduler.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'SystoG15Svc.exe' - '24' Modul(e) wurden durchsucht Modul ist infiziert -> <C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe> [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen [WARNUNG] Die Datei wurde ignoriert. Durchsuche Prozess 'taskhost.exe' - '52' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '39' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '20' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '174' Modul(e) wurden durchsucht Durchsuche Prozess 'RAVCpl64.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'LCore.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'SetPoint.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'Steam.exe' - '130' Modul(e) wurden durchsucht Durchsuche Prozess 'C2DtoG15.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'iusb3mon.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'XFastUsb.exe' - '44' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '88' Modul(e) wurden durchsucht Durchsuche Prozess 'KHALMNPR.EXE' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'LCDClock.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'LCDMedia.exe' - '46' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht Durchsuche Prozess 'SteamService.exe' - '48' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '59' Modul(e) wurden durchsucht Durchsuche Prozess 'AsrXTU.exe' - '47' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'wmpnetwk.exe' - '74' Modul(e) wurden durchsucht Durchsuche Prozess 'asrRd.exe' - '36' Modul(e) wurden durchsucht Durchsuche Prozess 'OTL.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'daemonu.exe' - '63' Modul(e) wurden durchsucht Durchsuche Prozess 'sppsvc.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'taskhost.exe' - '50' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchProtocolHost.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchFilterHost.exe' - '27' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '107' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '32' Modul(e) wurden durchsucht Durchsuche Prozess 'firefox.exe' - '116' Modul(e) wurden durchsucht Durchsuche Prozess 'notepad.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'notepad.exe' - '25' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen [WARNUNG] Die Datei wurde ignoriert. Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe' C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen Beginne mit der Desinfektion: C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe [FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen [WARNUNG] Die Datei wurde ignoriert. Ende des Suchlaufs: Donnerstag, 24. Januar 2013 14:42 Benötigte Zeit: 07:17 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 3190 Dateien wurden geprüft 3 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 3187 Dateien ohne Befall 21 Archive wurden durchsucht 3 Warnungen 0 Hinweise Die Suchergebnisse werden an den Guard übermittelt. Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.24.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 skaw :: *** [Administrator] Schutz: Aktiviert 24.01.2013 16:22:25 mbam-log-2013-01-24 (16-22-25).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 225951 Laufzeit: 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
26.01.2013, 18:46
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JS:agent-AXQ [Trj] beim Aufrufen von einer Website Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.01.2013, 18:55
| #5 |
| | JS:agent-AXQ [Trj] beim Aufrufen von einer Website MBAR Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.26.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
skaw :: *** [administrator]
26.01.2013 18:53:15
mbar-log-2013-01-26 (18-53-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 28334
Time elapsed: 2 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
26.01.2013, 21:56
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JS:agent-AXQ [Trj] beim Aufrufen von einer Website 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> JS:agent-AXQ [Trj] beim Aufrufen von einer Website |
|
26.01.2013, 23:36
| #7 |
| | JS:agent-AXQ [Trj] beim Aufrufen von einer Website aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-26 23:29:34
-----------------------------
23:29:34.741 OS Version: Windows x64 6.1.7601 Service Pack 1
23:29:34.741 Number of processors: 4 586 0x3A09
23:29:34.741 ComputerName: *** UserName: ***
23:29:34.912 Initialize success
23:30:17.229 AVAST engine defs: 13012601
23:30:35.434 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
23:30:35.434 Disk 0 Vendor: Hitachi_HDS723020BLE640 MX4OAAB0 Size: 1907729MB BusType: 11
23:30:35.434 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
23:30:35.434 Disk 1 Vendor: OCZ-AGILITY3 2.22 Size: 244198MB BusType: 11
23:30:35.434 Disk 1 MBR read successfully
23:30:35.434 Disk 1 MBR scan
23:30:35.434 Disk 1 Windows 7 default MBR code
23:30:35.450 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 80000 MB offset 2048
23:30:35.450 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 164196 MB offset 163842048
23:30:35.450 Disk 1 scanning C:\Windows\system32\drivers
23:30:37.322 Service scanning
23:30:42.283 Modules scanning
23:30:42.283 Disk 1 trace - called modules:
23:30:42.283 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
23:30:42.283 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800d637060]
23:30:42.283 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d3ac060]
23:30:42.470 AVAST engine scan C:\Windows
23:30:42.735 AVAST engine scan C:\Windows\system32
23:31:28.989 AVAST engine scan C:\Windows\system32\drivers
23:31:32.889 AVAST engine scan C:\Users\***
23:31:57.943 AVAST engine scan C:\ProgramData
23:31:58.863 Scan finished successfully
23:32:08.988 Disk 1 MBR has been saved successfully to "C:\Users\skaw\Desktop\MBR.dat"
23:32:08.988 The log file has been saved successfully to "C:\Users\skaw\Desktop\aswMBR.txt"
TDSS-Killer: Code:
ATTFilter 23:32:33.0425 2384 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:32:33.0909 2384 ============================================================
23:32:33.0909 2384 Current date / time: 2013/01/26 23:32:33.0909
23:32:33.0909 2384 SystemInfo:
23:32:33.0909 2384
23:32:33.0909 2384 OS Version: 6.1.7601 ServicePack: 1.0
23:32:33.0909 2384 Product type: Workstation
23:32:33.0909 2384 ComputerName: ***
23:32:33.0909 2384 UserName: ***
23:32:33.0909 2384 Windows directory: C:\Windows
23:32:33.0909 2384 System windows directory: C:\Windows
23:32:33.0909 2384 Running under WOW64
23:32:33.0909 2384 Processor architecture: Intel x64
23:32:33.0909 2384 Number of processors: 4
23:32:33.0909 2384 Page size: 0x1000
23:32:33.0909 2384 Boot type: Normal boot
23:32:33.0909 2384 ============================================================
23:32:34.0033 2384 Drive \Device\Harddisk1\DR1 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:32:34.0033 2384 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:32:34.0049 2384 ============================================================
23:32:34.0049 2384 \Device\Harddisk1\DR1:
23:32:34.0049 2384 MBR partitions:
23:32:34.0049 2384 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x9C40000
23:32:34.0049 2384 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x9C40800, BlocksNum 0x140B2000
23:32:34.0049 2384 \Device\Harddisk0\DR0:
23:32:34.0049 2384 MBR partitions:
23:32:34.0049 2384 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x249F0000
23:32:34.0049 2384 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x249F0800, BlocksNum 0x45948000
23:32:34.0049 2384 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6A338800, BlocksNum 0x7EACF800
23:32:34.0049 2384 ============================================================
23:32:34.0049 2384 C: <-> \Device\Harddisk1\DR1\Partition1
23:32:34.0049 2384 D: <-> \Device\Harddisk1\DR1\Partition2
23:32:34.0080 2384 G: <-> \Device\Harddisk0\DR0\Partition3
23:32:34.0111 2384 F: <-> \Device\Harddisk0\DR0\Partition2
23:32:34.0127 2384 E: <-> \Device\Harddisk0\DR0\Partition1
23:32:34.0127 2384 ============================================================
23:32:34.0127 2384 Initialize success
23:32:34.0127 2384 ============================================================
23:33:07.0901 4636 ============================================================
23:33:07.0901 4636 Scan started
23:33:07.0901 4636 Mode: Manual; SigCheck; TDLFS;
23:33:07.0901 4636 ============================================================
23:33:08.0073 4636 ================ Scan system memory ========================
23:33:08.0073 4636 System memory - ok
23:33:08.0073 4636 ================ Scan services =============================
23:33:08.0104 4636 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:33:08.0119 4636 1394ohci - ok
23:33:08.0135 4636 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:33:08.0135 4636 ACPI - ok
23:33:08.0135 4636 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:33:08.0151 4636 AcpiPmi - ok
23:33:08.0166 4636 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:33:08.0166 4636 adp94xx - ok
23:33:08.0166 4636 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:33:08.0182 4636 adpahci - ok
23:33:08.0182 4636 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:33:08.0182 4636 adpu320 - ok
23:33:08.0182 4636 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:33:08.0229 4636 AeLookupSvc - ok
23:33:08.0229 4636 [ D31DC7A16DEA4A9BAF179F3D6FBDB38C ] AFD C:\Windows\system32\drivers\afd.sys
23:33:08.0275 4636 AFD - ok
23:33:08.0275 4636 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:33:08.0291 4636 agp440 - ok
23:33:08.0291 4636 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:33:08.0291 4636 ALG - ok
23:33:08.0291 4636 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:33:08.0307 4636 aliide - ok
23:33:08.0307 4636 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:33:08.0307 4636 amdide - ok
23:33:08.0307 4636 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:33:08.0307 4636 AmdK8 - ok
23:33:08.0322 4636 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:33:08.0322 4636 AmdPPM - ok
23:33:08.0322 4636 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:33:08.0322 4636 amdsata - ok
23:33:08.0338 4636 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:33:08.0338 4636 amdsbs - ok
23:33:08.0338 4636 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:33:08.0338 4636 amdxata - ok
23:33:08.0353 4636 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:33:08.0353 4636 AntiVirSchedulerService - ok
23:33:08.0353 4636 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:33:08.0353 4636 AntiVirService - ok
23:33:08.0369 4636 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:33:08.0385 4636 AppID - ok
23:33:08.0385 4636 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:33:08.0400 4636 AppIDSvc - ok
23:33:08.0400 4636 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:33:08.0416 4636 Appinfo - ok
23:33:08.0416 4636 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
23:33:08.0431 4636 AppMgmt - ok
23:33:08.0431 4636 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
23:33:08.0431 4636 arc - ok
23:33:08.0431 4636 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:33:08.0447 4636 arcsas - ok
23:33:08.0447 4636 [ 4DFF4312661F54EE87DC9A13CAEE60E0 ] asahci64 C:\Windows\system32\DRIVERS\asahci64.sys
23:33:08.0463 4636 asahci64 - ok
23:33:08.0463 4636 [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
23:33:08.0463 4636 asmthub3 - ok
23:33:08.0463 4636 [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
23:33:08.0478 4636 asmtxhci - ok
23:33:08.0494 4636 AsrCDDrv - ok
23:33:08.0494 4636 [ 0C3F9E39C0B10D351026D580D9FF6F86 ] AsrRamDisk C:\Windows\system32\DRIVERS\AsrRamDisk.sys
23:33:08.0509 4636 AsrRamDisk - ok
23:33:08.0509 4636 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:33:08.0525 4636 AsyncMac - ok
23:33:08.0525 4636 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:33:08.0525 4636 atapi - ok
23:33:08.0541 4636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:33:08.0556 4636 AudioEndpointBuilder - ok
23:33:08.0556 4636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:33:08.0587 4636 AudioSrv - ok
23:33:08.0587 4636 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:33:08.0587 4636 avgntflt - ok
23:33:08.0587 4636 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:33:08.0587 4636 avipbb - ok
23:33:08.0603 4636 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:33:08.0603 4636 avkmgr - ok
23:33:08.0603 4636 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:33:08.0619 4636 AxInstSV - ok
23:33:08.0619 4636 AxtuDrv - ok
23:33:08.0619 4636 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:33:08.0619 4636 b06bdrv - ok
23:33:08.0634 4636 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:33:08.0634 4636 b57nd60a - ok
23:33:08.0634 4636 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:33:08.0650 4636 BDESVC - ok
23:33:08.0650 4636 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:33:08.0665 4636 Beep - ok
23:33:08.0665 4636 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:33:08.0697 4636 BFE - ok
23:33:08.0697 4636 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
23:33:08.0728 4636 BITS - ok
23:33:08.0728 4636 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:33:08.0728 4636 blbdrive - ok
23:33:08.0728 4636 [ 91CE0D3DC57DD377E690A2D324022B08 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:33:08.0759 4636 bowser - ok
23:33:08.0759 4636 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:33:08.0759 4636 BrFiltLo - ok
23:33:08.0759 4636 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:33:08.0775 4636 BrFiltUp - ok
23:33:08.0775 4636 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
23:33:08.0790 4636 Browser - ok
23:33:08.0790 4636 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:33:08.0806 4636 Brserid - ok
23:33:08.0806 4636 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:33:08.0806 4636 BrSerWdm - ok
23:33:08.0806 4636 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:33:08.0821 4636 BrUsbMdm - ok
23:33:08.0821 4636 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:33:08.0821 4636 BrUsbSer - ok
23:33:08.0821 4636 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:33:08.0837 4636 BTHMODEM - ok
23:33:08.0837 4636 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:33:08.0853 4636 bthserv - ok
23:33:08.0853 4636 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:33:08.0868 4636 cdfs - ok
23:33:08.0884 4636 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:33:08.0884 4636 cdrom - ok
23:33:08.0884 4636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:33:08.0899 4636 CertPropSvc - ok
23:33:08.0899 4636 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
23:33:08.0915 4636 circlass - ok
23:33:08.0915 4636 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:33:08.0931 4636 CLFS - ok
23:33:08.0931 4636 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:33:08.0931 4636 clr_optimization_v2.0.50727_32 - ok
23:33:08.0931 4636 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:33:08.0946 4636 clr_optimization_v2.0.50727_64 - ok
23:33:08.0946 4636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:33:08.0946 4636 clr_optimization_v4.0.30319_32 - ok
23:33:08.0962 4636 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:33:08.0962 4636 clr_optimization_v4.0.30319_64 - ok
23:33:08.0962 4636 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
23:33:08.0962 4636 CmBatt - ok
23:33:08.0977 4636 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:33:08.0977 4636 cmdide - ok
23:33:08.0977 4636 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys
23:33:08.0993 4636 CNG - ok
23:33:08.0993 4636 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:33:08.0993 4636 Compbatt - ok
23:33:08.0993 4636 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:33:09.0009 4636 CompositeBus - ok
23:33:09.0009 4636 COMSysApp - ok
23:33:09.0009 4636 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:33:09.0009 4636 crcdisk - ok
23:33:09.0009 4636 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:33:09.0040 4636 CryptSvc - ok
23:33:09.0040 4636 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
23:33:09.0055 4636 CSC - ok
23:33:09.0055 4636 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
23:33:09.0071 4636 CscService - ok
23:33:09.0071 4636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:33:09.0102 4636 DcomLaunch - ok
23:33:09.0102 4636 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:33:09.0118 4636 defragsvc - ok
23:33:09.0118 4636 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:33:09.0133 4636 DfsC - ok
23:33:09.0149 4636 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:33:09.0165 4636 Dhcp - ok
23:33:09.0165 4636 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:33:09.0180 4636 discache - ok
23:33:09.0180 4636 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
23:33:09.0180 4636 Disk - ok
23:33:09.0196 4636 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
23:33:09.0196 4636 dmvsc - ok
23:33:09.0196 4636 [ CD55F5355D8F55D44C9F4ED875705BD6 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:33:09.0211 4636 Dnscache - ok
23:33:09.0227 4636 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:33:09.0243 4636 dot3svc - ok
23:33:09.0243 4636 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:33:09.0258 4636 DPS - ok
23:33:09.0258 4636 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:33:09.0274 4636 drmkaud - ok
23:33:09.0274 4636 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:33:09.0289 4636 DXGKrnl - ok
23:33:09.0289 4636 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:33:09.0305 4636 EapHost - ok
23:33:09.0336 4636 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:33:09.0352 4636 ebdrv - ok
23:33:09.0352 4636 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe
23:33:09.0367 4636 EFS - ok
23:33:09.0367 4636 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:33:09.0383 4636 ehRecvr - ok
23:33:09.0383 4636 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:33:09.0399 4636 ehSched - ok
23:33:09.0399 4636 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:33:09.0399 4636 elxstor - ok
23:33:09.0399 4636 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:33:09.0414 4636 ErrDev - ok
23:33:09.0414 4636 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:33:09.0430 4636 EventSystem - ok
23:33:09.0445 4636 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:33:09.0461 4636 exfat - ok
23:33:09.0461 4636 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:33:09.0477 4636 fastfat - ok
23:33:09.0492 4636 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:33:09.0492 4636 Fax - ok
23:33:09.0492 4636 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
23:33:09.0508 4636 fdc - ok
23:33:09.0508 4636 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:33:09.0523 4636 fdPHost - ok
23:33:09.0523 4636 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:33:09.0539 4636 FDResPub - ok
23:33:09.0539 4636 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:33:09.0555 4636 FileInfo - ok
23:33:09.0555 4636 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:33:09.0570 4636 Filetrace - ok
23:33:09.0570 4636 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:33:09.0570 4636 flpydisk - ok
23:33:09.0586 4636 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:33:09.0586 4636 FltMgr - ok
23:33:09.0586 4636 [ 508401A63E6B1CBF0B9C9A011498731F ] FNETTBOH_305 C:\Windows\system32\drivers\FNETTBOH_305.SYS
23:33:09.0586 4636 FNETTBOH_305 - ok
23:33:09.0586 4636 [ E341178C116DAC6A3A764587E68DFA7B ] FNETURPX C:\Windows\system32\drivers\FNETURPX.SYS
23:33:09.0601 4636 FNETURPX - ok
23:33:09.0601 4636 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
23:33:09.0633 4636 FontCache - ok
23:33:09.0633 4636 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:33:09.0633 4636 FontCache3.0.0.0 - ok
23:33:09.0633 4636 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:33:09.0648 4636 FsDepends - ok
23:33:09.0648 4636 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:33:09.0648 4636 Fs_Rec - ok
23:33:09.0648 4636 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:33:09.0648 4636 fvevol - ok
23:33:09.0664 4636 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:33:09.0664 4636 gagp30kx - ok
23:33:09.0664 4636 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:33:09.0695 4636 gpsvc - ok
23:33:09.0695 4636 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:33:09.0695 4636 hcw85cir - ok
23:33:09.0695 4636 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:33:09.0711 4636 HdAudAddService - ok
23:33:09.0711 4636 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:33:09.0726 4636 HDAudBus - ok
23:33:09.0726 4636 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:33:09.0726 4636 HidBatt - ok
23:33:09.0726 4636 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:33:09.0742 4636 HidBth - ok
23:33:09.0742 4636 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
23:33:09.0742 4636 HidIr - ok
23:33:09.0742 4636 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:33:09.0757 4636 hidserv - ok
23:33:09.0773 4636 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:33:09.0773 4636 HidUsb - ok
23:33:09.0773 4636 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:33:09.0789 4636 hkmsvc - ok
23:33:09.0804 4636 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:33:09.0804 4636 HomeGroupListener - ok
23:33:09.0804 4636 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:33:09.0820 4636 HomeGroupProvider - ok
23:33:09.0820 4636 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:33:09.0820 4636 HpSAMD - ok
23:33:09.0835 4636 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:33:09.0851 4636 HTTP - ok
23:33:09.0851 4636 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:33:09.0851 4636 hwpolicy - ok
23:33:09.0851 4636 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:33:09.0867 4636 i8042prt - ok
23:33:09.0867 4636 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:33:09.0867 4636 iaStorV - ok
23:33:09.0882 4636 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:33:09.0898 4636 idsvc - ok
23:33:09.0898 4636 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:33:09.0898 4636 iirsp - ok
23:33:09.0898 4636 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:33:09.0929 4636 IKEEXT - ok
23:33:09.0960 4636 [ F242E36CDA231701CFA702641C20FAEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:33:10.0007 4636 IntcAzAudAddService - ok
23:33:10.0007 4636 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:33:10.0007 4636 intelide - ok
23:33:10.0007 4636 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:33:10.0023 4636 intelppm - ok
23:33:10.0023 4636 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:33:10.0038 4636 IPBusEnum - ok
23:33:10.0038 4636 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:33:10.0054 4636 IpFilterDriver - ok
23:33:10.0069 4636 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:33:10.0085 4636 iphlpsvc - ok
23:33:10.0085 4636 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:33:10.0101 4636 IPMIDRV - ok
23:33:10.0101 4636 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:33:10.0116 4636 IPNAT - ok
23:33:10.0116 4636 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:33:10.0132 4636 IRENUM - ok
23:33:10.0132 4636 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:33:10.0132 4636 isapnp - ok
23:33:10.0132 4636 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:33:10.0147 4636 iScsiPrt - ok
23:33:10.0147 4636 [ 846354992EBB373F452EB9182D501B08 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
23:33:10.0147 4636 iusb3hcs - ok
23:33:10.0147 4636 [ 1D88A23853387D34D52CC8F9DDBFC56C ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
23:33:10.0163 4636 iusb3hub - ok
23:33:10.0163 4636 [ FC5EFD7C797DF19DFB999F0605A7924E ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
23:33:10.0179 4636 iusb3xhc - ok
23:33:10.0179 4636 [ 455B75C19BF3F1F2EE3AC10E1169826C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
23:33:10.0179 4636 k57nd60a - ok
23:33:10.0194 4636 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:33:10.0194 4636 kbdclass - ok
23:33:10.0194 4636 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:33:10.0194 4636 kbdhid - ok
23:33:10.0194 4636 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe
23:33:10.0210 4636 KeyIso - ok
23:33:10.0210 4636 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:33:10.0210 4636 KSecDD - ok
23:33:10.0210 4636 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:33:10.0225 4636 KSecPkg - ok
23:33:10.0225 4636 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:33:10.0241 4636 ksthunk - ok
23:33:10.0241 4636 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:33:10.0257 4636 KtmRm - ok
23:33:10.0272 4636 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:33:10.0288 4636 LanmanServer - ok
23:33:10.0288 4636 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:33:10.0303 4636 LanmanWorkstation - ok
23:33:10.0303 4636 [ 95EC0CB52692894E050CFC3573ABC3B2 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
23:33:10.0319 4636 LBTServ - ok
23:33:10.0319 4636 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
23:33:10.0319 4636 LGBusEnum - ok
23:33:10.0319 4636 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
23:33:10.0319 4636 LGVirHid - ok
23:33:10.0335 4636 [ E536A1D8502D0CA79B928CAB9EAEB807 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
23:33:10.0335 4636 LHidFilt - ok
23:33:10.0335 4636 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:33:10.0350 4636 lltdio - ok
23:33:10.0350 4636 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:33:10.0381 4636 lltdsvc - ok
23:33:10.0381 4636 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:33:10.0397 4636 lmhosts - ok
23:33:10.0397 4636 [ 2E6D0110DACC769AE478ADE6C2572E37 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
23:33:10.0397 4636 LMouFilt - ok
23:33:10.0397 4636 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:33:10.0413 4636 LSI_FC - ok
23:33:10.0413 4636 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:33:10.0413 4636 LSI_SAS - ok
23:33:10.0413 4636 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:33:10.0428 4636 LSI_SAS2 - ok
23:33:10.0428 4636 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:33:10.0428 4636 LSI_SCSI - ok
23:33:10.0428 4636 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:33:10.0444 4636 luafv - ok
23:33:10.0444 4636 [ E63D9C01BF354657CF77A8DF3109BEE4 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
23:33:10.0459 4636 LUsbFilt - ok
23:33:10.0459 4636 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:33:10.0459 4636 MBAMProtector - ok
23:33:10.0459 4636 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:33:10.0475 4636 MBAMScheduler - ok
23:33:10.0475 4636 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:33:10.0491 4636 MBAMService - ok
23:33:10.0491 4636 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
23:33:10.0491 4636 MBfilt - ok
23:33:10.0491 4636 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:33:10.0506 4636 Mcx2Svc - ok
23:33:10.0506 4636 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
23:33:10.0506 4636 megasas - ok
23:33:10.0506 4636 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:33:10.0522 4636 MegaSR - ok
23:33:10.0522 4636 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:33:10.0537 4636 MMCSS - ok
23:33:10.0537 4636 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:33:10.0553 4636 Modem - ok
23:33:10.0569 4636 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:33:10.0569 4636 monitor - ok
23:33:10.0569 4636 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:33:10.0569 4636 mouclass - ok
23:33:10.0569 4636 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:33:10.0584 4636 mouhid - ok
23:33:10.0584 4636 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:33:10.0584 4636 mountmgr - ok
23:33:10.0584 4636 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:33:10.0600 4636 MozillaMaintenance - ok
23:33:10.0600 4636 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:33:10.0600 4636 mpio - ok
23:33:10.0600 4636 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:33:10.0631 4636 mpsdrv - ok
23:33:10.0631 4636 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:33:10.0647 4636 MpsSvc - ok
23:33:10.0662 4636 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:33:10.0662 4636 MRxDAV - ok
23:33:10.0662 4636 [ FAF015B07E3A2874A790A39B7D2C579F ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:33:10.0678 4636 mrxsmb - ok
23:33:10.0693 4636 [ 08E2345DF129082BCDFFDC1440F9C00D ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:33:10.0709 4636 mrxsmb10 - ok
23:33:10.0709 4636 [ 108D87409C5812EF47D81E22843E8C9D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:33:10.0725 4636 mrxsmb20 - ok
23:33:10.0725 4636 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:33:10.0740 4636 msahci - ok
23:33:10.0740 4636 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:33:10.0740 4636 msdsm - ok
23:33:10.0740 4636 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:33:10.0756 4636 MSDTC - ok
23:33:10.0756 4636 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:33:10.0771 4636 Msfs - ok
23:33:10.0771 4636 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:33:10.0787 4636 mshidkmdf - ok
23:33:10.0787 4636 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:33:10.0787 4636 msisadrv - ok
23:33:10.0803 4636 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:33:10.0818 4636 MSiSCSI - ok
23:33:10.0818 4636 msiserver - ok
23:33:10.0818 4636 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:33:10.0834 4636 MSKSSRV - ok
23:33:10.0834 4636 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:33:10.0849 4636 MSPCLOCK - ok
23:33:10.0865 4636 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:33:10.0881 4636 MSPQM - ok
23:33:10.0881 4636 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:33:10.0881 4636 MsRPC - ok
23:33:10.0881 4636 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:33:10.0896 4636 mssmbios - ok
23:33:10.0896 4636 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:33:10.0912 4636 MSTEE - ok
23:33:10.0912 4636 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:33:10.0912 4636 MTConfig - ok
23:33:10.0927 4636 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:33:10.0927 4636 Mup - ok
23:33:10.0927 4636 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:33:10.0943 4636 napagent - ok
23:33:10.0959 4636 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:33:10.0959 4636 NativeWifiP - ok
23:33:10.0974 4636 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
23:33:10.0990 4636 NDIS - ok
23:33:10.0990 4636 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:33:11.0005 4636 NdisCap - ok
23:33:11.0005 4636 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:33:11.0021 4636 NdisTapi - ok
23:33:11.0021 4636 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:33:11.0037 4636 Ndisuio - ok
23:33:11.0037 4636 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:33:11.0068 4636 NdisWan - ok
23:33:11.0068 4636 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:33:11.0083 4636 NDProxy - ok
23:33:11.0083 4636 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:33:11.0099 4636 NetBIOS - ok
23:33:11.0099 4636 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:33:11.0115 4636 NetBT - ok
23:33:11.0115 4636 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe
23:33:11.0130 4636 Netlogon - ok
23:33:11.0130 4636 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:33:11.0146 4636 Netman - ok
23:33:11.0161 4636 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:33:11.0177 4636 netprofm - ok
23:33:11.0177 4636 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:33:11.0177 4636 NetTcpPortSharing - ok
23:33:11.0193 4636 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:33:11.0193 4636 nfrd960 - ok
23:33:11.0193 4636 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:33:11.0208 4636 NlaSvc - ok
23:33:11.0208 4636 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:33:11.0224 4636 Npfs - ok
23:33:11.0239 4636 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:33:11.0255 4636 nsi - ok
23:33:11.0255 4636 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:33:11.0271 4636 nsiproxy - ok
23:33:11.0286 4636 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:33:11.0302 4636 Ntfs - ok
23:33:11.0302 4636 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:33:11.0317 4636 Null - ok
23:33:11.0333 4636 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
23:33:11.0333 4636 NVHDA - ok
23:33:11.0411 4636 [ 26AA3C7E6E1DB7107BF93503F6F57E88 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:33:11.0505 4636 nvlddmkm - ok
23:33:11.0520 4636 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:33:11.0520 4636 nvraid - ok
23:33:11.0520 4636 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:33:11.0520 4636 nvstor - ok
23:33:11.0536 4636 [ A83AC04D672567CAF8BE7A4D73C0B850 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:33:11.0551 4636 nvsvc - ok
23:33:11.0551 4636 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:33:11.0567 4636 nvUpdatusService - ok
23:33:11.0567 4636 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:33:11.0583 4636 nv_agp - ok
23:33:11.0583 4636 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:33:11.0583 4636 ohci1394 - ok
23:33:11.0583 4636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:33:11.0598 4636 p2pimsvc - ok
23:33:11.0598 4636 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:33:11.0614 4636 p2psvc - ok
23:33:11.0614 4636 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
23:33:11.0614 4636 Parport - ok
23:33:11.0614 4636 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:33:11.0629 4636 partmgr - ok
23:33:11.0629 4636 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:33:11.0629 4636 PcaSvc - ok
23:33:11.0645 4636 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:33:11.0645 4636 pci - ok
23:33:11.0645 4636 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:33:11.0645 4636 pciide - ok
23:33:11.0661 4636 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:33:11.0661 4636 pcmcia - ok
23:33:11.0661 4636 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:33:11.0661 4636 pcw - ok
23:33:11.0676 4636 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:33:11.0692 4636 PEAUTH - ok
23:33:11.0707 4636 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:33:11.0723 4636 PeerDistSvc - ok
23:33:11.0739 4636 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:33:11.0739 4636 PerfHost - ok
23:33:11.0754 4636 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:33:11.0785 4636 pla - ok
23:33:11.0785 4636 [ B806E50427511BCF4AD8E8239C3E25FA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:33:11.0801 4636 PlugPlay - ok
23:33:11.0801 4636 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:33:11.0817 4636 PNRPAutoReg - ok
23:33:11.0817 4636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:33:11.0817 4636 PNRPsvc - ok
23:33:11.0832 4636 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:33:11.0848 4636 PolicyAgent - ok
23:33:11.0848 4636 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:33:11.0863 4636 Power - ok
23:33:11.0879 4636 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:33:11.0895 4636 PptpMiniport - ok
23:33:11.0895 4636 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
23:33:11.0895 4636 Processor - ok
23:33:11.0895 4636 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
23:33:11.0926 4636 ProfSvc - ok
23:33:11.0926 4636 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe
23:33:11.0926 4636 ProtectedStorage - ok
23:33:11.0926 4636 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:33:11.0941 4636 Psched - ok
23:33:11.0957 4636 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:33:11.0973 4636 ql2300 - ok
23:33:11.0988 4636 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:33:11.0988 4636 ql40xx - ok
23:33:11.0988 4636 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:33:12.0004 4636 QWAVE - ok
23:33:12.0004 4636 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:33:12.0004 4636 QWAVEdrv - ok
23:33:12.0004 4636 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:33:12.0035 4636 RasAcd - ok
23:33:12.0035 4636 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:33:12.0051 4636 RasAgileVpn - ok
23:33:12.0051 4636 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:33:12.0066 4636 RasAuto - ok
23:33:12.0066 4636 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:33:12.0082 4636 Rasl2tp - ok
23:33:12.0097 4636 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:33:12.0113 4636 RasMan - ok
23:33:12.0113 4636 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:33:12.0129 4636 RasPppoe - ok
23:33:12.0129 4636 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:33:12.0160 4636 RasSstp - ok
23:33:12.0160 4636 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:33:12.0175 4636 rdbss - ok
23:33:12.0175 4636 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:33:12.0191 4636 rdpbus - ok
23:33:12.0191 4636 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:33:12.0207 4636 RDPCDD - ok
23:33:12.0207 4636 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:33:12.0222 4636 RDPDR - ok
23:33:12.0222 4636 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:33:12.0238 4636 RDPENCDD - ok
23:33:12.0238 4636 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:33:12.0253 4636 RDPREFMP - ok
23:33:12.0253 4636 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
23:33:12.0269 4636 RdpVideoMiniport - ok
23:33:12.0269 4636 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:33:12.0285 4636 RDPWD - ok
23:33:12.0285 4636 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:33:12.0285 4636 rdyboost - ok
23:33:12.0300 4636 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:33:12.0316 4636 RemoteAccess - ok
23:33:12.0316 4636 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:33:12.0331 4636 RemoteRegistry - ok
23:33:12.0331 4636 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:33:12.0363 4636 RpcEptMapper - ok
23:33:12.0363 4636 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:33:12.0363 4636 RpcLocator - ok
23:33:12.0363 4636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:33:12.0394 4636 RpcSs - ok
23:33:12.0394 4636 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:33:12.0409 4636 rspndr - ok
23:33:12.0409 4636 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:33:12.0409 4636 s3cap - ok
23:33:12.0425 4636 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe
23:33:12.0425 4636 SamSs - ok
23:33:12.0425 4636 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:33:12.0425 4636 sbp2port - ok
23:33:12.0441 4636 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:33:12.0456 4636 SCardSvr - ok
23:33:12.0456 4636 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:33:12.0472 4636 scfilter - ok
23:33:12.0487 4636 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:33:12.0503 4636 Schedule - ok
23:33:12.0503 4636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:33:12.0519 4636 SCPolicySvc - ok
23:33:12.0519 4636 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:33:12.0534 4636 SDRSVC - ok
23:33:12.0534 4636 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:33:12.0550 4636 secdrv - ok
23:33:12.0550 4636 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:33:12.0565 4636 seclogon - ok
23:33:12.0565 4636 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:33:12.0597 4636 SENS - ok
23:33:12.0597 4636 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:33:12.0597 4636 SensrSvc - ok
23:33:12.0597 4636 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:33:12.0612 4636 Serenum - ok
23:33:12.0612 4636 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:33:12.0612 4636 Serial - ok
23:33:12.0612 4636 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:33:12.0628 4636 sermouse - ok
23:33:12.0628 4636 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:33:12.0643 4636 SessionEnv - ok
23:33:12.0643 4636 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:33:12.0659 4636 sffdisk - ok
23:33:12.0659 4636 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:33:12.0659 4636 sffp_mmc - ok
23:33:12.0659 4636 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:33:12.0675 4636 sffp_sd - ok
23:33:12.0675 4636 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:33:12.0675 4636 sfloppy - ok
23:33:12.0675 4636 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:33:12.0706 4636 SharedAccess - ok
23:33:12.0706 4636 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:33:12.0721 4636 ShellHWDetection - ok
23:33:12.0721 4636 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:33:12.0737 4636 SiSRaid2 - ok
23:33:12.0737 4636 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:33:12.0737 4636 SiSRaid4 - ok
23:33:12.0737 4636 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:33:12.0753 4636 Smb - ok
23:33:12.0753 4636 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:33:12.0768 4636 SNMPTRAP - ok
23:33:12.0768 4636 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:33:12.0768 4636 spldr - ok
23:33:12.0784 4636 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
23:33:12.0799 4636 Spooler - ok
23:33:12.0831 4636 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:33:12.0862 4636 sppsvc - ok
23:33:12.0862 4636 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:33:12.0877 4636 sppuinotify - ok
23:33:12.0893 4636 [ 2098B8556D1CEC2ACA9A29CD479E3692 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:33:12.0909 4636 srv - ok
23:33:12.0909 4636 [ D0F73A42040F21F92FD314B42AC5C9E7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:33:12.0940 4636 srv2 - ok
23:33:12.0940 4636 [ 2BA8F3250828CCDB4204ECF2C6F40B6A ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:33:12.0955 4636 srvnet - ok
23:33:12.0955 4636 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:33:12.0971 4636 SSDPSRV - ok
23:33:12.0971 4636 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:33:13.0002 4636 SstpSvc - ok
23:33:13.0002 4636 Steam Client Service - ok
23:33:13.0002 4636 [ 00FCEC4DA4198F5F2B9BBD9225842568 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:33:13.0002 4636 Stereo Service - ok
23:33:13.0018 4636 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:33:13.0018 4636 stexstor - ok
23:33:13.0018 4636 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:33:13.0033 4636 stisvc - ok
23:33:13.0033 4636 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:33:13.0033 4636 storflt - ok
23:33:13.0033 4636 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:33:13.0049 4636 storvsc - ok
23:33:13.0049 4636 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:33:13.0049 4636 swenum - ok
23:33:13.0049 4636 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:33:13.0080 4636 swprv - ok
23:33:13.0080 4636 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
23:33:13.0080 4636 Synth3dVsc - ok
23:33:13.0096 4636 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:33:13.0111 4636 SysMain - ok
23:33:13.0111 4636 [ 0B42379BDCDF092FF9E7A850A0EFDC98 ] SystoG15Svc C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe
23:33:13.0127 4636 SystoG15Svc ( UnsignedFile.Multi.Generic ) - warning
23:33:13.0127 4636 SystoG15Svc - detected UnsignedFile.Multi.Generic (1)
23:33:13.0127 4636 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:33:13.0127 4636 TabletInputService - ok
23:33:13.0143 4636 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:33:13.0158 4636 TapiSrv - ok
23:33:13.0158 4636 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:33:13.0174 4636 TBS - ok
23:33:13.0189 4636 [ 509383E505C973ED7534A06B3D19688D ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:33:13.0205 4636 Tcpip - ok
23:33:13.0221 4636 [ 509383E505C973ED7534A06B3D19688D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:33:13.0236 4636 TCPIP6 - ok
23:33:13.0236 4636 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:33:13.0267 4636 tcpipreg - ok
23:33:13.0267 4636 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:33:13.0283 4636 TDPIPE - ok
23:33:13.0283 4636 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:33:13.0299 4636 TDTCP - ok
23:33:13.0299 4636 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:33:13.0314 4636 tdx - ok
23:33:13.0314 4636 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:33:13.0330 4636 TermDD - ok
23:33:13.0330 4636 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
23:33:13.0330 4636 terminpt - ok
23:33:13.0330 4636 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:33:13.0361 4636 TermService - ok
23:33:13.0361 4636 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:33:13.0377 4636 Themes - ok
23:33:13.0377 4636 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:33:13.0392 4636 THREADORDER - ok
23:33:13.0392 4636 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:33:13.0408 4636 TrkWks - ok
23:33:13.0408 4636 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:33:13.0423 4636 TrustedInstaller - ok
23:33:13.0439 4636 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:33:13.0455 4636 tssecsrv - ok
23:33:13.0455 4636 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:33:13.0455 4636 TsUsbFlt - ok
23:33:13.0455 4636 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:33:13.0470 4636 TsUsbGD - ok
23:33:13.0470 4636 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
23:33:13.0470 4636 tsusbhub - ok
23:33:13.0470 4636 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:33:13.0486 4636 tunnel - ok
23:33:13.0486 4636 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:33:13.0501 4636 uagp35 - ok
23:33:13.0501 4636 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:33:13.0517 4636 udfs - ok
23:33:13.0517 4636 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:33:13.0533 4636 UI0Detect - ok
23:33:13.0533 4636 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:33:13.0533 4636 uliagpkx - ok
23:33:13.0533 4636 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:33:13.0548 4636 umbus - ok
23:33:13.0548 4636 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
23:33:13.0548 4636 UmPass - ok
23:33:13.0548 4636 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
23:33:13.0564 4636 UmRdpService - ok
23:33:13.0564 4636 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:33:13.0579 4636 upnphost - ok
23:33:13.0595 4636 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
23:33:13.0595 4636 usbaudio - ok
23:33:13.0595 4636 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:33:13.0611 4636 usbccgp - ok
23:33:13.0611 4636 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:33:13.0611 4636 usbcir - ok
23:33:13.0611 4636 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:33:13.0626 4636 usbehci - ok
23:33:13.0626 4636 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:33:13.0626 4636 usbhub - ok
23:33:13.0642 4636 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:33:13.0642 4636 usbohci - ok
23:33:13.0642 4636 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
23:33:13.0657 4636 usbprint - ok
23:33:13.0657 4636 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:33:13.0657 4636 USBSTOR - ok
23:33:13.0657 4636 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:33:13.0673 4636 usbuhci - ok
23:33:13.0673 4636 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:33:13.0689 4636 UxSms - ok
23:33:13.0689 4636 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe
23:33:13.0689 4636 VaultSvc - ok
23:33:13.0689 4636 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:33:13.0704 4636 vdrvroot - ok
23:33:13.0704 4636 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:33:13.0720 4636 vds - ok
23:33:13.0720 4636 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:33:13.0735 4636 vga - ok
23:33:13.0735 4636 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:33:13.0751 4636 VgaSave - ok
23:33:13.0751 4636 VGPU - ok
23:33:13.0751 4636 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:33:13.0767 4636 vhdmp - ok
23:33:13.0767 4636 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:33:13.0767 4636 viaide - ok
23:33:13.0767 4636 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:33:13.0782 4636 vmbus - ok
23:33:13.0782 4636 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:33:13.0782 4636 VMBusHID - ok
23:33:13.0782 4636 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:33:13.0782 4636 volmgr - ok
23:33:13.0798 4636 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:33:13.0798 4636 volmgrx - ok
23:33:13.0798 4636 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:33:13.0813 4636 volsnap - ok
23:33:13.0813 4636 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:33:13.0813 4636 vsmraid - ok
23:33:13.0829 4636 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:33:13.0860 4636 VSS - ok
23:33:13.0860 4636 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:33:13.0860 4636 vwifibus - ok
23:33:13.0876 4636 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:33:13.0891 4636 W32Time - ok
23:33:13.0891 4636 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:33:13.0891 4636 WacomPen - ok
23:33:13.0891 4636 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:33:13.0923 4636 WANARP - ok
23:33:13.0923 4636 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:33:13.0938 4636 Wanarpv6 - ok
23:33:13.0954 4636 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:33:13.0954 4636 wbengine - ok
23:33:13.0969 4636 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:33:13.0969 4636 WbioSrvc - ok
23:33:13.0985 4636 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:33:13.0985 4636 wcncsvc - ok
23:33:13.0985 4636 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:33:14.0001 4636 WcsPlugInService - ok
23:33:14.0001 4636 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
23:33:14.0001 4636 Wd - ok
23:33:14.0016 4636 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:33:14.0016 4636 Wdf01000 - ok
23:33:14.0016 4636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:33:14.0032 4636 WdiServiceHost - ok
23:33:14.0032 4636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:33:14.0032 4636 WdiSystemHost - ok
23:33:14.0047 4636 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:33:14.0047 4636 WebClient - ok
23:33:14.0063 4636 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:33:14.0079 4636 Wecsvc - ok
23:33:14.0079 4636 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:33:14.0094 4636 wercplsupport - ok
23:33:14.0094 4636 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:33:14.0125 4636 WerSvc - ok
23:33:14.0125 4636 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:33:14.0141 4636 WfpLwf - ok
23:33:14.0141 4636 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:33:14.0141 4636 WIMMount - ok
23:33:14.0141 4636 WinDefend - ok
23:33:14.0141 4636 WinHttpAutoProxySvc - ok
23:33:14.0157 4636 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:33:14.0172 4636 Winmgmt - ok
23:33:14.0172 4636 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\C2DtoG15\WinRing0x64.sys
23:33:14.0172 4636 WinRing0_1_2_0 - ok
23:33:14.0188 4636 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:33:14.0219 4636 WinRM - ok
23:33:14.0235 4636 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:33:14.0250 4636 Wlansvc - ok
23:33:14.0250 4636 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:33:14.0250 4636 WmiAcpi - ok
23:33:14.0250 4636 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:33:14.0266 4636 wmiApSrv - ok
23:33:14.0266 4636 WMPNetworkSvc - ok
23:33:14.0266 4636 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:33:14.0281 4636 WPCSvc - ok
23:33:14.0281 4636 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:33:14.0281 4636 WPDBusEnum - ok
23:33:14.0281 4636 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:33:14.0297 4636 ws2ifsl - ok
23:33:14.0297 4636 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
23:33:14.0313 4636 wscsvc - ok
23:33:14.0313 4636 WSearch - ok
23:33:14.0328 4636 [ 9DF12EDBC698B0BC353B3EF84861E430 ] wuauserv C:\Windows\system32\wuaueng.dll
23:33:14.0359 4636 wuauserv - ok
23:33:14.0375 4636 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:33:14.0391 4636 WudfPf - ok
23:33:14.0391 4636 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:33:14.0406 4636 WUDFRd - ok
23:33:14.0406 4636 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:33:14.0422 4636 wudfsvc - ok
23:33:14.0437 4636 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:33:14.0437 4636 WwanSvc - ok
23:33:14.0437 4636 ================ Scan global ===============================
23:33:14.0437 4636 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:33:14.0453 4636 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll
23:33:14.0453 4636 [ E0406AEF04B088D1C49FC78D0546F689 ] C:\Windows\system32\winsrv.dll
23:33:14.0453 4636 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:33:14.0453 4636 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:33:14.0453 4636 [Global] - ok
23:33:14.0453 4636 ================ Scan MBR ==================================
23:33:14.0469 4636 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
23:33:14.0656 4636 \Device\Harddisk1\DR1 - ok
23:33:14.0656 4636 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:33:14.0703 4636 \Device\Harddisk0\DR0 - ok
23:33:14.0703 4636 ================ Scan VBR ==================================
23:33:14.0703 4636 [ C446D934DFBF4E185E69C59C9EBA5F6A ] \Device\Harddisk1\DR1\Partition1
23:33:14.0703 4636 \Device\Harddisk1\DR1\Partition1 - ok
23:33:14.0703 4636 [ 40D98E3A1D1495E104164A4B3E26FE38 ] \Device\Harddisk1\DR1\Partition2
23:33:14.0703 4636 \Device\Harddisk1\DR1\Partition2 - ok
23:33:14.0703 4636 [ A22FDEE564B1287F6596F3982F5510DF ] \Device\Harddisk0\DR0\Partition1
23:33:14.0703 4636 \Device\Harddisk0\DR0\Partition1 - ok
23:33:14.0703 4636 [ 9085E2C5E48DB2AE7B9A4BE3B89788E4 ] \Device\Harddisk0\DR0\Partition2
23:33:14.0703 4636 \Device\Harddisk0\DR0\Partition2 - ok
23:33:14.0703 4636 [ 4948C335811695D05FBEAB11946A8813 ] \Device\Harddisk0\DR0\Partition3
23:33:14.0703 4636 \Device\Harddisk0\DR0\Partition3 - ok
23:33:14.0703 4636 ============================================================
23:33:14.0703 4636 Scan finished
23:33:14.0703 4636 ============================================================
23:33:14.0718 1972 Detected object count: 1
23:33:14.0718 1972 Actual detected object count: 1
23:33:35.0279 1972 SystoG15Svc ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:35.0279 1972 SystoG15Svc ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
26.01.2013, 23:43
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JS:agent-AXQ [Trj] beim Aufrufen von einer Website Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.01.2013, 00:14
| #9 |
| | JS:agent-AXQ [Trj] beim Aufrufen von einer Website ComboFix: Code:
ATTFilter ComboFix 13-01-26.02 - skaw 27.01.2013 0:06.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.16270.14293 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-26 bis 2013-01-26 ))))))))))))))))))))))))))))))
.
.
2013-01-26 23:07 . 2013-01-26 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-23 21:33 . 2013-01-23 21:33 -------- d-----w- c:\program files (x86)\Avira
2013-01-23 21:29 . 2013-01-23 21:29 -------- d-----w- c:\programdata\Malwarebytes
2013-01-23 21:29 . 2013-01-23 21:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-23 21:29 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-20 18:49 . 2013-01-20 18:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-20 18:49 . 2013-01-20 18:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-20 18:49 . 2013-01-20 18:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-20 18:49 . 2013-01-20 18:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-20 18:49 . 2013-01-20 18:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-20 18:49 . 2013-01-20 18:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-20 18:49 . 2013-01-20 18:49 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-20 18:49 . 2013-01-20 18:49 -------- d-----w- c:\program files (x86)\QuickTime
2013-01-20 18:49 . 2013-01-20 18:49 -------- d-----w- c:\programdata\Apple Computer
2013-01-20 18:49 . 2013-01-20 18:49 -------- d-----w- c:\program files (x86)\Common Files\Apple
2013-01-20 18:49 . 2013-01-20 18:49 -------- d-----w- c:\programdata\Apple
2013-01-20 18:49 . 2013-01-20 18:49 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-01-19 01:22 . 2013-01-19 01:22 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-01-14 17:10 . 2013-01-14 17:10 -------- d-----w- c:\program files\7-Zip
2013-01-11 18:43 . 2013-01-11 18:43 -------- d-----w- c:\program files\GIMP 2
2013-01-10 23:52 . 2013-01-10 23:52 -------- d-----w- c:\program files\PBO Manager v.1.4 beta
2013-01-10 23:51 . 2013-01-10 23:51 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-01-10 21:59 . 2013-01-10 21:59 -------- d-----w- c:\program files (x86)\Notepad++
2013-01-10 21:00 . 2013-01-10 21:00 -------- d-----w- c:\windows\system32\appmgmt
2013-01-10 19:34 . 2013-01-10 19:34 -------- d-----w- c:\program files (x86)\Bohemia Interactive
2013-01-10 15:02 . 2013-01-25 15:27 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-01-10 14:56 . 2013-01-18 19:14 -------- d-----w- c:\program files (x86)\Common Files\Steam
2013-01-09 22:42 . 2013-01-09 15:46 -------- d-----w- c:\windows\Panther
2013-01-09 22:42 . 2013-01-09 22:42 -------- d-----w- C:\Boot
2013-01-09 21:28 . 2013-01-09 21:28 -------- d-----w- c:\programdata\Bohemia Interactive Studio
2013-01-09 21:18 . 2010-02-04 09:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2013-01-09 21:18 . 2010-02-04 09:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2013-01-09 21:18 . 2010-02-04 09:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2013-01-09 21:18 . 2010-02-04 09:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2013-01-09 21:18 . 2010-02-04 09:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2013-01-09 21:18 . 2010-02-04 09:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2013-01-09 20:48 . 2013-01-09 20:48 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-01-09 20:42 . 2013-01-09 20:42 -------- d-----w- C:\Fraps
2013-01-09 20:18 . 2013-01-26 16:43 -------- d-----w- c:\program files (x86)\C2DtoG15
2013-01-09 19:12 . 2013-01-09 19:12 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2013-01-09 19:12 . 2013-01-09 19:12 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-01-09 19:12 . 2013-01-09 19:12 -------- d-----w- c:\programdata\Logitech
2013-01-09 19:12 . 2013-01-09 19:12 -------- d-----w- c:\program files\Logitech
2013-01-09 19:12 . 2013-01-09 19:12 -------- d-----w- c:\program files\Common Files\Logishrd
2013-01-09 19:09 . 2013-01-09 19:12 -------- d-----w- c:\programdata\LogiShrd
2013-01-09 19:09 . 2013-01-09 19:10 -------- d-----w- c:\program files\Logitech Gaming Software
2013-01-09 16:52 . 2013-01-09 16:52 -------- d-----w- c:\program files\ASRock Utility
2013-01-09 16:52 . 2012-01-13 11:52 31016 ----a-w- c:\windows\system32\drivers\AsrRamDisk.sys
2013-01-09 16:52 . 2013-01-09 16:52 -------- d-----w- c:\program files (x86)\ASRock Utility
2013-01-09 16:47 . 2013-01-09 16:47 32320 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
2013-01-09 16:47 . 2013-01-09 16:47 16648 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2013-01-09 16:47 . 2013-01-09 16:47 -------- d-----w- c:\programdata\FNET
2013-01-09 16:47 . 2013-01-09 16:47 -------- d-----w- c:\program files (x86)\XFastUSB
2013-01-09 16:24 . 2013-01-09 16:24 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-01-09 16:23 . 2013-01-09 16:23 -------- d-----w- C:\NVIDIA
2013-01-09 16:21 . 2013-01-09 20:41 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 16:21 . 2013-01-09 20:41 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 16:21 . 2013-01-09 16:21 -------- d-----w- c:\windows\SysWow64\Macromed
2013-01-09 16:21 . 2013-01-09 16:21 -------- d-----w- c:\windows\system32\Macromed
2013-01-09 16:19 . 2013-01-09 16:19 -------- d-----w- c:\program files\Broadcom
2013-01-09 16:18 . 2013-01-09 16:18 -------- d-----w- c:\program files (x86)\ASM106xSATA
2013-01-09 16:17 . 2013-01-09 16:17 -------- d-----w- c:\program files (x86)\ASM104xUSB3
2013-01-09 16:17 . 2013-01-20 18:49 -------- d-sh--w- c:\windows\Installer
2013-01-09 16:17 . 2012-02-27 02:00 41984 ----a-w- c:\windows\system32\drivers\USB3Ver.dll
2013-01-09 16:14 . 2013-01-09 16:17 -------- d-----w- c:\program files (x86)\Intel
2013-01-09 16:14 . 2011-12-06 14:55 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2013-01-09 16:14 . 2013-01-09 16:14 -------- d-----w- C:\Intel
2013-01-09 16:10 . 2012-02-27 02:01 16152 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2013-01-09 16:10 . 2009-07-14 12:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-01-09 16:10 . 2012-02-27 02:01 788760 ----a-w- c:\windows\system32\drivers\iusb3xhc.sys
2013-01-09 16:10 . 2012-02-27 02:01 356120 ----a-w- c:\windows\system32\drivers\iusb3hub.sys
2013-01-09 15:47 . 2013-01-24 14:17 -------- d-----w- c:\users\***
2012-12-29 01:54 . 2012-12-29 01:54 550328 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\steam\steam.exe" [2013-01-10 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2013-01-09 5021448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\skaw\Desktop\mbar\mbar\mbar.exe" [2013-01-26 1356360]
.
c:\users\skaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
C2DtoG15.lnk - c:\program files (x86)\C2DtoG15\C2DtoG15.exe [2013-1-9 596992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2013-01-09 32320]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-21 49760]
S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys [2012-01-13 31016]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-27 16152]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2013-01-09 16648]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]
S2 SystoG15Svc;SystoG15 Service;c:\program files (x86)\C2DtoG15\SystoG15Svc.exe [2013-01-09 64000]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-03-04 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-03-04 390632]
S3 AxtuDrv;AxtuDrv;c:\windows\SysWOW64\Drivers\AxtuDrv.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-27 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-27 788760]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-05-09 425000]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\C2DtoG15\WinRing0x64.sys [2008-07-26 14544]
S4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 57059293
*NewlyCreated* - ASWMBR
*Deregistered* - 57059293
*Deregistered* - aswMBR
*Deregistered* - avipbb
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = ***.***.***.***
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jaahpqz4.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - ExtSQL: 2013-01-09 20:12; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - ExtSQL: 2013-01-10 16:11; appbuttonclear@mozilla.org; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jaahpqz4.default\extensions\appbuttonclear@mozilla.org.xpi
FF - ExtSQL: 2013-01-10 16:11; appbuttonclose@mozilla.org; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jaahpqz4.default\extensions\appbuttonclose@mozilla.org.xpi
FF - ExtSQL: 2013-01-10 16:11; {d166ee2a-36bb-4f33-aff7-e85f912df509}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jaahpqz4.default\extensions\{d166ee2a-36bb-4f33-aff7-e85f912df509}.xpi
FF - ExtSQL: 2013-01-10 16:12; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jaahpqz4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-10 16:14; compatibility@addons.mozilla.org; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jaahpqz4.default\extensions\compatibility@addons.mozilla.org.xpi
FF - ExtSQL: 2013-01-10 16:14; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jaahpqz4.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-01-10 16:16; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jaahpqz4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-01-10 16:16; firefox@ghostery.com; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jaahpqz4.default\extensions\firefox@ghostery.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockXTU - (no file)
AddRemove-Arma 2 Army of The Czech Republic (LITE) - d:\arma222\ACR_Lite_UnInstall.exe
AddRemove-BattlEye for A2 - d:\arma2battleye\UnInstallBE.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-27 00:08:34
ComboFix-quarantined-files.txt 2013-01-26 23:08
.
Vor Suchlauf: 9 Verzeichnis(se), 35.657.469.952 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 36.604.022.784 Bytes frei
.
- - End Of File - - B4C9A57C54D0EC7B122BC6C010277A79
|
|
27.01.2013, 00:38
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JS:agent-AXQ [Trj] beim Aufrufen von einer Website adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.01.2013, 00:41
| #11 |
| | JS:agent-AXQ [Trj] beim Aufrufen von einer Website adwCleaner: Code:
ATTFilter # AdwCleaner v2.108 - Datei am 27/01/2013 um 00:40:39 erstellt
# Aktualisiert am 24/01/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Ask.com.tmp
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jaahpqz4.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [763 octets] - [27/01/2013 00:40:39]
########## EOF - C:\AdwCleaner[R1].txt - [822 octets] ##########
|
|
27.01.2013, 00:42
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JS:agent-AXQ [Trj] beim Aufrufen von einer Website adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.01.2013, 01:13
| #13 |
| | JS:agent-AXQ [Trj] beim Aufrufen von einer Website adwCleaner: Code:
ATTFilter # AdwCleaner v2.108 - Datei am 27/01/2013 um 00:55:59 erstellt
# Aktualisiert am 24/01/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : ***
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\jaahpqz4.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [765 octets] - [27/01/2013 00:55:59]
########## EOF - C:\AdwCleaner[S1].txt - [824 octets] ##########
Code:
ATTFilter OTL logfile created on: 27.01.2013 00:58:51 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,89 Gb Total Physical Memory | 14,02 Gb Available Physical Memory | 88,25% Memory free 31,77 Gb Paging File | 29,68 Gb Available in Paging File | 93,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 78,12 Gb Total Space | 33,74 Gb Free Space | 43,19% Space Free | Partition Type: NTFS Drive D: | 160,35 Gb Total Space | 45,32 Gb Free Space | 28,26% Space Free | Partition Type: NTFS Drive E: | 292,97 Gb Total Space | 292,74 Gb Free Space | 99,92% Space Free | Partition Type: NTFS Drive F: | 556,64 Gb Total Space | 556,32 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Drive G: | 1013,41 Gb Total Space | 1009,63 Gb Free Space | 99,63% Space Free | Partition Type: NTFS Drive H: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - D:\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe () PRC - C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe () PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Programme\ASRock Utility\XFast RAM\asrRd.exe () PRC - C:\Program Files (x86)\C2DtoG15\C2DtoG15.exe (Andreas Sammann) ========== Modules (No Company Name) ========== MOD - D:\Steam\sdl.dll () MOD - D:\Steam\bin\libcef.dll () MOD - D:\Steam\bin\avcodec-53.dll () MOD - D:\Steam\bin\chromehtml.dll () MOD - D:\Steam\bin\avformat-53.dll () MOD - D:\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe () MOD - C:\Program Files (x86)\ASRock Utility\AXTU\Bin\IccLibDll.DLL () MOD - C:\Programme\ASRock Utility\XFast RAM\asrRd.exe () MOD - C:\Program Files (x86)\C2DtoG15\LgLcdLibWrapper.dll () ========== Services (SafeList) ========== SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (SystoG15Svc) -- C:\Program Files (x86)\C2DtoG15\SystoG15Svc.exe () SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.) DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (AsrRamDisk) -- C:\Windows\SysNative\drivers\AsrRamDisk.sys (ASRock Inc.) DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\C2DtoG15\WinRing0x64.sys (OpenLibSys.org) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB C3 A6 48 85 EE CD 01 [binary data] IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB C3 A6 48 85 EE CD 01 [binary data] IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3915190912-495410321-2236549280-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12 FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.4 FF - prefs.js..extensions.enabledAddons: %7Bd166ee2a-36bb-4f33-aff7-e85f912df509%7D:0.5.0.0b3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.01.09 20:12:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.20 19:49:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.25 16:27:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.01.09 20:04:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.01.10 20:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jaahpqz4.default\extensions [2013.01.10 16:16:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jaahpqz4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.01.10 16:16:27 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\jaahpqz4.default\extensions\firefox@ghostery.com [2013.01.10 16:11:40 | 000,001,372 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jaahpqz4.default\extensions\appbuttonclear@mozilla.org.xpi [2013.01.10 16:11:46 | 000,001,306 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jaahpqz4.default\extensions\appbuttonclose@mozilla.org.xpi [2013.01.10 16:14:12 | 000,284,001 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jaahpqz4.default\extensions\compatibility@addons.mozilla.org.xpi [2013.01.10 16:14:26 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jaahpqz4.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013.01.10 16:12:42 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jaahpqz4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.10 20:38:13 | 000,128,884 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\jaahpqz4.default\extensions\{d166ee2a-36bb-4f33-aff7-e85f912df509}.xpi [2013.01.09 20:03:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.19 02:22:52 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.) O4 - HKU\S-1-5-21-3915190912-495410321-2236549280-1000..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-3915190912-495410321-2236549280-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3915190912-495410321-2236549280-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk = C:\Program Files (x86)\C2DtoG15\C2DtoG15.exe (Andreas Sammann) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3915190912-495410321-2236549280-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3915190912-495410321-2236549280-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3915190912-495410321-2236549280-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{789D210E-1D4E-46C2-A200-AB619D371539}: DhcpNameServer = 192.168.1.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.06.12 03:27:33 | 000,000,140 | R--- | M] () - H:\autorun.inf -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.27 00:39:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira [2013.01.27 00:34:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.01.27 00:34:27 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.01.27 00:34:27 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.01.27 00:34:27 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.01.27 00:34:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.01.27 00:34:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.01.27 00:31:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.27 00:08:36 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.01.27 00:05:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.01.27 00:05:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.01.27 00:05:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.01.27 00:05:49 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.01.27 00:05:48 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.27 00:05:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.01.26 23:54:42 | 005,026,751 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.01.26 23:28:54 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.01.26 23:28:19 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.01.26 18:50:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar [2013.01.24 15:18:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.23 22:29:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.01.23 22:29:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.23 22:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.23 22:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.23 22:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.23 22:29:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.01.22 22:13:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Florian Klein Software [2013.01.21 10:37:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2013.01.20 19:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.01.20 19:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.01.20 19:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.01.20 19:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.01.20 19:49:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2013.01.20 19:49:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.01.20 19:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.01.19 02:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.01.19 02:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.01.14 22:22:44 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Games [2013.01.14 18:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.01.14 18:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.01.11 21:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision [2013.01.11 21:16:40 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Wasteland_United_takistan.takistan [2013.01.11 21:16:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PboM [2013.01.11 20:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps [2013.01.11 19:44:07 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails [2013.01.11 19:43:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\gegl-0.2 [2013.01.11 19:43:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\fontconfig [2013.01.11 19:43:42 | 000,000,000 | ---D | C] -- C:\Users\***\.gimp-2.8 [2013.01.11 19:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2013.01.11 00:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\PBO Manager v.1.4 beta [2013.01.11 00:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PBO Manager [2013.01.11 00:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.01.10 22:59:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.01.10 22:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.01.10 22:59:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Notepad++ [2013.01.10 22:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++ [2013.01.10 22:00:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.01.10 21:57:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Google [2013.01.10 21:56:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2013.01.10 21:06:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Buldozer Viewer [2013.01.10 20:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive [2013.01.10 18:56:37 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2013.01.10 18:56:37 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2013.01.10 18:56:37 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2013.01.10 18:56:37 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2013.01.10 18:56:36 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2013.01.10 18:56:36 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2013.01.10 18:56:36 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2013.01.10 18:56:36 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2013.01.10 18:56:36 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2013.01.10 18:56:36 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2013.01.10 18:56:36 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2013.01.10 18:56:36 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2013.01.10 18:56:36 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2013.01.10 18:56:36 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2013.01.10 18:56:36 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2013.01.10 18:56:36 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2013.01.10 18:56:36 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2013.01.10 18:56:36 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2013.01.10 16:02:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Thunderbird [2013.01.10 16:02:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Thunderbird [2013.01.10 16:02:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.01.10 15:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.01.10 15:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.01.09 23:43:09 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.01.09 23:43:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.01.09 23:42:43 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.01.09 23:42:30 | 000,000,000 | ---D | C] -- C:\Boot [2013.01.09 22:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Bohemia Interactive Studio [2013.01.09 22:18:28 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2013.01.09 22:18:28 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2013.01.09 22:18:28 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2013.01.09 22:18:28 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2013.01.09 22:18:28 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2013.01.09 22:18:28 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2013.01.09 21:48:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TS3Client [2013.01.09 21:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.01.09 21:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2013.01.09 21:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2013.01.09 21:42:20 | 000,000,000 | ---D | C] -- C:\Fraps [2013.01.09 21:41:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia [2013.01.09 21:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.01.09 21:29:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ArmA 2 OA [2013.01.09 21:29:03 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ArmA 2 [2013.01.09 21:26:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics [2013.01.09 21:18:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\C2DtoG15 [2013.01.09 21:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C2DtoG15 [2013.01.09 21:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\C2DtoG15 [2013.01.09 20:12:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd [2013.01.09 20:12:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Logishrd [2013.01.09 20:12:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd [2013.01.09 20:12:30 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2013.01.09 20:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2013.01.09 20:12:15 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2013.01.09 20:12:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd [2013.01.09 20:10:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NVIDIA [2013.01.09 20:10:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Logitech [2013.01.09 20:10:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Leadertech [2013.01.09 20:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.01.09 20:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2013.01.09 20:09:57 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2013.01.09 20:09:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Logitech [2013.01.09 20:09:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Logishrd [2013.01.09 20:08:48 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2013.01.09 20:08:48 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2013.01.09 20:08:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2013.01.09 20:08:48 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2013.01.09 20:08:47 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2013.01.09 20:08:47 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2013.01.09 20:08:47 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2013.01.09 20:08:47 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2013.01.09 20:08:47 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2013.01.09 20:08:47 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2013.01.09 20:08:47 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2013.01.09 20:08:47 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2013.01.09 20:08:46 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll [2013.01.09 20:08:46 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll [2013.01.09 20:08:46 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2013.01.09 20:08:46 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll [2013.01.09 20:08:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2013.01.09 20:08:46 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll [2013.01.09 20:08:46 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll [2013.01.09 20:08:46 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll [2013.01.09 20:08:46 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll [2013.01.09 20:08:46 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll [2013.01.09 20:08:46 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll [2013.01.09 20:08:46 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll [2013.01.09 20:08:46 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2013.01.09 20:08:46 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2013.01.09 20:08:45 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll [2013.01.09 20:08:45 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll [2013.01.09 20:08:45 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll [2013.01.09 20:08:45 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll [2013.01.09 20:08:45 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll [2013.01.09 20:08:45 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2013.01.09 20:08:45 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2013.01.09 20:08:45 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll [2013.01.09 20:08:45 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2013.01.09 20:08:45 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2013.01.09 20:08:45 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2013.01.09 20:08:45 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2013.01.09 20:08:45 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll [2013.01.09 20:08:45 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll [2013.01.09 20:08:44 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll [2013.01.09 20:08:44 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll [2013.01.09 20:08:44 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll [2013.01.09 20:08:44 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll [2013.01.09 20:08:44 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll [2013.01.09 20:08:44 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2013.01.09 20:08:44 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2013.01.09 20:08:44 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll [2013.01.09 20:08:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2013.01.09 20:08:44 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2013.01.09 20:08:44 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2013.01.09 20:08:44 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2013.01.09 20:08:44 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2013.01.09 20:08:44 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2013.01.09 20:08:43 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2013.01.09 20:08:43 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2013.01.09 20:08:43 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2013.01.09 20:08:43 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2013.01.09 20:08:43 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2013.01.09 20:08:43 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2013.01.09 20:08:43 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2013.01.09 20:08:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2013.01.09 20:08:43 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2013.01.09 20:08:43 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2013.01.09 20:08:43 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2013.01.09 20:08:43 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2013.01.09 20:08:43 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2013.01.09 20:08:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2013.01.09 20:08:42 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2013.01.09 20:08:42 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2013.01.09 20:08:42 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2013.01.09 20:08:42 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2013.01.09 20:08:42 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2013.01.09 20:08:42 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2013.01.09 20:08:42 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2013.01.09 20:08:42 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2013.01.09 20:08:42 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2013.01.09 20:08:42 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2013.01.09 20:08:42 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2013.01.09 20:08:42 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2013.01.09 20:08:42 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2013.01.09 20:08:42 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2013.01.09 20:08:41 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2013.01.09 20:08:41 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2013.01.09 20:08:41 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2013.01.09 20:08:41 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2013.01.09 20:08:41 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2013.01.09 20:08:41 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2013.01.09 20:08:41 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2013.01.09 20:08:41 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2013.01.09 20:08:40 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2013.01.09 20:08:40 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2013.01.09 20:08:40 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2013.01.09 20:08:40 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2013.01.09 20:08:40 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2013.01.09 20:08:40 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2013.01.09 20:08:40 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2013.01.09 20:08:40 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2013.01.09 20:08:40 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2013.01.09 20:08:40 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2013.01.09 20:08:40 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2013.01.09 20:08:40 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2013.01.09 20:08:40 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2013.01.09 20:08:40 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2013.01.09 20:08:39 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2013.01.09 20:08:39 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2013.01.09 20:08:39 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2013.01.09 20:08:39 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2013.01.09 20:08:39 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2013.01.09 20:08:39 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2013.01.09 20:08:39 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2013.01.09 20:08:39 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2013.01.09 20:08:39 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2013.01.09 20:08:39 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2013.01.09 20:08:39 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2013.01.09 20:08:39 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2013.01.09 20:08:38 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2013.01.09 20:08:38 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2013.01.09 20:08:38 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2013.01.09 20:08:38 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2013.01.09 20:08:38 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2013.01.09 20:08:38 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2013.01.09 20:08:38 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2013.01.09 20:08:38 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2013.01.09 20:08:38 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2013.01.09 20:08:38 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2013.01.09 20:08:38 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2013.01.09 20:08:38 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2013.01.09 20:08:37 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2013.01.09 20:08:37 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2013.01.09 20:08:37 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2013.01.09 20:08:37 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2013.01.09 20:08:37 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2013.01.09 20:08:37 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2013.01.09 20:08:37 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2013.01.09 20:08:37 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2013.01.09 20:08:37 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2013.01.09 20:08:37 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2013.01.09 20:08:37 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2013.01.09 20:08:37 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2013.01.09 20:08:36 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2013.01.09 20:08:36 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2013.01.09 20:08:36 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2013.01.09 20:08:36 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2013.01.09 20:08:36 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2013.01.09 20:08:36 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2013.01.09 20:08:35 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2013.01.09 20:08:35 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2013.01.09 20:08:35 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2013.01.09 20:08:35 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2013.01.09 20:08:35 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2013.01.09 20:08:35 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2013.01.09 20:08:34 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2013.01.09 20:08:34 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2013.01.09 20:08:34 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2013.01.09 20:08:34 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2013.01.09 20:08:34 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2013.01.09 20:08:34 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2013.01.09 20:08:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2013.01.09 20:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2013.01.09 20:04:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2013.01.09 20:04:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2013.01.09 20:03:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.09 17:52:20 | 000,031,016 | ---- | C] (ASRock Inc.) -- C:\Windows\SysNative\drivers\AsrRamDisk.sys [2013.01.09 17:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility [2013.01.09 17:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility [2013.01.09 17:52:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASRock Utility [2013.01.09 17:47:40 | 000,032,320 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS [2013.01.09 17:47:38 | 000,016,648 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS [2013.01.09 17:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XFastUSB [2013.01.09 17:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast USB [2013.01.09 17:47:38 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET [2013.01.09 17:37:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.01.09 17:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.01.09 17:37:25 | 003,845,736 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2013.01.09 17:37:25 | 002,652,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2013.01.09 17:37:25 | 002,603,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.01.09 17:37:25 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.01.09 17:37:25 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2013.01.09 17:37:25 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2013.01.09 17:37:25 | 000,958,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.01.09 17:37:25 | 000,894,040 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll [2013.01.09 17:37:25 | 000,823,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2013.01.09 17:37:25 | 000,750,680 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll [2013.01.09 17:37:25 | 000,626,264 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBTHX64.dll [2013.01.09 17:37:25 | 000,561,752 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBTHX32.dll [2013.01.09 17:37:25 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.01.09 17:37:25 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.01.09 17:37:25 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2013.01.09 17:37:25 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.01.09 17:37:25 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.01.09 17:37:25 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.01.09 17:37:25 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.01.09 17:37:25 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.01.09 17:37:25 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.01.09 17:37:25 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.01.09 17:37:25 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2013.01.09 17:37:25 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.01.09 17:37:25 | 000,100,968 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll [2013.01.09 17:37:25 | 000,080,984 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll [2013.01.09 17:37:25 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.01.09 17:37:25 | 000,032,344 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\MBfilt64.sys [2013.01.09 17:37:25 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll [2013.01.09 17:37:24 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.01.09 17:37:24 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2013.01.09 17:37:24 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2013.01.09 17:37:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.01.09 17:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.01.09 17:37:20 | 001,698,408 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll [2013.01.09 17:37:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.01.09 17:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.01.09 17:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.01.09 17:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.01.09 17:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.01.09 17:24:31 | 006,382,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2013.01.09 17:24:31 | 003,455,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2013.01.09 17:24:31 | 002,558,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2013.01.09 17:24:31 | 000,118,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2013.01.09 17:24:31 | 000,063,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2013.01.09 17:24:25 | 000,061,368 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2013.01.09 17:24:25 | 000,053,176 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2013.01.09 17:24:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2013.01.09 17:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2013.01.09 17:24:13 | 026,931,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2013.01.09 17:24:13 | 025,256,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2013.01.09 17:24:13 | 020,450,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2013.01.09 17:24:13 | 018,054,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2013.01.09 17:24:13 | 017,560,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2013.01.09 17:24:13 | 015,129,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2013.01.09 17:24:13 | 015,052,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2013.01.09 17:24:13 | 012,641,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2013.01.09 17:24:13 | 009,389,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2013.01.09 17:24:13 | 007,931,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2013.01.09 17:24:13 | 007,565,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2013.01.09 17:24:13 | 006,263,784 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2013.01.09 17:24:13 | 002,904,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2013.01.09 17:24:13 | 002,824,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2013.01.09 17:24:13 | 002,720,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2013.01.09 17:24:13 | 002,504,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2013.01.09 17:24:13 | 002,344,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2013.01.09 17:24:13 | 001,985,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2013.01.09 17:24:13 | 001,813,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2013.01.09 17:24:13 | 001,504,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2013.01.09 17:24:13 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll [2013.01.09 17:24:13 | 001,107,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2013.01.09 17:24:13 | 000,958,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2013.01.09 17:24:13 | 000,420,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll [2013.01.09 17:24:13 | 000,364,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll [2013.01.09 17:24:13 | 000,246,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2013.01.09 17:24:13 | 000,201,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2013.01.09 17:24:13 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys [2013.01.09 17:24:13 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll [2013.01.09 17:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2013.01.09 17:23:36 | 000,000,000 | ---D | C] -- C:\NVIDIA [2013.01.09 17:21:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2013.01.09 17:21:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2013.01.09 17:21:10 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 17:21:10 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.09 17:21:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.01.09 17:21:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.01.09 17:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom [2013.01.09 17:18:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM106xSATA [2013.01.09 17:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology [2013.01.09 17:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3 [2013.01.09 17:17:27 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.01.09 17:17:02 | 000,041,984 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\USB3Ver.dll [2013.01.09 17:14:28 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.01.09 17:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.01.09 17:14:13 | 000,000,000 | ---D | C] -- C:\Intel [2013.01.09 17:10:52 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll [2013.01.09 17:10:52 | 000,016,152 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iusb3hcs.sys [2013.01.09 17:10:51 | 000,788,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iusb3xhc.sys [2013.01.09 17:10:51 | 000,356,120 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iusb3hub.sys [2013.01.09 16:48:10 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.01.09 16:47:09 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.01.09 16:47:09 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2013.01.09 16:47:09 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.01.09 16:47:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2013.01.09 16:47:03 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2013.01.09 16:47:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2013.01.09 16:47:00 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2013.01.09 16:47:00 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2013.01.09 16:47:00 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2013.01.09 16:47:00 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2013.01.09 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2013.01.09 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2013.01.09 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\Programme [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.01.09 16:46:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.01.09 16:46:58 | 000,000,000 | ---D | C] -- C:\Recovery [2012.12.29 02:54:24 | 000,550,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe ========== Files - Modified Within 30 Days ========== [2013.01.27 00:56:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.27 00:56:37 | 4204,974,078 | -HS- | M] () -- C:\hiberfil.sys [2013.01.27 00:40:08 | 000,578,255 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.01.27 00:24:37 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.27 00:24:37 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.27 00:21:42 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.27 00:21:42 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.27 00:21:42 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.27 00:21:42 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.27 00:21:42 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.26 23:55:02 | 005,026,751 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.01.26 23:32:08 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2013.01.26 23:29:18 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.01.26 23:28:55 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.01.26 18:58:41 | 000,001,998 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2013.01.26 18:40:05 | 001,634,118 | ---- | M] () -- C:\Users\***\Desktop\Wasteland_United_takistan.takistan.pbo [2013.01.24 15:17:00 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.01.24 15:14:18 | 000,365,568 | ---- | M] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe [2013.01.24 14:46:37 | 000,040,082 | ---- | M] () -- C:\Users\***\Documents\immernoch.png [2013.01.24 14:46:37 | 000,004,540 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel [2013.01.24 14:33:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.01.20 23:13:29 | 000,000,907 | ---- | M] () -- C:\Users\***\Desktop\SobchakZ.lnk [2013.01.19 20:38:58 | 000,000,877 | ---- | M] () -- C:\Users\***\Desktop\Wasteland.lnk [2013.01.11 21:36:27 | 000,000,273 | ---- | M] () -- C:\Windows\game.ini [2013.01.11 20:18:12 | 000,182,703 | ---- | M] () -- C:\Users\***\Documents\tarrain.png [2013.01.10 21:59:04 | 000,176,154 | ---- | M] () -- C:\Users\***\Documents\test.jpg [2013.01.09 23:44:21 | 000,161,548 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.01.09 23:44:21 | 000,161,548 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2013.01.09 23:42:31 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2013.01.09 21:41:34 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 21:41:34 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.09 21:22:57 | 000,266,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 21:18:26 | 000,001,049 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk [2013.01.09 20:12:30 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys [2013.01.09 17:47:40 | 000,032,320 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS [2013.01.09 17:47:38 | 000,016,648 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS [2013.01.09 17:17:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.01.09 17:13:03 | 000,467,824 | RHS- | M] () -- C:\IJTZE [2013.01.09 17:12:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.12.29 11:34:47 | 026,931,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2012.12.29 11:34:47 | 025,256,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2012.12.29 11:34:47 | 020,450,232 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2012.12.29 11:34:47 | 018,054,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2012.12.29 11:34:47 | 017,560,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2012.12.29 11:34:47 | 015,129,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2012.12.29 11:34:47 | 015,052,368 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2012.12.29 11:34:47 | 012,641,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2012.12.29 11:34:47 | 009,389,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2012.12.29 11:34:47 | 007,931,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2012.12.29 11:34:47 | 007,565,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll [2012.12.29 11:34:47 | 006,263,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll [2012.12.29 11:34:47 | 002,904,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2012.12.29 11:34:47 | 002,824,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2012.12.29 11:34:47 | 002,720,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2012.12.29 11:34:47 | 002,504,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2012.12.29 11:34:47 | 002,344,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2012.12.29 11:34:47 | 001,985,976 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2012.12.29 11:34:47 | 001,813,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll [2012.12.29 11:34:47 | 001,504,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll [2012.12.29 11:34:47 | 001,107,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll [2012.12.29 11:34:47 | 000,958,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll [2012.12.29 11:34:47 | 000,420,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvEncodeAPI64.dll [2012.12.29 11:34:47 | 000,364,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvEncodeAPI.dll [2012.12.29 11:34:47 | 000,246,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll [2012.12.29 11:34:47 | 000,201,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll [2012.12.29 11:34:47 | 000,061,368 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2012.12.29 11:34:47 | 000,053,176 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2012.12.29 11:34:47 | 000,017,266 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2012.12.29 09:40:27 | 006,382,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2012.12.29 09:40:27 | 003,455,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2012.12.29 09:40:11 | 002,923,201 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2012.12.29 09:40:09 | 002,558,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2012.12.29 09:40:09 | 000,118,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2012.12.29 09:40:09 | 000,063,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll [2012.12.29 02:54:24 | 000,550,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe ========== Files Created - No Company Name ========== [2013.01.27 00:40:20 | 000,578,255 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.01.27 00:05:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.01.27 00:05:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.01.27 00:05:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.01.27 00:05:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.01.27 00:05:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.01.26 23:32:08 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2013.01.25 20:11:59 | 001,634,118 | ---- | C] () -- C:\Users\***\Desktop\Wasteland_United_takistan.takistan.pbo [2013.01.24 15:18:09 | 000,365,568 | ---- | C] () -- C:\Users\***\Desktop\gmer-2.0.18444.exe [2013.01.24 15:17:00 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.01.24 14:46:37 | 000,040,082 | ---- | C] () -- C:\Users\***\Documents\immernoch.png [2013.01.24 14:46:37 | 000,004,540 | ---- | C] () -- C:\Users\***w\AppData\Local\recently-used.xbel [2013.01.20 19:49:02 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.01.11 21:36:27 | 000,000,273 | ---- | C] () -- C:\Windows\game.ini [2013.01.11 20:39:53 | 000,000,907 | ---- | C] () -- C:\Users\***\Desktop\SobchakZ.lnk [2013.01.11 20:17:40 | 000,182,703 | ---- | C] () -- C:\Users\***\Documents\tarrain.png [2013.01.11 19:43:20 | 000,000,898 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2013.01.10 21:59:04 | 000,176,154 | ---- | C] () -- C:\Users\***\Documents\test.jpg [2013.01.10 16:02:13 | 000,002,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013.01.09 23:44:16 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.01.09 23:44:15 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.01.09 23:43:01 | 4204,974,078 | -HS- | C] () -- C:\hiberfil.sys [2013.01.09 23:42:31 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2013.01.09 23:42:30 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2013.01.09 22:27:18 | 000,000,877 | ---- | C] () -- C:\Users\***\Desktop\Wasteland.lnk [2013.01.09 21:42:34 | 000,001,998 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp [2013.01.09 21:18:26 | 000,001,049 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\C2DtoG15.lnk [2013.01.09 20:03:49 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.09 17:37:25 | 002,261,764 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat [2013.01.09 17:37:25 | 000,223,608 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.01.09 17:24:31 | 002,923,201 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.01.09 17:24:13 | 000,017,266 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.01.09 17:17:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.01.09 17:13:03 | 000,467,824 | RHS- | C] () -- C:\IJTZE [2013.01.09 17:12:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.01.09 16:47:12 | 000,001,405 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2013.01.09 16:47:10 | 000,001,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2010.11.21 04:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2010.11.21 04:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 27.01.2013 00:58:51 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
15,89 Gb Total Physical Memory | 14,02 Gb Available Physical Memory | 88,25% Memory free
31,77 Gb Paging File | 29,68 Gb Available in Paging File | 93,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,12 Gb Total Space | 33,74 Gb Free Space | 43,19% Space Free | Partition Type: NTFS
Drive D: | 160,35 Gb Total Space | 45,32 Gb Free Space | 28,26% Space Free | Partition Type: NTFS
Drive E: | 292,97 Gb Total Space | 292,74 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive F: | 556,64 Gb Total Space | 556,32 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive G: | 1013,41 Gb Total Space | 1009,63 Gb Free Space | 99,63% Space Free | Partition Type: NTFS
Drive H: | 6,32 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3915190912-495410321-2236549280-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020E812D-6D00-48EC-96E7-10A5E8A7BEEF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{076F53BA-687C-4487-AC19-793517D9B882}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{0AF4BB35-71C3-4B8B-8819-F0BC69ABC307}" = protocol=6 | dir=in | app=d:\arma2\arma2oa.exe |
"{1427E919-5C85-4072-98C9-3CC27386F079}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{1CB8A606-2A68-4F09-BC42-A623468F99B5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{24846F25-867A-400D-9089-3F0F47424D2F}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{2487C656-DB15-4CBE-8442-51914A9D8713}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{273FE7DD-F7F1-4C70-A7E3-242C25056912}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe |
"{2AAB59CC-2D91-463E-A61E-67ACE7CD20F5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{3024F91C-530A-415E-A41B-40F0F751C5BC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{3080DCF6-2DC7-459E-939A-B9850886AA68}" = protocol=6 | dir=in | app=d:\steam\steamapps\hottex667\half-life\hl.exe |
"{3255B5B5-50E7-466B-8CE2-36335CFFC236}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{34619000-BF25-43D5-A64B-85852E66907F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{347B341C-CD12-40D0-B9FF-9F3D4C061E2A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{51432A19-FFEE-41D9-9EAF-2C7257627CA9}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{66D828D8-0778-4242-9FED-13A57DF89B1D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{6E22F036-FD81-44E3-94B5-846F6E390F0F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{763AE5D3-1390-4731-8451-9EB8CA646929}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\xcom ufo defense\dosbox.exe |
"{78355BF2-B786-4E1F-A5D0-4AADCB97AC5F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{7F238191-BF22-45C6-885E-F242DD76CC1A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{82C3F54E-CB0B-47CB-BD85-8C5A28DE25A7}" = protocol=17 | dir=in | app=d:\arma2\arma2.exe |
"{9A2F9CAA-51BB-422C-AC1D-3EAEAA7EB056}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{9A3D461E-1403-43D3-A85F-A33DA70A273C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\x-com terror from the deep\tfd\terror from the deep_patched.exe |
"{A4BA6C46-A0E4-4207-A55F-B76B90423455}" = protocol=17 | dir=in | app=d:\arma2\arma2oa.exe |
"{AC4F37F9-4CC5-437D-BA08-CE7AEE4005E8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\x-com terror from the deep\runme.exe |
"{B2BFED84-F10C-4074-AE37-7BDB6508BA1F}" = protocol=6 | dir=in | app=d:\arma2\arma2.exe |
"{C297B8C8-DC0D-4F8C-8E98-B39E4C2E230E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackops.exe |
"{C9BA7EB4-0778-4808-AC5B-87239FB40612}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{CC3CA1FE-5EFE-42B7-A66F-5639F7450260}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{CE47E79F-1782-4B0C-80AF-996D4136AC32}" = protocol=17 | dir=in | app=d:\steam\steamapps\hottex667\half-life\hl.exe |
"{CF614F43-6D4C-4EFA-908E-BC66B3520FBF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops\blackops.exe |
"{D4F6744B-66D4-43DB-9D8C-8B38BC836F6E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\star wars battlefront ii\gamedata\battlefrontii.exe |
"{EB12660F-89D8-4566-B762-2C7C12116439}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{ECCA883B-DF14-4CB1-8FAA-41F00707A9FE}" = protocol=6 | dir=in | app=d:\moh4\iw3mp.exe |
"{F030D642-BE53-453A-A597-5A374FECD317}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{F3D78B54-E584-4589-921E-91257566A8DA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{F7CFA4CE-D4EB-42A8-8316-D00A85AF8BE2}" = protocol=17 | dir=in | app=d:\moh4\iw3mp.exe |
"{FE32A957-E612-4F91-8CD3-2F83EF906DE6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{FF451145-B69A-40A2-8020-609C6893ACE3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"TCP Query User{8B992697-3AE7-47CA-ACE8-DB401372531E}D:\arma2\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\arma2\expansion\beta\arma2oa.exe |
"TCP Query User{DECBAC1D-D134-4A85-B17B-1881751031B5}D:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgam.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgam.exe |
"UDP Query User{4346E00B-1D72-4291-AEE8-B544271647FD}D:\arma2\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\arma2\expansion\beta\arma2oa.exe |
"UDP Query User{F184C413-CAD5-46E7-8505-4F1F20D94852}D:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgam.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgam.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{127B5371-1802-4EDD-A25A-A43BF761D383}" = PBO Manager v.1.4 beta
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"GIMP-2_is1" = GIMP 2.8.2
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.51
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0E062D-3235-406B-8D3C-090923EDFC00}_is1" = C2DtoG15 2.0.2.1
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArmA 2" = ArmA 2 Uninstall
"Arma 2 Army of The Czech Republic (LITE)" = Arma 2 Army of The Czech Republic (LITE) Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.257
"Avira AntiVir Desktop" = Avira Free Antivirus
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"Fraps" = Fraps
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"XFastUSB" = XFastUSB
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.01.2013 05:38:41 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 22.01.2013 09:37:42 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 22.01.2013 19:54:37 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: XComGame.exe, Version: 1.0.0.20072,
Zeitstempel: 0x50c79e1d Name des fehlerhaften Moduls: XComGame.exe, Version: 1.0.0.20072,
Zeitstempel: 0x50c79e1d Ausnahmecode: 0xc0000005 Fehleroffset: 0x002b884d ID des fehlerhaften
Prozesses: 0xfc0 Startzeit der fehlerhaften Anwendung: 0x01cdf8ea452a9077 Pfad der
fehlerhaften Anwendung: D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
Pfad
des fehlerhaften Moduls: D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
Berichtskennung:
13dfa301-64ef-11e2-9f8e-bc5ff45b05d8
Error - 22.01.2013 19:54:42 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: XComGame.exe, Version: 1.0.0.20072,
Zeitstempel: 0x50c79e1d Name des fehlerhaften Moduls: XComGame.exe, Version: 1.0.0.20072,
Zeitstempel: 0x50c79e1d Ausnahmecode: 0xc0000005 Fehleroffset: 0x00f1bc91 ID des fehlerhaften
Prozesses: 0xfc0 Startzeit der fehlerhaften Anwendung: 0x01cdf8ea452a9077 Pfad der
fehlerhaften Anwendung: D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
Pfad
des fehlerhaften Moduls: D:\Steam\steamapps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
Berichtskennung:
16cd09ea-64ef-11e2-9f8e-bc5ff45b05d8
Error - 23.01.2013 11:00:56 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 24.01.2013 09:33:50 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 25.01.2013 10:25:37 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 26.01.2013 12:45:20 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 26.01.2013 19:19:24 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
Error - 26.01.2013 19:58:30 | Computer Name = *** | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 09.01.2013 13:39:02 | Computer Name = *** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Superfetch" wurde mit folgendem Fehler beendet: %%1062
Error - 09.01.2013 17:25:25 | Computer Name = *** | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 10.01.2013 10:57:37 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 10.01.2013 10:57:37 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 18.01.2013 11:58:28 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 18.01.2013 11:58:28 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 26.01.2013 19:07:00 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 26.01.2013 19:07:55 | Computer Name = *** | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
|
|
27.01.2013, 13:13
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | JS:agent-AXQ [Trj] beim Aufrufen von einer WebsiteCode:
ATTFilter [2013.01.09 17:13:03 | 000,467,824 | RHS- | C] () -- C:\IJTZE
Bitte diese Datei bei uns mal hochladen => http://www.trojaner-board.de/54791-a...tml#post349565
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.01.2013, 14:23
| #15 |
| | JS:agent-AXQ [Trj] beim Aufrufen von einer Website Sagt mir nix, hab sie mal hochgeladen. |
|
| Themen zu JS:agent-AXQ [Trj] beim Aufrufen von einer Website |
| 80-100, arma2, aufrufe, autorun, avira, bho, black, entfernen, firefox, flash player, format, install.exe, installation, internet, launch, logfile, nicht installiert, nvidia update, object, programm, realtek, registry, rundll, scan, schadcode, schädling, security, software, system, teamspeak, usb, virus, windows, windows xp |
![JS:agent-AXQ [Trj] beim Aufrufen von einer Website](iconimages/plagegeister-aller-art-deren-bekaempfung/js-agent-axq-trj-beim-aufrufen-website_ltr.gif)
Linear-Darstellung
