| |
| |||||||
Log-Analyse und Auswertung: "C:\Windows\SysWOW64" öffnet sich bei SystemstartWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.04.2013, 18:40
| #1 |
  |  "C:\Windows\SysWOW64" öffnet sich bei Systemstart Guten Tag liebe Trojaner-Board Helfer! Ich habe Aktuell ein Problem mit meinem Windows. Wenn ich mein Rechner starte öffnet sich Aktuell der oder "C:\Windows\SysWOW64". Das ist schon sehr merkwürdig und auch lästig. Habe schon im Autostart Ordner und in msconfig.exe geschaut aber nichts gefunden. Zu meinem System ich nutzte Kubuntu und Windows 7 Professional 64-Bit ( bin Student habe es über Dreamspark). Ich nutzte Gdata Total Protection 2014 So dann folgen mal die gewünschten Logs für alle neuen Posts: Defogger wurde ausgeführt. OTL.txt Code:
ATTFilter OTL logfile created on: 18.04.2013 19:20:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Adler-Wolf\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 51,95% Memory free 8,00 Gb Paging File | 5,53 Gb Available in Paging File | 69,12% Paging File free Paging file location(s): f:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 19,26 Gb Free Space | 34,52% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 120,22 Gb Free Space | 51,62% Space Free | Partition Type: NTFS Drive E: | 1171,90 Gb Total Space | 366,19 Gb Free Space | 31,25% Space Free | Partition Type: NTFS Drive F: | 341,82 Gb Total Space | 249,30 Gb Free Space | 72,93% Space Free | Partition Type: NTFS Drive G: | 349,17 Gb Total Space | 142,59 Gb Free Space | 40,84% Space Free | Partition Type: NTFS Computer Name: ADLER-WOLF-PC | User Name: Adler-Wolf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.18 19:19:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Adler-Wolf\Downloads\OTL.exe PRC - [2013.04.11 22:08:10 | 001,104,280 | ---- | M] (Spotify Ltd) -- D:\Users\Adler-Wolf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.04.09 21:56:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.04.05 02:06:38 | 001,631,144 | ---- | M] (Valve Corporation) -- E:\Program Files (x86)\Steam\Steam.exe PRC - [2013.04.05 02:06:38 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013.04.05 00:41:44 | 025,863,280 | ---- | M] (Dropbox, Inc.) -- D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.03.11 13:32:00 | 006,873,600 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe PRC - [2013.03.04 11:09:17 | 001,956,304 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2013.02.27 10:32:11 | 001,942,480 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe PRC - [2013.02.26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2013.02.26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2013.02.26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe PRC - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2013.02.25 05:01:04 | 001,444,304 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe PRC - [2013.02.25 04:52:49 | 001,854,416 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe PRC - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe PRC - [2013.01.23 08:12:42 | 000,166,968 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe PRC - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.08.22 18:57:30 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe PRC - [2011.08.22 18:52:46 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe PRC - [2011.02.11 05:34:22 | 000,664,944 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2010.12.19 04:50:30 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2010.11.23 18:33:22 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2010.08.02 21:13:12 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2010.03.31 01:37:34 | 000,309,848 | ---- | M] (TechniSat Digital, S.A.) -- C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe PRC - [2010.02.18 19:27:40 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe PRC - [2009.11.10 19:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe PRC - [2009.11.04 17:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razertra.exe PRC - [2009.10.05 13:06:46 | 000,036,864 | ---- | M] () -- C:\Programme\MagicTune Premium\GammaTray.exe PRC - [2007.08.16 18:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files (x86)\Razer\Lachesis\OSD.exe PRC - [2007.06.05 11:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Lachesis\razerofa.exe ========== Modules (No Company Name) ========== MOD - [2013.04.05 02:06:38 | 001,114,024 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2013.03.26 00:23:34 | 000,651,776 | ---- | M] () -- E:\Program Files (x86)\Steam\SDL2.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.01.23 08:12:42 | 000,166,968 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe MOD - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe MOD - [2013.01.16 18:01:08 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll MOD - [2013.01.16 18:01:06 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll MOD - [2013.01.16 18:01:00 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll MOD - [2013.01.16 18:00:58 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll MOD - [2013.01.16 18:00:56 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll MOD - [2013.01.16 12:58:54 | 008,626,176 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2013.01.16 12:58:52 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2013.01.16 12:58:50 | 002,408,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2013.01.11 04:22:32 | 003,547,136 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2012.11.30 12:48:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll MOD - [2012.11.30 12:45:56 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll MOD - [2012.11.30 12:26:54 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll MOD - [2012.11.30 12:24:00 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.08.22 18:57:32 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll MOD - [2011.04.30 21:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll MOD - [2011.04.30 21:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll MOD - [2010.03.30 14:25:38 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\TechniSat DVB\bin\LIBBZ2.dll MOD - [2009.11.10 19:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe MOD - [2009.11.04 17:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razertra.exe MOD - [2009.10.05 13:06:46 | 000,036,864 | ---- | M] () -- C:\Programme\MagicTune Premium\GammaTray.exe MOD - [2009.03.26 15:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.02.06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.04.09 21:56:13 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.04.06 16:22:31 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.05 02:06:38 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.19 00:06:41 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.18 23:59:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2013.03.18 23:58:54 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2013.03.15 00:08:30 | 001,871,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc) SRV - [2013.03.04 11:09:17 | 001,956,304 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2013.02.27 10:32:11 | 001,942,480 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc) SRV - [2013.02.26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2013.02.26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2013.02.26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2013.02.25 15:00:02 | 000,257,512 | ---- | M] (G Data Software) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService) SRV - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2013.02.25 13:30:26 | 000,178,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2013.02.25 05:06:17 | 001,711,568 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc) SRV - [2013.02.25 04:48:22 | 002,656,800 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2013.02.25 04:41:37 | 002,249,944 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.16 13:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.11.22 07:12:46 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2012.10.11 17:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2012.01.05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2011.02.11 05:34:22 | 000,664,944 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2010.12.19 04:50:30 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2010.11.23 18:33:22 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.08 14:07:19 | 000,062,808 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2013.04.08 14:07:00 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT) DRV:64bit: - [2013.04.08 14:07:00 | 000,077,656 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gddcd64.sys -- (gddcd) DRV:64bit: - [2013.04.08 14:07:00 | 000,058,712 | ---- | M] (G Data Software AG) [File_System | System | Running] -- C:\Windows\SysNative\drivers\gddcv64.sys -- (gddcv) DRV:64bit: - [2013.04.08 14:06:59 | 000,064,856 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2013.04.08 14:06:58 | 000,064,856 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2013.04.08 14:06:56 | 000,133,976 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2013.04.08 14:06:56 | 000,060,248 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2013.02.26 03:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2013.02.26 03:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2013.02.26 03:27:48 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2013.02.26 03:27:48 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2013.02.26 03:27:44 | 000,033,360 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.10.24 15:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock) DRV:64bit: - [2012.10.24 15:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2012.10.11 17:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2012.10.08 20:52:52 | 000,031,968 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.22 20:26:46 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2011.08.22 20:26:34 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2011.08.22 20:26:24 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2011.08.22 20:26:12 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2011.08.22 20:26:02 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2011.08.22 20:25:50 | 000,687,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) DRV:64bit: - [2011.08.22 20:25:40 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2011.08.22 20:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2011.08.22 20:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2011.08.22 20:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2011.08.22 20:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2011.08.22 20:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2011.08.22 20:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 05:19:58 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.25 03:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.25 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.05.10 10:09:36 | 000,617,048 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SkyNET_AMD64.sys -- (SKYNET) DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.10.16 22:09:14 | 000,029,952 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr) DRV:64bit: - [2009.09.28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune) DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2013.01.23 08:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2012.12.16 13:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2003.09.12 08:46:25 | 000,011,376 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 26 8F E1 E3 23 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:05:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:05:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.18 16:56:04 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Extensions [2013.04.18 19:03:41 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions [2013.03.19 01:00:53 | 000,123,385 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\elemhidehelper@adblockplus.org.xpi [2013.04.12 20:42:04 | 000,667,481 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2013.03.19 00:59:18 | 000,539,014 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\toolbar@web.de.xpi [2013.04.10 21:12:40 | 000,350,097 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013.04.18 19:03:41 | 000,532,430 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.03.19 01:00:44 | 000,817,280 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.19 01:05:19 | 000,434,392 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013.04.11 22:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.11 22:05:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.11 22:22:55 | 000,049,459 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 00aaf101a7.gougava.asia # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 1a2e115593.efacen.pro # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 1f1.fr # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 4672ee0bc8.laibritec.waw.pl # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 4990usd.com # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 4xp.com # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 74.80.131.123 # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 78031d2298.tradorad.waw.pl # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 80323fcc6e.starsogor.waw.pl # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 8e47c22037.temavi.pro # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 96910cbcd4.nicero.pro # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 96fb625592.tysofque.waw.pl:82 # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 98eu.info # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 ack.cdnperformance.info # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 acking.conversionads.com # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups O1 - Hosts: 825 more lines... O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll File not found O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Programme\MagicTune Premium\MagicTuneLauncher.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [G Data ASM] C:\Program Files (x86)\G Data\TotalProtection\DelayLoader\AutorunDelayLoader.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKCU..\Run: [Steam] E:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82F2DF93-C7C7-4878-A9A6-522DC005C2C1}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5B329FC-51AC-4FAF-9053-E3F0FB7D6587}: DhcpNameServer = 0.0.0.0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F02D95A8-51C7-48D9-AADD-A32E53498649}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\PROGRAM FILES\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com) O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\PROGRAM FILES\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2e2767a0-9191-11e2-8665-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2e2767a0-9191-11e2-8665-806e6f6e6963}\Shell\AutoRun\command - "" = J:\START.EXE O33 - MountPoints2\{55701481-93dd-11e2-8390-00d0d7015dd1}\Shell - "" = AutoRun O33 - MountPoints2\{55701481-93dd-11e2-8390-00d0d7015dd1}\Shell\AutoRun\command - "" = K:\pushinst.exe O33 - MountPoints2\{f3c13ad9-8fd1-11e2-afe7-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f3c13ad9-8fd1-11e2-afe7-806e6f6e6963}\Shell\AutoRun\command - "" = I:\wubi.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2013.04.16 12:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.04.15 19:19:09 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\LolClient [2013.04.15 18:57:24 | 000,000,000 | ---D | C] -- C:\Riot Games [2013.04.15 17:15:48 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\lol [2013.04.15 17:15:30 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\.swt [2013.04.14 20:12:22 | 000,023,096 | ---- | C] (Samsung Electronics, Inc. ) -- C:\Windows\SysNative\drivers\MTiCtwl.sys [2013.04.14 20:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Electronics Ltd [2013.04.14 20:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\MagicTune Premium [2013.04.11 22:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.11 19:25:38 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\SmashLand-Final-1-1 [2013.04.11 19:24:12 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Canneverbe Limited [2013.04.11 19:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2013.04.11 19:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2013.04.11 16:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3 [2013.04.11 16:09:59 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\Hausarbeit PM [2013.04.10 21:54:44 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\vserver [2013.04.10 19:56:39 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\sw [2013.04.10 19:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechnoMage [2013.04.10 18:49:58 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\Diagnostics [2013.04.08 17:34:38 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\GOG.com Downloads [2013.04.08 17:33:59 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\GOG.com [2013.04.08 16:17:55 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\Skyrim [2013.04.08 14:27:32 | 000,000,000 | -HSD | C] -- C:\#GDATA.Trash.Store# [2013.04.08 14:14:33 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\G DATA [2013.04.08 14:14:31 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\G Data [2013.04.08 14:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data TotalProtection 2014 [2013.04.08 14:07:00 | 000,098,760 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys [2013.04.08 14:07:00 | 000,077,656 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gddcd64.sys [2013.04.08 14:07:00 | 000,058,712 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gddcv64.sys [2013.04.08 14:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA Software [2013.04.07 15:25:43 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner [2013.04.07 15:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner [2013.04.07 15:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SteamLibrary [2013.04.07 00:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IKARION Software [2013.04.07 00:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DEMONWORLD [2013.04.07 00:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Melbourne House [2013.04.06 19:01:49 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\CrashRpt [2013.04.06 18:59:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls [2013.04.06 17:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX [2013.04.06 17:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hex-Editor MX [2013.04.06 16:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia [2013.04.06 16:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2013.04.02 17:40:28 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\ownCloud [2013.04.02 16:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Putty [2013.04.01 23:14:09 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z [2013.04.01 23:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPU-Z [2013.04.01 22:09:02 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\RadeonPro Benchmarks [2013.04.01 22:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RadeonPro [2013.04.01 21:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sapphire TRIXX [2013.04.01 21:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.04.01 21:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.04.01 21:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.04.01 21:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2013.04.01 21:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.04.01 21:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.04.01 21:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013.04.01 21:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2013.04.01 18:23:10 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\pbsetup [2013.04.01 17:35:40 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\FileZilla [2013.04.01 17:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2013.04.01 17:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2013.04.01 16:30:51 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\FFsplit [2013.04.01 16:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.04.01 16:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FFsplit [2013.04.01 16:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FFsplit [2013.03.31 20:58:48 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\ESN Sonar [2013.03.30 22:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA [2013.03.30 22:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.03.30 22:22:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2013.03.30 22:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.03.30 14:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.30 14:46:02 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\.minecraft [2013.03.30 01:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs [2013.03.29 22:40:25 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\Darkspore [2013.03.29 22:40:24 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\DarksporeData [2013.03.29 22:31:02 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ToshibaEdit [2013.03.29 22:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToshibaEdit [2013.03.29 22:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ToshibaEdit [2013.03.29 22:00:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS [2013.03.29 13:21:03 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\Streaming Video Recorder [2013.03.29 13:17:58 | 000,031,968 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys [2013.03.29 13:17:48 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Apowersoft [2013.03.28 16:36:24 | 000,000,000 | --SD | C] -- D:\Users\Adler-Wolf\Documents\Meine Shapes [2013.03.28 16:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.03.28 16:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.03.28 16:33:37 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.03.28 16:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.03.28 16:33:01 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\Microsoft Help [2013.03.28 16:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.03.28 16:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.03.28 16:32:51 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.03.28 16:11:51 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\VMware [2013.03.28 16:11:48 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\VMware [2013.03.28 16:11:38 | 000,070,296 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys [2013.03.28 16:11:38 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll [2013.03.28 16:11:38 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll [2013.03.28 16:11:37 | 000,067,664 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys [2013.03.28 16:11:37 | 000,033,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys [2013.03.28 16:11:13 | 000,357,456 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe [2013.03.28 16:11:10 | 000,436,304 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe [2013.03.28 16:11:10 | 000,030,800 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys [2013.03.28 16:11:08 | 000,933,968 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll [2013.03.28 16:11:06 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys [2013.03.28 16:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware [2013.03.28 16:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware [2013.03.28 16:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2013.03.28 16:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware [2013.03.28 16:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware [2013.03.27 18:41:56 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\e-academy Inc [2013.03.27 18:41:56 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\e-academy Inc [2013.03.27 18:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks [2013.03.27 18:34:59 | 000,588,144 | ---- | C] (Juniper Networks) -- C:\Windows\SysNative\dsNcSmartCardProv.dll [2013.03.27 18:34:59 | 000,419,696 | ---- | C] (Juniper Networks) -- C:\Windows\SysNative\dsNcCredProv.dll [2013.03.27 18:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Juniper Networks [2013.03.27 18:34:27 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Juniper Networks [2013.03.26 19:58:29 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\Neuer Ordner [2013.03.25 23:17:26 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Malwarebytes [2013.03.25 23:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.25 23:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirusTotalUploader2 [2013.03.25 23:07:19 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0 [2013.03.25 23:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013.03.25 23:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.03.25 22:48:57 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2013.03.25 22:42:40 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.25 22:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.25 22:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.03.25 22:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2013.03.25 22:17:53 | 000,000,000 | R--D | C] -- C:\Sandbox [2013.03.25 22:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie [2013.03.25 22:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie [2013.03.25 21:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software2000 [2013.03.25 20:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nGlide [2013.03.25 20:54:03 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bleifuss Fun [2013.03.25 20:47:24 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\WinRAR [2013.03.25 20:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2013.03.25 18:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inno Setup 5 [2013.03.25 18:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inno Setup 5 [2013.03.24 04:59:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013.03.24 04:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altitude [2013.03.24 04:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Altitude [2013.03.24 04:40:50 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Armagetron [2013.03.24 04:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament G.O.T.Y. Edition [2013.03.24 04:34:14 | 000,000,000 | ---D | C] -- C:\UnrealTournament [2013.03.24 04:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Armagetron Advanced [2013.03.24 04:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Armagetron Advanced [2013.03.24 04:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Armagetron [2013.03.24 04:11:14 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\snes [2013.03.24 03:50:10 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\Stronghold Crusader [2013.03.24 03:38:48 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Super Castle Attack [2013.03.24 03:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Castle Attack [2013.03.24 03:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Super Castle Attack [2013.03.24 02:17:23 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\Stronghold [2013.03.24 02:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com [2013.03.24 02:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com [2013.03.24 01:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III [2013.03.24 01:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III [2013.03.24 01:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2013.03.24 00:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games [2013.03.23 23:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.03.23 22:53:42 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Petroglyph [2013.03.23 22:52:54 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll [2013.03.23 22:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts [2013.03.23 20:00:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2013.03.23 20:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2013.03.23 20:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2013.03.23 19:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN [2013.03.23 19:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avmwlanstick [2013.03.23 19:24:18 | 000,714,368 | ---- | C] (AVM GmbH) -- C:\Windows\SysNative\drivers\fwlanusbn.sys [2013.03.23 19:24:18 | 000,099,328 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\fwusbnci.dll [2013.03.23 19:24:18 | 000,014,120 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmeject.sys [2013.03.23 19:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVM_update [2013.03.23 19:19:07 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver [2013.03.23 19:18:59 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AVM_Driver [2013.03.23 17:05:04 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\2013 [2013.03.22 20:22:46 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\SavedGames [2013.03.22 20:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2013.03.21 22:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NSIS [2013.03.21 22:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WVS [2013.03.21 22:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe [2013.03.20 22:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Trek Armada II [2013.03.20 22:31:54 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\Adobe [2013.03.20 21:54:32 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.03.20 21:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Trek - Armada [2013.03.20 21:36:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling [2013.03.20 21:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe [2013.03.20 21:25:31 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\Cyberlink [2013.03.20 21:25:03 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite [2013.03.20 21:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite [2013.03.20 21:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink [2013.03.20 21:21:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2013.03.20 21:13:22 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\MediaServer [2013.03.20 21:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD [2013.03.20 21:13:17 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\CyberLink [2013.03.20 21:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.03.20 21:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap [2013.03.20 21:08:29 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\Alcohol 52% [2013.03.20 21:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 52% [2013.03.20 21:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft [2013.03.20 21:04:57 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2013.03.20 20:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.03.20 00:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.03.20 00:10:33 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2013.03.20 00:10:33 | 000,070,144 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_9.012.dll [2013.03.20 00:10:32 | 000,550,912 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2013.03.20 00:10:32 | 000,240,640 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2013.03.20 00:10:32 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2013.03.20 00:09:49 | 000,000,000 | ---D | C] -- C:\AMD [2013.03.19 23:44:37 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\PunkBuster [2013.03.19 23:36:52 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\ESN [2013.03.19 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2013.03.19 23:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs ========== Files - Modified Within 30 Days ========== [2013.04.18 19:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.18 19:22:18 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.18 19:22:18 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.18 19:21:10 | 001,620,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.18 19:21:10 | 000,699,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.18 19:21:10 | 000,654,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.18 19:21:10 | 000,149,164 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.18 19:21:10 | 000,122,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.18 19:18:02 | 000,001,068 | ---- | M] () -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.18 19:15:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.18 19:14:30 | 000,061,904 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-00000005-002C1102}.rfx [2013.04.18 19:14:30 | 000,061,904 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-00000005-002C1102}.rfx [2013.04.18 19:14:30 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-00000005-002C1102}.rfx [2013.04.18 19:13:47 | 000,000,020 | ---- | M] () -- D:\Users\Adler-Wolf\defogger_reenable [2013.04.17 14:05:41 | 000,001,700 | ---- | M] () -- C:\Windows\Sandboxie.ini [2013.04.15 15:40:15 | 000,000,600 | ---- | M] () -- D:\Users\Adler-Wolf\AppData\Local\PUTTY.RND [2013.04.14 20:12:16 | 000,001,495 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk [2013.04.14 16:35:27 | 000,000,292 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\minecraft-server.conf [2013.04.14 16:06:39 | 000,003,727 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\ts3server_startscript.sh [2013.04.14 15:30:41 | 000,009,939 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\minecraft.sh [2013.04.13 22:54:55 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.04.13 22:54:55 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.04.13 22:41:53 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.04.13 19:54:21 | 000,004,273 | ---- | M] () -- C:\test.spr [2013.04.13 02:52:30 | 000,007,669 | ---- | M] () -- D:\Users\Adler-Wolf\AppData\Local\Resmon.ResmonCfg [2013.04.11 22:22:55 | 000,049,459 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.11 19:23:07 | 000,006,064 | ---- | M] () -- D:\Users\Adler-Wolf\Documents\ax_files.xml [2013.04.11 13:44:01 | 000,002,166 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\install.sh [2013.04.11 13:27:18 | 000,444,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 19:10:28 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll [2013.04.10 19:10:28 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll [2013.04.10 19:10:28 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll [2013.04.09 21:56:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.04.08 14:27:43 | 000,524,288 | -HS- | M] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TMContainer00000000000000000002.regtrans-ms [2013.04.08 14:27:43 | 000,524,288 | -HS- | M] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TMContainer00000000000000000001.regtrans-ms [2013.04.08 14:27:43 | 000,065,536 | -HS- | M] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TM.blf [2013.04.08 14:27:32 | 000,262,144 | ---- | M] () -- C:\Windows\SysWow64\18 [2013.04.08 14:07:19 | 000,062,808 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2013.04.08 14:07:00 | 000,098,760 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys [2013.04.08 14:07:00 | 000,077,656 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gddcd64.sys [2013.04.08 14:07:00 | 000,058,712 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gddcv64.sys [2013.04.08 14:07:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_gddcd64_01007.Wdf [2013.04.08 14:06:59 | 000,064,856 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2013.04.08 14:06:58 | 000,064,856 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2013.04.08 14:06:56 | 000,133,976 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2013.04.08 14:06:56 | 000,060,248 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2013.04.08 14:05:01 | 000,235,230 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Unbenannt.PNG [2013.04.08 13:57:55 | 001,034,977 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2013.04.08 13:57:55 | 000,053,768 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2013.04.07 21:38:04 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm [2013.04.07 21:38:04 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm [2013.04.07 15:25:43 | 000,000,966 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\MSI Afterburner.lnk [2013.04.07 00:38:45 | 000,005,480 | ---- | M] () -- C:\undo.hex [2013.04.02 00:11:48 | 000,131,072 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Cypress.bin [2013.03.31 17:36:17 | 000,447,752 | ---- | M] (On2.com) -- C:\Windows\SysWow64\vp6vfw.dll [2013.03.30 01:38:25 | 000,049,459 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\hosts [2013.03.29 22:31:02 | 000,001,819 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\ToshibaEdit.lnk [2013.03.28 17:15:46 | 003,513,078 | ---- | M] () -- D:\Users\Adler-Wolf\Documents\16-14. Nik Page - Your Bad Temptation (2).mp3 [2013.03.28 17:14:08 | 000,138,380 | ---- | M] () -- D:\Users\Adler-Wolf\Documents\16-14. Nik Page - Your Bad Temptation.mp3 [2013.03.28 16:11:04 | 001,640,718 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.27 18:41:56 | 000,003,179 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Secure Download Manager.lnk [2013.03.26 20:09:03 | 000,000,063 | ---- | M] () -- D:\Users\Adler-Wolf\Documents\listen.pls [2013.03.25 23:07:19 | 000,001,919 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\VirusTotal Uploader 2.0.lnk [2013.03.25 22:15:47 | 000,000,914 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Sandboxed Web Browser.lnk [2013.03.25 20:54:10 | 000,048,537 | ---- | M] () -- C:\Windows\SysWow64\nglide_uninst.exe [2013.03.25 20:54:03 | 000,000,746 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Bleifuss Fun.lnk [2013.03.25 20:27:13 | 000,001,903 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\JDownloader.lnk [2013.03.25 17:54:48 | 000,000,583 | ---- | M] () -- C:\Windows\vampire.INI [2013.03.23 22:52:54 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll [2013.03.23 18:22:44 | 006,220,854 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Neue Bitmap.bmp [2013.03.22 22:40:11 | 000,000,000 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Neues Textdokument.xml [2013.03.20 22:39:57 | 000,000,935 | ---- | M] () -- C:\Windows\STA2.ini [2013.03.20 21:04:57 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys ========== Files Created - No Company Name ========== [2013.04.18 19:18:02 | 000,001,068 | ---- | C] () -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.18 19:13:47 | 000,000,020 | ---- | C] () -- D:\Users\Adler-Wolf\defogger_reenable [2013.04.14 20:12:16 | 000,001,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk [2013.04.14 16:34:42 | 000,000,292 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\minecraft-server.conf [2013.04.14 16:06:38 | 000,003,727 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\ts3server_startscript.sh [2013.04.14 15:30:41 | 000,009,939 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\minecraft.sh [2013.04.11 19:24:09 | 000,001,694 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2013.04.11 13:33:49 | 000,002,166 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\install.sh [2013.04.10 19:10:28 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2013.04.10 19:10:28 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2013.04.10 19:10:28 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2013.04.08 14:27:32 | 000,524,288 | -HS- | C] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TMContainer00000000000000000002.regtrans-ms [2013.04.08 14:27:32 | 000,524,288 | -HS- | C] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TMContainer00000000000000000001.regtrans-ms [2013.04.08 14:27:32 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\18 [2013.04.08 14:27:32 | 000,065,536 | -HS- | C] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TM.blf [2013.04.08 14:07:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_gddcd64_01007.Wdf [2013.04.08 14:05:01 | 000,235,230 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Unbenannt.PNG [2013.04.07 15:25:43 | 000,000,966 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\MSI Afterburner.lnk [2013.04.07 00:37:52 | 000,005,480 | ---- | C] () -- C:\undo.hex [2013.04.02 17:15:23 | 000,000,600 | ---- | C] () -- D:\Users\Adler-Wolf\AppData\Local\PUTTY.RND [2013.04.02 00:11:48 | 000,131,072 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Cypress.bin [2013.03.30 01:37:58 | 000,049,459 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\hosts [2013.03.29 22:31:02 | 000,001,819 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\ToshibaEdit.lnk [2013.03.28 17:14:18 | 003,513,078 | ---- | C] () -- D:\Users\Adler-Wolf\Documents\16-14. Nik Page - Your Bad Temptation (2).mp3 [2013.03.28 17:14:05 | 000,138,380 | ---- | C] () -- D:\Users\Adler-Wolf\Documents\16-14. Nik Page - Your Bad Temptation.mp3 [2013.03.27 18:41:56 | 000,003,179 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Secure Download Manager.lnk [2013.03.26 20:09:03 | 000,000,063 | ---- | C] () -- D:\Users\Adler-Wolf\Documents\listen.pls [2013.03.25 23:07:19 | 000,001,919 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\VirusTotal Uploader 2.0.lnk [2013.03.25 22:15:55 | 000,000,914 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Sandboxed Web Browser.lnk [2013.03.25 22:15:53 | 000,001,700 | ---- | C] () -- C:\Windows\Sandboxie.ini [2013.03.25 21:30:13 | 000,004,273 | ---- | C] () -- C:\test.spr [2013.03.25 20:54:10 | 000,048,537 | ---- | C] () -- C:\Windows\SysWow64\nglide_uninst.exe [2013.03.25 20:54:03 | 000,000,746 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Bleifuss Fun.lnk [2013.03.25 20:27:13 | 000,001,903 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\JDownloader.lnk [2013.03.25 20:27:12 | 000,001,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2013.03.25 20:27:12 | 000,001,819 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2013.03.25 20:27:12 | 000,001,802 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2013.03.25 17:54:48 | 000,000,583 | ---- | C] () -- C:\Windows\vampire.INI [2013.03.23 20:00:07 | 000,001,346 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2013.03.23 19:24:18 | 000,015,565 | ---- | C] () -- C:\Windows\SysNative\drivers\fwlanusbn.bin [2013.03.23 18:22:37 | 006,220,854 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Neue Bitmap.bmp [2013.03.22 22:40:11 | 000,000,000 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Neues Textdokument.xml [2013.03.21 22:50:50 | 000,000,861 | ---- | C] () -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NSIS.lnk [2013.03.20 22:31:39 | 000,000,935 | ---- | C] () -- C:\Windows\STA2.ini [2013.03.20 00:10:33 | 003,093,792 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2013.03.20 00:10:33 | 003,061,872 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2013.03.20 00:10:33 | 000,228,528 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik_nd.dat [2013.03.20 00:10:33 | 000,228,528 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik.dat [2013.03.20 00:10:33 | 000,076,660 | ---- | C] () -- C:\Windows\SysNative\ativce02.dat [2013.03.20 00:10:32 | 000,662,786 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2013.03.20 00:10:32 | 000,327,960 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb [2013.03.20 00:10:32 | 000,327,960 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2013.03.20 00:10:32 | 000,042,719 | ---- | C] () -- C:\Windows\atiogl.xml [2013.03.19 23:44:41 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.03.19 21:57:37 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm [2013.03.19 21:57:37 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm [2013.03.19 17:37:05 | 001,640,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.19 16:02:22 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.19 16:02:06 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.03.19 01:11:14 | 000,007,669 | ---- | C] () -- D:\Users\Adler-Wolf\AppData\Local\Resmon.ResmonCfg [2013.03.19 00:22:16 | 001,034,977 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2013.03.19 00:00:28 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2013.03.19 00:00:28 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2013.03.18 23:56:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.03.18 17:10:43 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2013.03.18 17:10:42 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2013.03.18 17:10:42 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [2013.03.18 17:10:42 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2013.03.18 17:10:39 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2013.03.18 17:10:39 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2013.03.18 17:10:39 | 000,028,649 | ---- | C] () -- C:\Windows\SysWow64\tweaks.ini [2013.03.18 17:10:39 | 000,028,263 | ---- | C] () -- C:\Windows\SysWow64\speaker.ini [2013.03.18 17:10:39 | 000,024,160 | ---- | C] () -- C:\Windows\SysWow64\dolby.ini [2013.03.18 17:10:39 | 000,023,366 | ---- | C] () -- C:\Windows\SysWow64\dts.ini [2013.03.18 17:10:39 | 000,022,509 | ---- | C] () -- C:\Windows\SysWow64\EntertainmentMode.ini [2013.03.18 17:10:39 | 000,022,509 | ---- | C] () -- C:\Windows\SysWow64\AudioCreationMode.ini [2013.03.18 17:10:39 | 000,022,491 | ---- | C] () -- C:\Windows\SysWow64\GameMode.ini [2013.03.18 17:10:39 | 000,021,599 | ---- | C] () -- C:\Windows\SysWow64\decoder.ini [2013.03.18 17:10:39 | 000,021,465 | ---- | C] () -- C:\Windows\SysWow64\encoder.ini [2013.03.18 17:10:39 | 000,021,208 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2013.03.18 17:10:39 | 000,019,430 | ---- | C] () -- C:\Windows\SysWow64\mids.ini [2013.03.18 17:10:39 | 000,013,276 | ---- | C] () -- C:\Windows\SysWow64\subwoofer.ini [2013.03.18 17:10:39 | 000,011,807 | ---- | C] () -- C:\Windows\SysWow64\treble.ini [2013.03.18 17:10:39 | 000,011,508 | ---- | C] () -- C:\Windows\SysWow64\bass.ini [2013.03.18 17:10:39 | 000,005,776 | ---- | C] () -- C:\Windows\SysWow64\headphone.ini [2013.03.18 17:10:39 | 000,003,769 | ---- | C] () -- C:\Windows\SysWow64\eq.ini [2013.03.18 17:10:39 | 000,001,591 | ---- | C] () -- C:\Windows\SysWow64\microphone.ini [2013.03.18 17:10:39 | 000,001,203 | ---- | C] () -- C:\Windows\SysWow64\7.1surroundsound.ini [2013.03.18 17:10:39 | 000,001,203 | ---- | C] () -- C:\Windows\SysWow64\5.1surroundsound.ini [2013.03.18 17:10:39 | 000,001,203 | ---- | C] () -- C:\Windows\SysWow64\4.1surroundsound.ini [2013.03.18 17:10:39 | 000,001,203 | ---- | C] () -- C:\Windows\SysWow64\2.1surroundsound.ini [2013.03.18 17:10:39 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2013.03.18 17:10:39 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2013.03.14 22:22:42 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013.03.14 22:22:42 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.07 14:51:00 | 001,286,144 | ---- | C] () -- C:\Windows\SysWow64\glide3x.dll [2011.07.25 22:18:42 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\nglide_config.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.15 15:39:56 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\.minecraft [2013.04.15 21:10:03 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\AIMP3 [2013.03.29 13:17:48 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Apowersoft [2013.03.24 04:41:49 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Armagetron [2013.04.11 19:24:12 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Canneverbe Limited [2013.03.29 22:59:21 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\DarksporeData [2013.04.18 19:18:12 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Dropbox [2013.03.27 18:41:56 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\e-academy Inc [2013.04.14 16:53:10 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\FileZilla [2013.04.11 18:54:48 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Free Download Manager [2013.04.08 14:14:31 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\G Data [2013.04.11 22:16:29 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Juniper Networks [2013.03.18 17:12:51 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Leadertech [2013.04.15 19:19:09 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\LolClient [2013.03.25 22:53:02 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2013.03.19 01:20:56 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\minmaxgames [2013.04.13 02:01:03 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Notepad++ [2013.03.19 15:58:28 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Origin [2013.03.23 22:53:42 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Petroglyph [2013.03.19 00:08:28 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Razer [2013.04.15 20:36:25 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Spotify [2013.04.15 15:40:26 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > |
| Themen zu "C:\Windows\SysWOW64" öffnet sich bei Systemstart |
| adobe, adobe flash player, antivirus, bho, excel, explorer, firefox, firewall, flash player, format, free download, ftp, gdata, installation, launch, logfile, mozilla, plug-in, problem, programme, registry, scan, software, stick, super, system, totalprotection, trojaner-board, usb, windows, öffnet |
Baum-Darstellung