![]() |
Log-Analyse und Auswertung: "C:\Windows\SysWOW64" öffnet sich bei SystemstartWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
![]() ![]() ![]() | ![]() "C:\Windows\SysWOW64" öffnet sich bei Systemstart Guten Tag liebe Trojaner-Board Helfer! Ich habe Aktuell ein Problem mit meinem Windows. Wenn ich mein Rechner starte öffnet sich Aktuell der oder "C:\Windows\SysWOW64". Das ist schon sehr merkwürdig und auch lästig. Habe schon im Autostart Ordner und in msconfig.exe geschaut aber nichts gefunden. Zu meinem System ich nutzte Kubuntu und Windows 7 Professional 64-Bit ( bin Student habe es über Dreamspark). Ich nutzte Gdata Total Protection 2014 So dann folgen mal die gewünschten Logs für alle neuen Posts: Defogger wurde ausgeführt. OTL.txt Code:
ATTFilter OTL logfile created on: 18.04.2013 19:20:48 - Run 1 OTL by OldTimer - Version Folder = D:\Users\Adler-Wolf\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 51,95% Memory free 8,00 Gb Paging File | 5,53 Gb Available in Paging File | 69,12% Paging File free Paging file location(s): f:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 19,26 Gb Free Space | 34,52% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 120,22 Gb Free Space | 51,62% Space Free | Partition Type: NTFS Drive E: | 1171,90 Gb Total Space | 366,19 Gb Free Space | 31,25% Space Free | Partition Type: NTFS Drive F: | 341,82 Gb Total Space | 249,30 Gb Free Space | 72,93% Space Free | Partition Type: NTFS Drive G: | 349,17 Gb Total Space | 142,59 Gb Free Space | 40,84% Space Free | Partition Type: NTFS Computer Name: ADLER-WOLF-PC | User Name: Adler-Wolf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.18 19:19:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Adler-Wolf\Downloads\OTL.exe PRC - [2013.04.11 22:08:10 | 001,104,280 | ---- | M] (Spotify Ltd) -- D:\Users\Adler-Wolf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013.04.09 21:56:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013.04.05 02:06:38 | 001,631,144 | ---- | M] (Valve Corporation) -- E:\Program Files (x86)\Steam\Steam.exe PRC - [2013.04.05 02:06:38 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2013.04.05 00:41:44 | 025,863,280 | ---- | M] (Dropbox, Inc.) -- D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013.03.11 13:32:00 | 006,873,600 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe PRC - [2013.03.04 11:09:17 | 001,956,304 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2013.02.27 10:32:11 | 001,942,480 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe PRC - [2013.02.26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2013.02.26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2013.02.26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe PRC - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2013.02.25 05:01:04 | 001,444,304 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe PRC - [2013.02.25 04:52:49 | 001,854,416 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe PRC - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe PRC - [2013.01.23 08:12:42 | 000,166,968 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe PRC - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.08.22 18:57:30 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe PRC - [2011.08.22 18:52:46 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe PRC - [2011.02.11 05:34:22 | 000,664,944 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe PRC - [2010.12.19 04:50:30 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2010.11.23 18:33:22 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2010.08.02 21:13:12 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2010.03.31 01:37:34 | 000,309,848 | ---- | M] (TechniSat Digital, S.A.) -- C:\Program Files (x86)\TechniSat DVB\bin\Server4PC.exe PRC - [2010.02.18 19:27:40 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe PRC - [2009.11.10 19:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe PRC - [2009.11.04 17:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razertra.exe PRC - [2009.10.05 13:06:46 | 000,036,864 | ---- | M] () -- C:\Programme\MagicTune Premium\GammaTray.exe PRC - [2007.08.16 18:05:16 | 000,274,432 | ---- | M] (razercfg MFC Application) -- C:\Program Files (x86)\Razer\Lachesis\OSD.exe PRC - [2007.06.05 11:37:12 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Lachesis\razerofa.exe ========== Modules (No Company Name) ========== MOD - [2013.04.05 02:06:38 | 001,114,024 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2013.03.26 00:23:34 | 000,651,776 | ---- | M] () -- E:\Program Files (x86)\Steam\SDL2.dll MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2013.01.23 08:12:42 | 000,166,968 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe MOD - [2013.01.23 08:12:40 | 000,425,016 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe MOD - [2013.01.16 18:01:08 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTMUI.dll MOD - [2013.01.16 18:01:06 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTHAL.dll MOD - [2013.01.16 18:01:00 | 000,229,376 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTCore.dll MOD - [2013.01.16 18:00:58 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTUI.dll MOD - [2013.01.16 18:00:56 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTFC.dll MOD - [2013.01.16 12:58:54 | 008,626,176 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2013.01.16 12:58:52 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2013.01.16 12:58:50 | 002,408,448 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2013.01.11 04:22:32 | 003,547,136 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- E:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2012.11.30 12:48:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTMUI.dll MOD - [2012.11.30 12:45:56 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll MOD - [2012.11.30 12:26:54 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTUI.dll MOD - [2012.11.30 12:24:00 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTFC.dll MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2011.08.22 18:57:32 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CtxfiRes.dll MOD - [2011.04.30 21:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\RTTSH.dll MOD - [2011.04.30 21:04:54 | 000,013,312 | ---- | M] () -- C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTTSH.dll MOD - [2010.03.30 14:25:38 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\TechniSat DVB\bin\LIBBZ2.dll MOD - [2009.11.10 19:05:34 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razerhid.exe MOD - [2009.11.04 17:28:00 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Lachesis\razertra.exe MOD - [2009.10.05 13:06:46 | 000,036,864 | ---- | M] () -- C:\Programme\MagicTune Premium\GammaTray.exe MOD - [2009.03.26 15:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009.02.06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.04.09 21:56:13 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2013.04.06 16:22:31 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.05 02:06:38 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.19 00:06:41 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.18 23:59:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2013.03.18 23:58:54 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2013.03.15 00:08:30 | 001,871,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc) SRV - [2013.03.04 11:09:17 | 001,956,304 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2013.02.27 10:32:11 | 001,942,480 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc) SRV - [2013.02.26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2013.02.26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2013.02.26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2013.02.25 15:00:02 | 000,257,512 | ---- | M] (G Data Software) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService) SRV - [2013.02.25 14:59:46 | 000,696,808 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2013.02.25 13:30:26 | 000,178,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64) SRV - [2013.02.25 05:06:17 | 001,711,568 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc) SRV - [2013.02.25 04:48:22 | 002,656,800 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2013.02.25 04:41:37 | 002,249,944 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2013.02.25 04:15:25 | 000,635,344 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.16 13:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc) SRV - [2012.11.22 07:12:46 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2012.10.11 17:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2012.01.05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2011.02.11 05:34:22 | 000,664,944 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2010.12.19 04:50:30 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2010.11.23 18:33:22 | 000,240,112 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124) SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.08 14:07:19 | 000,062,808 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2013.04.08 14:07:00 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT) DRV:64bit: - [2013.04.08 14:07:00 | 000,077,656 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gddcd64.sys -- (gddcd) DRV:64bit: - [2013.04.08 14:07:00 | 000,058,712 | ---- | M] (G Data Software AG) [File_System | System | Running] -- C:\Windows\SysNative\drivers\gddcv64.sys -- (gddcv) DRV:64bit: - [2013.04.08 14:06:59 | 000,064,856 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2013.04.08 14:06:58 | 000,064,856 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2013.04.08 14:06:56 | 000,133,976 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2013.04.08 14:06:56 | 000,060,248 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2013.02.26 03:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2013.02.26 03:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2013.02.26 03:27:48 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2013.02.26 03:27:48 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2013.02.26 03:27:44 | 000,033,360 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.10.24 15:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock) DRV:64bit: - [2012.10.24 15:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2012.10.11 17:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2012.10.08 20:52:52 | 000,031,968 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.08.22 20:26:46 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2011.08.22 20:26:34 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2011.08.22 20:26:24 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2011.08.22 20:26:12 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2011.08.22 20:26:02 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2011.08.22 20:25:50 | 000,687,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) DRV:64bit: - [2011.08.22 20:25:40 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2011.08.22 20:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2011.08.22 20:25:30 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2011.08.22 20:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2011.08.22 20:25:16 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2011.08.22 20:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2011.08.22 20:25:06 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.11 05:19:58 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.10.25 03:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.25 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2010.05.10 10:09:36 | 000,617,048 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SkyNET_AMD64.sys -- (SKYNET) DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.10.16 22:09:14 | 000,029,952 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lachesis.sys -- (VaneFltr) DRV:64bit: - [2009.09.28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.11.04 13:12:08 | 000,023,096 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MTiCtwl.sys -- (MagicTune) DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2013.01.23 08:12:38 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2012.12.16 13:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2003.09.12 08:46:25 | 000,011,376 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 65 26 8F E1 E3 23 CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:05:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 22:05:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.18 16:56:04 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Extensions [2013.04.18 19:03:41 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions [2013.03.19 01:00:53 | 000,123,385 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\elemhidehelper@adblockplus.org.xpi [2013.04.12 20:42:04 | 000,667,481 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\jid0-UVAeBCfd34Kk5usS8A1CBiobvM8@jetpack.xpi [2013.03.19 00:59:18 | 000,539,014 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\toolbar@web.de.xpi [2013.04.10 21:12:40 | 000,350,097 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013.04.18 19:03:41 | 000,532,430 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.03.19 01:00:44 | 000,817,280 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.19 01:05:19 | 000,434,392 | ---- | M] () (No name found) -- D:\Users\Adler-Wolf\AppData\Roaming\Mozilla\Firefox\Profiles\9kxedk7v.Adler-Wolf\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013.04.11 22:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.11 22:05:13 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.07 17:45:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.07 17:45:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.07 17:45:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.07 17:45:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.07 17:45:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.07 17:45:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.11 22:22:55 | 000,049,459 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 00aaf101a7.gougava.asia # hosts anti-adware / pups O1 - Hosts: 08sr.combineads.info # hosts anti-adware / pups O1 - Hosts: 08srvr.combineads.info # hosts anti-adware / pups O1 - Hosts: 12srvr.combineads.info # hosts anti-adware / pups O1 - Hosts: 1a2e115593.efacen.pro # hosts anti-adware / pups O1 - Hosts: 1f1.fr # hosts anti-adware / pups O1 - Hosts: 2010-fr.com # hosts anti-adware / pups O1 - Hosts: 2012-new.biz # hosts anti-adware / pups O1 - Hosts: 2319825.ourtoolbar.com # hosts anti-adware / pups O1 - Hosts: 24h00business.com # hosts anti-adware / pups O1 - Hosts: 4672ee0bc8.laibritec.waw.pl # hosts anti-adware / pups O1 - Hosts: 4990usd.com # hosts anti-adware / pups O1 - Hosts: 4xp.com # hosts anti-adware / pups O1 - Hosts: # hosts anti-adware / pups O1 - Hosts: 78031d2298.tradorad.waw.pl # hosts anti-adware / pups O1 - Hosts: 80323fcc6e.starsogor.waw.pl # hosts anti-adware / pups O1 - Hosts: 8e47c22037.temavi.pro # hosts anti-adware / pups O1 - Hosts: 96910cbcd4.nicero.pro # hosts anti-adware / pups O1 - Hosts: 96fb625592.tysofque.waw.pl:82 # hosts anti-adware / pups O1 - Hosts: 98eu.info # hosts anti-adware / pups O1 - Hosts: ack.cdnperformance.info # hosts anti-adware / pups O1 - Hosts: acking.conversionads.com # hosts anti-adware / pups O1 - Hosts: a.daasafterdusk.com # hosts anti-adware / pups O1 - Hosts: ad.adn360.com # hosts anti-adware / pups O1 - Hosts: adeartss.eu # hosts anti-adware / pups O1 - Hosts: 825 more lines... O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll File not found O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Programme\MagicTune Premium\MagicTuneLauncher.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [G Data ASM] C:\Program Files (x86)\G Data\TotalProtection\DelayLoader\AutorunDelayLoader.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [Lachesis] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG) O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D) O4 - HKCU..\Run: [Steam] E:\Program Files (x86)\Steam\steam.exe (Valve Corporation) O4 - Startup: D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation) O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82F2DF93-C7C7-4878-A9A6-522DC005C2C1}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5B329FC-51AC-4FAF-9053-E3F0FB7D6587}: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F02D95A8-51C7-48D9-AADD-A32E53498649}: DhcpNameServer = O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation) O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\taskmgr.exe: Debugger - C:\PROGRAM FILES\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com) O27 - HKLM IFEO\taskmgr.exe: Debugger - C:\PROGRAM FILES\PROCESSEXPLORER\PROCEXP.EXE (Sysinternals - www.sysinternals.com) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{2e2767a0-9191-11e2-8665-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{2e2767a0-9191-11e2-8665-806e6f6e6963}\Shell\AutoRun\command - "" = J:\START.EXE O33 - MountPoints2\{55701481-93dd-11e2-8390-00d0d7015dd1}\Shell - "" = AutoRun O33 - MountPoints2\{55701481-93dd-11e2-8390-00d0d7015dd1}\Shell\AutoRun\command - "" = K:\pushinst.exe O33 - MountPoints2\{f3c13ad9-8fd1-11e2-afe7-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f3c13ad9-8fd1-11e2-afe7-806e6f6e6963}\Shell\AutoRun\command - "" = I:\wubi.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1 [2013.04.16 12:32:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.04.15 19:19:09 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\LolClient [2013.04.15 18:57:24 | 000,000,000 | ---D | C] -- C:\Riot Games [2013.04.15 17:15:48 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\lol [2013.04.15 17:15:30 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\.swt [2013.04.14 20:12:22 | 000,023,096 | ---- | C] (Samsung Electronics, Inc. ) -- C:\Windows\SysNative\drivers\MTiCtwl.sys [2013.04.14 20:12:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Electronics Ltd [2013.04.14 20:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\MagicTune Premium [2013.04.11 22:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.11 19:25:38 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\SmashLand-Final-1-1 [2013.04.11 19:24:12 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Canneverbe Limited [2013.04.11 19:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2013.04.11 19:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP [2013.04.11 16:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3 [2013.04.11 16:09:59 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\Hausarbeit PM [2013.04.10 21:54:44 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\vserver [2013.04.10 19:56:39 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\sw [2013.04.10 19:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechnoMage [2013.04.10 18:49:58 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\Diagnostics [2013.04.08 17:34:38 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\GOG.com Downloads [2013.04.08 17:33:59 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\GOG.com [2013.04.08 16:17:55 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\Skyrim [2013.04.08 14:27:32 | 000,000,000 | -HSD | C] -- C:\#GDATA.Trash.Store# [2013.04.08 14:14:33 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\G DATA [2013.04.08 14:14:31 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\G Data [2013.04.08 14:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data TotalProtection 2014 [2013.04.08 14:07:00 | 000,098,760 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys [2013.04.08 14:07:00 | 000,077,656 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gddcd64.sys [2013.04.08 14:07:00 | 000,058,712 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gddcv64.sys [2013.04.08 14:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\G DATA Software [2013.04.07 15:25:43 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner [2013.04.07 15:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner [2013.04.07 15:21:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SteamLibrary [2013.04.07 00:36:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IKARION Software [2013.04.07 00:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DEMONWORLD [2013.04.07 00:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Melbourne House [2013.04.06 19:01:49 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\CrashRpt [2013.04.06 18:59:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Chart Controls [2013.04.06 17:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex-Editor MX [2013.04.06 17:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hex-Editor MX [2013.04.06 16:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia [2013.04.06 16:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2013.04.02 17:40:28 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\ownCloud [2013.04.02 16:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Putty [2013.04.01 23:14:09 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z [2013.04.01 23:14:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPU-Z [2013.04.01 22:09:02 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\RadeonPro Benchmarks [2013.04.01 22:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RadeonPro [2013.04.01 21:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sapphire TRIXX [2013.04.01 21:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.04.01 21:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.04.01 21:47:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.04.01 21:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2013.04.01 21:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.04.01 21:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.04.01 21:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2013.04.01 21:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2013.04.01 18:23:10 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\pbsetup [2013.04.01 17:35:40 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\FileZilla [2013.04.01 17:35:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2013.04.01 17:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2013.04.01 16:30:51 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\FFsplit [2013.04.01 16:25:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.04.01 16:24:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FFsplit [2013.04.01 16:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FFsplit [2013.03.31 20:58:48 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\ESN Sonar [2013.03.30 22:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA [2013.03.30 22:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.03.30 22:22:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2013.03.30 22:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.03.30 14:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.03.30 14:46:02 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\.minecraft [2013.03.30 01:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs [2013.03.29 22:40:25 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\Darkspore [2013.03.29 22:40:24 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\DarksporeData [2013.03.29 22:31:02 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ToshibaEdit [2013.03.29 22:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToshibaEdit [2013.03.29 22:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ToshibaEdit [2013.03.29 22:00:31 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS [2013.03.29 13:21:03 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\Streaming Video Recorder [2013.03.29 13:17:58 | 000,031,968 | ---- | C] (Wondershare) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys [2013.03.29 13:17:48 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Apowersoft [2013.03.28 16:36:24 | 000,000,000 | --SD | C] -- D:\Users\Adler-Wolf\Documents\Meine Shapes [2013.03.28 16:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.03.28 16:33:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.03.28 16:33:37 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.03.28 16:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.03.28 16:33:01 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\Microsoft Help [2013.03.28 16:33:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.03.28 16:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.03.28 16:32:51 | 000,000,000 | RH-D | C] -- C:\MSOCache [2013.03.28 16:11:51 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\VMware [2013.03.28 16:11:48 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\VMware [2013.03.28 16:11:38 | 000,070,296 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys [2013.03.28 16:11:38 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll [2013.03.28 16:11:38 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll [2013.03.28 16:11:37 | 000,067,664 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys [2013.03.28 16:11:37 | 000,033,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys [2013.03.28 16:11:13 | 000,357,456 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe [2013.03.28 16:11:10 | 000,436,304 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe [2013.03.28 16:11:10 | 000,030,800 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys [2013.03.28 16:11:08 | 000,933,968 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll [2013.03.28 16:11:06 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys [2013.03.28 16:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware [2013.03.28 16:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware [2013.03.28 16:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware [2013.03.28 16:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware [2013.03.28 16:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware [2013.03.27 18:41:56 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\e-academy Inc [2013.03.27 18:41:56 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\e-academy Inc [2013.03.27 18:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks [2013.03.27 18:34:59 | 000,588,144 | ---- | C] (Juniper Networks) -- C:\Windows\SysNative\dsNcSmartCardProv.dll [2013.03.27 18:34:59 | 000,419,696 | ---- | C] (Juniper Networks) -- C:\Windows\SysNative\dsNcCredProv.dll [2013.03.27 18:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Juniper Networks [2013.03.27 18:34:27 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Juniper Networks [2013.03.26 19:58:29 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\Neuer Ordner [2013.03.25 23:17:26 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Malwarebytes [2013.03.25 23:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.25 23:07:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VirusTotalUploader2 [2013.03.25 23:07:19 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0 [2013.03.25 23:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013.03.25 23:04:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.03.25 22:48:57 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2013.03.25 22:42:40 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.25 22:42:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.25 22:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2013.03.25 22:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2013.03.25 22:17:53 | 000,000,000 | R--D | C] -- C:\Sandbox [2013.03.25 22:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie [2013.03.25 22:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie [2013.03.25 21:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software2000 [2013.03.25 20:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\nGlide [2013.03.25 20:54:03 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bleifuss Fun [2013.03.25 20:47:24 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\WinRAR [2013.03.25 20:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2013.03.25 18:27:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inno Setup 5 [2013.03.25 18:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inno Setup 5 [2013.03.24 04:59:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013.03.24 04:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altitude [2013.03.24 04:48:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Altitude [2013.03.24 04:40:50 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Armagetron [2013.03.24 04:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament G.O.T.Y. Edition [2013.03.24 04:34:14 | 000,000,000 | ---D | C] -- C:\UnrealTournament [2013.03.24 04:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Armagetron Advanced [2013.03.24 04:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Armagetron Advanced [2013.03.24 04:29:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Armagetron [2013.03.24 04:11:14 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Desktop\snes [2013.03.24 03:50:10 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\Stronghold Crusader [2013.03.24 03:38:48 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Super Castle Attack [2013.03.24 03:38:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Castle Attack [2013.03.24 03:38:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Super Castle Attack [2013.03.24 02:17:23 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\Stronghold [2013.03.24 02:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com [2013.03.24 02:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com [2013.03.24 01:10:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III [2013.03.24 01:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III [2013.03.24 01:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment [2013.03.24 00:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games [2013.03.23 23:58:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.03.23 22:53:42 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Petroglyph [2013.03.23 22:52:54 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll [2013.03.23 22:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LucasArts [2013.03.23 20:00:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2013.03.23 20:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace [2013.03.23 20:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2013.03.23 19:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN [2013.03.23 19:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\avmwlanstick [2013.03.23 19:24:18 | 000,714,368 | ---- | C] (AVM GmbH) -- C:\Windows\SysNative\drivers\fwlanusbn.sys [2013.03.23 19:24:18 | 000,099,328 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\fwusbnci.dll [2013.03.23 19:24:18 | 000,014,120 | ---- | C] (AVM Berlin) -- C:\Windows\SysNative\drivers\avmeject.sys [2013.03.23 19:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVM_update [2013.03.23 19:19:07 | 000,000,000 | ---D | C] -- C:\Windows\AVM_Driver [2013.03.23 19:18:59 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AVM_Driver [2013.03.23 17:05:04 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\2013 [2013.03.22 20:22:46 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\SavedGames [2013.03.22 20:22:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2013.03.21 22:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NSIS [2013.03.21 22:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WVS [2013.03.21 22:27:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe [2013.03.20 22:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Trek Armada II [2013.03.20 22:31:54 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\Adobe [2013.03.20 21:54:32 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.03.20 21:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Trek - Armada [2013.03.20 21:36:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling [2013.03.20 21:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe [2013.03.20 21:25:31 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\Cyberlink [2013.03.20 21:25:03 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite [2013.03.20 21:24:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite [2013.03.20 21:24:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink [2013.03.20 21:21:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2013.03.20 21:13:22 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\MediaServer [2013.03.20 21:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD [2013.03.20 21:13:17 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Roaming\CyberLink [2013.03.20 21:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2013.03.20 21:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap [2013.03.20 21:08:29 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\Documents\Alcohol 52% [2013.03.20 21:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 52% [2013.03.20 21:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft [2013.03.20 21:04:57 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys [2013.03.20 20:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2013.03.20 00:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.03.20 00:10:33 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll [2013.03.20 00:10:33 | 000,070,144 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_9.012.dll [2013.03.20 00:10:32 | 000,550,912 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe [2013.03.20 00:10:32 | 000,240,640 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe [2013.03.20 00:10:32 | 000,021,504 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll [2013.03.20 00:09:49 | 000,000,000 | ---D | C] -- C:\AMD [2013.03.19 23:44:37 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\PunkBuster [2013.03.19 23:36:52 | 000,000,000 | ---D | C] -- D:\Users\Adler-Wolf\AppData\Local\ESN [2013.03.19 23:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins [2013.03.19 23:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs ========== Files - Modified Within 30 Days ========== [2013.04.18 19:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.18 19:22:18 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.18 19:22:18 | 000,020,304 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.18 19:21:10 | 001,620,762 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.18 19:21:10 | 000,699,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.18 19:21:10 | 000,654,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.18 19:21:10 | 000,149,164 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.18 19:21:10 | 000,122,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.18 19:18:02 | 000,001,068 | ---- | M] () -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.18 19:15:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.18 19:14:30 | 000,061,904 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-00000005-002C1102}.rfx [2013.04.18 19:14:30 | 000,061,904 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-00000005-002C1102}.rfx [2013.04.18 19:14:30 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-00000005-002C1102}.rfx [2013.04.18 19:13:47 | 000,000,020 | ---- | M] () -- D:\Users\Adler-Wolf\defogger_reenable [2013.04.17 14:05:41 | 000,001,700 | ---- | M] () -- C:\Windows\Sandboxie.ini [2013.04.15 15:40:15 | 000,000,600 | ---- | M] () -- D:\Users\Adler-Wolf\AppData\Local\PUTTY.RND [2013.04.14 20:12:16 | 000,001,495 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk [2013.04.14 16:35:27 | 000,000,292 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\minecraft-server.conf [2013.04.14 16:06:39 | 000,003,727 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\ts3server_startscript.sh [2013.04.14 15:30:41 | 000,009,939 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\minecraft.sh [2013.04.13 22:54:55 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.04.13 22:54:55 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.04.13 22:41:53 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2013.04.13 19:54:21 | 000,004,273 | ---- | M] () -- C:\test.spr [2013.04.13 02:52:30 | 000,007,669 | ---- | M] () -- D:\Users\Adler-Wolf\AppData\Local\Resmon.ResmonCfg [2013.04.11 22:22:55 | 000,049,459 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.04.11 19:23:07 | 000,006,064 | ---- | M] () -- D:\Users\Adler-Wolf\Documents\ax_files.xml [2013.04.11 13:44:01 | 000,002,166 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\install.sh [2013.04.11 13:27:18 | 000,444,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 19:10:28 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll [2013.04.10 19:10:28 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll [2013.04.10 19:10:28 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll [2013.04.09 21:56:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.04.08 14:27:43 | 000,524,288 | -HS- | M] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TMContainer00000000000000000002.regtrans-ms [2013.04.08 14:27:43 | 000,524,288 | -HS- | M] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TMContainer00000000000000000001.regtrans-ms [2013.04.08 14:27:43 | 000,065,536 | -HS- | M] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TM.blf [2013.04.08 14:27:32 | 000,262,144 | ---- | M] () -- C:\Windows\SysWow64\18 [2013.04.08 14:07:19 | 000,062,808 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys [2013.04.08 14:07:00 | 000,098,760 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\TS4nt.sys [2013.04.08 14:07:00 | 000,077,656 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gddcd64.sys [2013.04.08 14:07:00 | 000,058,712 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gddcv64.sys [2013.04.08 14:07:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_gddcd64_01007.Wdf [2013.04.08 14:06:59 | 000,064,856 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys [2013.04.08 14:06:58 | 000,064,856 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys [2013.04.08 14:06:56 | 000,133,976 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys [2013.04.08 14:06:56 | 000,060,248 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys [2013.04.08 14:05:01 | 000,235,230 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Unbenannt.PNG [2013.04.08 13:57:55 | 001,034,977 | ---- | M] () -- C:\Windows\SysWow64\sig.bin [2013.04.08 13:57:55 | 000,053,768 | ---- | M] () -- C:\Windows\SysWow64\nmp.map [2013.04.07 21:38:04 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm [2013.04.07 21:38:04 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm [2013.04.07 15:25:43 | 000,000,966 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\MSI Afterburner.lnk [2013.04.07 00:38:45 | 000,005,480 | ---- | M] () -- C:\undo.hex [2013.04.02 00:11:48 | 000,131,072 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Cypress.bin [2013.03.31 17:36:17 | 000,447,752 | ---- | M] (On2.com) -- C:\Windows\SysWow64\vp6vfw.dll [2013.03.30 01:38:25 | 000,049,459 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\hosts [2013.03.29 22:31:02 | 000,001,819 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\ToshibaEdit.lnk [2013.03.28 17:15:46 | 003,513,078 | ---- | M] () -- D:\Users\Adler-Wolf\Documents\16-14. Nik Page - Your Bad Temptation (2).mp3 [2013.03.28 17:14:08 | 000,138,380 | ---- | M] () -- D:\Users\Adler-Wolf\Documents\16-14. Nik Page - Your Bad Temptation.mp3 [2013.03.28 16:11:04 | 001,640,718 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.27 18:41:56 | 000,003,179 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Secure Download Manager.lnk [2013.03.26 20:09:03 | 000,000,063 | ---- | M] () -- D:\Users\Adler-Wolf\Documents\listen.pls [2013.03.25 23:07:19 | 000,001,919 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\VirusTotal Uploader 2.0.lnk [2013.03.25 22:15:47 | 000,000,914 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Sandboxed Web Browser.lnk [2013.03.25 20:54:10 | 000,048,537 | ---- | M] () -- C:\Windows\SysWow64\nglide_uninst.exe [2013.03.25 20:54:03 | 000,000,746 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Bleifuss Fun.lnk [2013.03.25 20:27:13 | 000,001,903 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\JDownloader.lnk [2013.03.25 17:54:48 | 000,000,583 | ---- | M] () -- C:\Windows\vampire.INI [2013.03.23 22:52:54 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt.dll [2013.03.23 18:22:44 | 006,220,854 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Neue Bitmap.bmp [2013.03.22 22:40:11 | 000,000,000 | ---- | M] () -- D:\Users\Adler-Wolf\Desktop\Neues Textdokument.xml [2013.03.20 22:39:57 | 000,000,935 | ---- | M] () -- C:\Windows\STA2.ini [2013.03.20 21:04:57 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys ========== Files Created - No Company Name ========== [2013.04.18 19:18:02 | 000,001,068 | ---- | C] () -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.18 19:13:47 | 000,000,020 | ---- | C] () -- D:\Users\Adler-Wolf\defogger_reenable [2013.04.14 20:12:16 | 000,001,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk [2013.04.14 16:34:42 | 000,000,292 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\minecraft-server.conf [2013.04.14 16:06:38 | 000,003,727 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\ts3server_startscript.sh [2013.04.14 15:30:41 | 000,009,939 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\minecraft.sh [2013.04.11 19:24:09 | 000,001,694 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2013.04.11 13:33:49 | 000,002,166 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\install.sh [2013.04.10 19:10:28 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll [2013.04.10 19:10:28 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll [2013.04.10 19:10:28 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll [2013.04.08 14:27:32 | 000,524,288 | -HS- | C] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TMContainer00000000000000000002.regtrans-ms [2013.04.08 14:27:32 | 000,524,288 | -HS- | C] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TMContainer00000000000000000001.regtrans-ms [2013.04.08 14:27:32 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\18 [2013.04.08 14:27:32 | 000,065,536 | -HS- | C] () -- C:\Windows\SysWow64\18{efbe9223-a044-11e2-aba2-005056c00008}.TM.blf [2013.04.08 14:07:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_gddcd64_01007.Wdf [2013.04.08 14:05:01 | 000,235,230 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Unbenannt.PNG [2013.04.07 15:25:43 | 000,000,966 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\MSI Afterburner.lnk [2013.04.07 00:37:52 | 000,005,480 | ---- | C] () -- C:\undo.hex [2013.04.02 17:15:23 | 000,000,600 | ---- | C] () -- D:\Users\Adler-Wolf\AppData\Local\PUTTY.RND [2013.04.02 00:11:48 | 000,131,072 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Cypress.bin [2013.03.30 01:37:58 | 000,049,459 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\hosts [2013.03.29 22:31:02 | 000,001,819 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\ToshibaEdit.lnk [2013.03.28 17:14:18 | 003,513,078 | ---- | C] () -- D:\Users\Adler-Wolf\Documents\16-14. Nik Page - Your Bad Temptation (2).mp3 [2013.03.28 17:14:05 | 000,138,380 | ---- | C] () -- D:\Users\Adler-Wolf\Documents\16-14. Nik Page - Your Bad Temptation.mp3 [2013.03.27 18:41:56 | 000,003,179 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Secure Download Manager.lnk [2013.03.26 20:09:03 | 000,000,063 | ---- | C] () -- D:\Users\Adler-Wolf\Documents\listen.pls [2013.03.25 23:07:19 | 000,001,919 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\VirusTotal Uploader 2.0.lnk [2013.03.25 22:15:55 | 000,000,914 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Sandboxed Web Browser.lnk [2013.03.25 22:15:53 | 000,001,700 | ---- | C] () -- C:\Windows\Sandboxie.ini [2013.03.25 21:30:13 | 000,004,273 | ---- | C] () -- C:\test.spr [2013.03.25 20:54:10 | 000,048,537 | ---- | C] () -- C:\Windows\SysWow64\nglide_uninst.exe [2013.03.25 20:54:03 | 000,000,746 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Bleifuss Fun.lnk [2013.03.25 20:27:13 | 000,001,903 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\JDownloader.lnk [2013.03.25 20:27:12 | 000,001,867 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2013.03.25 20:27:12 | 000,001,819 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2013.03.25 20:27:12 | 000,001,802 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2013.03.25 17:54:48 | 000,000,583 | ---- | C] () -- C:\Windows\vampire.INI [2013.03.23 20:00:07 | 000,001,346 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk [2013.03.23 19:24:18 | 000,015,565 | ---- | C] () -- C:\Windows\SysNative\drivers\fwlanusbn.bin [2013.03.23 18:22:37 | 006,220,854 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Neue Bitmap.bmp [2013.03.22 22:40:11 | 000,000,000 | ---- | C] () -- D:\Users\Adler-Wolf\Desktop\Neues Textdokument.xml [2013.03.21 22:50:50 | 000,000,861 | ---- | C] () -- D:\Users\Adler-Wolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NSIS.lnk [2013.03.20 22:31:39 | 000,000,935 | ---- | C] () -- C:\Windows\STA2.ini [2013.03.20 00:10:33 | 003,093,792 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap [2013.03.20 00:10:33 | 003,061,872 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap [2013.03.20 00:10:33 | 000,228,528 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik_nd.dat [2013.03.20 00:10:33 | 000,228,528 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik.dat [2013.03.20 00:10:33 | 000,076,660 | ---- | C] () -- C:\Windows\SysNative\ativce02.dat [2013.03.20 00:10:32 | 000,662,786 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat [2013.03.20 00:10:32 | 000,327,960 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb [2013.03.20 00:10:32 | 000,327,960 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb [2013.03.20 00:10:32 | 000,042,719 | ---- | C] () -- C:\Windows\atiogl.xml [2013.03.19 23:44:41 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.03.19 21:57:37 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settingsbkup.sfm [2013.03.19 21:57:37 | 000,001,080 | ---- | C] () -- C:\Windows\SysNative\settings.sfm [2013.03.19 17:37:05 | 001,640,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.19 16:02:22 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.03.19 16:02:06 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2013.03.19 01:11:14 | 000,007,669 | ---- | C] () -- D:\Users\Adler-Wolf\AppData\Local\Resmon.ResmonCfg [2013.03.19 00:22:16 | 001,034,977 | ---- | C] () -- C:\Windows\SysWow64\sig.bin [2013.03.19 00:00:28 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2013.03.19 00:00:28 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2013.03.18 23:56:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.03.18 17:10:43 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2013.03.18 17:10:42 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll [2013.03.18 17:10:42 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe [2013.03.18 17:10:42 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe [2013.03.18 17:10:39 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat [2013.03.18 17:10:39 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat [2013.03.18 17:10:39 | 000,028,649 | ---- | C] () -- C:\Windows\SysWow64\tweaks.ini [2013.03.18 17:10:39 | 000,028,263 | ---- | C] () -- C:\Windows\SysWow64\speaker.ini [2013.03.18 17:10:39 | 000,024,160 | ---- | C] () -- C:\Windows\SysWow64\dolby.ini [2013.03.18 17:10:39 | 000,023,366 | ---- | C] () -- C:\Windows\SysWow64\dts.ini [2013.03.18 17:10:39 | 000,022,509 | ---- | C] () -- C:\Windows\SysWow64\EntertainmentMode.ini [2013.03.18 17:10:39 | 000,022,509 | ---- | C] () -- C:\Windows\SysWow64\AudioCreationMode.ini [2013.03.18 17:10:39 | 000,022,491 | ---- | C] () -- C:\Windows\SysWow64\GameMode.ini [2013.03.18 17:10:39 | 000,021,599 | ---- | C] () -- C:\Windows\SysWow64\decoder.ini [2013.03.18 17:10:39 | 000,021,465 | ---- | C] () -- C:\Windows\SysWow64\encoder.ini [2013.03.18 17:10:39 | 000,021,208 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2013.03.18 17:10:39 | 000,019,430 | ---- | C] () -- C:\Windows\SysWow64\mids.ini [2013.03.18 17:10:39 | 000,013,276 | ---- | C] () -- C:\Windows\SysWow64\subwoofer.ini [2013.03.18 17:10:39 | 000,011,807 | ---- | C] () -- C:\Windows\SysWow64\treble.ini [2013.03.18 17:10:39 | 000,011,508 | ---- | C] () -- C:\Windows\SysWow64\bass.ini [2013.03.18 17:10:39 | 000,005,776 | ---- | C] () -- C:\Windows\SysWow64\headphone.ini [2013.03.18 17:10:39 | 000,003,769 | ---- | C] () -- C:\Windows\SysWow64\eq.ini [2013.03.18 17:10:39 | 000,001,591 | ---- | C] () -- C:\Windows\SysWow64\microphone.ini [2013.03.18 17:10:39 | 000,001,203 | ---- | C] () -- C:\Windows\SysWow64\7.1surroundsound.ini [2013.03.18 17:10:39 | 000,001,203 | ---- | C] () -- C:\Windows\SysWow64\5.1surroundsound.ini [2013.03.18 17:10:39 | 000,001,203 | ---- | C] () -- C:\Windows\SysWow64\4.1surroundsound.ini [2013.03.18 17:10:39 | 000,001,203 | ---- | C] () -- C:\Windows\SysWow64\2.1surroundsound.ini [2013.03.18 17:10:39 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2013.03.18 17:10:39 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2013.03.14 22:22:42 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013.03.14 22:22:42 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.07 14:51:00 | 001,286,144 | ---- | C] () -- C:\Windows\SysWow64\glide3x.dll [2011.07.25 22:18:42 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\nglide_config.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.15 15:39:56 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\.minecraft [2013.04.15 21:10:03 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\AIMP3 [2013.03.29 13:17:48 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Apowersoft [2013.03.24 04:41:49 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Armagetron [2013.04.11 19:24:12 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Canneverbe Limited [2013.03.29 22:59:21 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\DarksporeData [2013.04.18 19:18:12 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Dropbox [2013.03.27 18:41:56 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\e-academy Inc [2013.04.14 16:53:10 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\FileZilla [2013.04.11 18:54:48 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Free Download Manager [2013.04.08 14:14:31 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\G Data [2013.04.11 22:16:29 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Juniper Networks [2013.03.18 17:12:51 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Leadertech [2013.04.15 19:19:09 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\LolClient [2013.03.25 22:53:02 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien [2013.03.19 01:20:56 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\minmaxgames [2013.04.13 02:01:03 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Notepad++ [2013.03.19 15:58:28 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Origin [2013.03.23 22:53:42 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Petroglyph [2013.03.19 00:08:28 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Razer [2013.04.15 20:36:25 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\Spotify [2013.04.15 15:40:26 | 000,000,000 | ---D | M] -- D:\Users\Adler-Wolf\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > |
![]() | #2 |
![]() ![]() ![]() | ![]() "C:\Windows\SysWOW64" öffnet sich bei Systemstart Und hier die Extras.txt
ATTFilter OTL Extras logfile created on: 18.04.2013 19:20:48 - Run 1 OTL by OldTimer - Version Folder = D:\Users\Adler-Wolf\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 51,95% Memory free 8,00 Gb Paging File | 5,53 Gb Available in Paging File | 69,12% Paging File free Paging file location(s): f:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 19,26 Gb Free Space | 34,52% Space Free | Partition Type: NTFS Drive D: | 232,88 Gb Total Space | 120,22 Gb Free Space | 51,62% Space Free | Partition Type: NTFS Drive E: | 1171,90 Gb Total Space | 366,19 Gb Free Space | 31,25% Space Free | Partition Type: NTFS Drive F: | 341,82 Gb Total Space | 249,30 Gb Free Space | 72,93% Space Free | Partition Type: NTFS Drive G: | 349,17 Gb Total Space | 142,59 Gb Free Space | 40,84% Space Free | Partition Type: NTFS Computer Name: ADLER-WOLF-PC | User Name: Adler-Wolf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .ini[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) .txt[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .ini [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr) .txt [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{008667C0-8C51-4838-8F27-E29BCBFCF9C2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{1D7D4D36-C573-4131-B298-ACF09F63B1BC}" = rport=139 | protocol=6 | dir=out | app=system | "{34288E6F-245B-4884-BF07-4FD3755B3ECF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{50CE03C9-5D79-49E6-92D5-9B585D58FFB5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{51CEDB4B-5792-42CD-AC83-077ABCA4FC9F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{540C6119-6F44-4122-A67B-2C2471744881}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{58292853-9FE8-442C-9C1A-98BB3080B3D5}" = rport=138 | protocol=17 | dir=out | app=system | "{6A7FE4BA-8824-4A3C-B024-086175B17D08}" = rport=10243 | protocol=6 | dir=out | app=system | "{870B7A50-96EA-46AC-8BCC-ECDB6B3F53AA}" = lport=139 | protocol=6 | dir=in | app=system | "{896BA736-BFEA-4D3F-934F-E06986958845}" = lport=10243 | protocol=6 | dir=in | app=system | "{899A4433-0F6A-4735-AD0C-63F716197B4D}" = rport=445 | protocol=6 | dir=out | app=system | "{9514B098-EF30-46DB-B965-DFDA265AC8B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{A47DE6DF-53FD-4A6E-A7B4-E55886052C0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AC8A2CCC-3C53-4B7E-803E-BC0EC683D170}" = lport=137 | protocol=17 | dir=in | app=system | "{AE080829-297C-4067-86B6-84C431FFA228}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AF2E1CB1-480E-4114-A67A-DE490CB25B7E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AF890367-C85B-47A4-83C1-6098657E43F8}" = lport=445 | protocol=6 | dir=in | app=system | "{D56DF426-3F44-4BD7-B245-C347EFC2DBF1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{E5590F76-E9E7-4501-8B78-B3F77A53CBB8}" = rport=137 | protocol=17 | dir=out | app=system | "{EE0840B7-56CF-46E0-A0DA-7CF707B92DFC}" = lport=138 | protocol=17 | dir=in | app=system | "{F1C003AE-F341-4992-8934-03DD7DFBD6A7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F70C488B-FE48-472E-83E0-32403D1E06D3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F9AD9DAA-946A-40EF-8CD6-22C75AEAAB4D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | "{FD58A967-1479-45C7-9705-029F7C06097F}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0218CE28-4747-4E54-97DC-FBB5C368CE14}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{031BBCCE-9373-4512-96CC-2CF98D5F9AC6}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | "{033469D7-83EC-40C1-AE05-C62DA81E7611}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftsrv.dll | "{04B279F4-5DA4-4F39-9220-8A6BC11C3641}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{0A7C223B-141F-473A-A4CF-9B8878328C79}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\streaming video recorder.exe | "{0B9D5F96-6A99-43FA-92A9-C655A44D28BC}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftdump.dll | "{0BDF4509-3EDB-4CDB-89E7-A8133E3CC773}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{1036DE54-B9AA-47AF-A7A6-8D124F892BD8}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\half-life\hl.exe | "{15C4E164-7A8A-488C-A4ED-FBC14DA7F040}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | "{1786E1E0-ADFF-45B1-820C-B242BBD6ED97}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{19A50441-7CDB-4A86-9929-AA0CBF877DF0}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | "{1B82681A-E1D3-447E-B995-5D070AF9C67D}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "{1C8154F3-58EF-44E9-ADC9-E3E73304228D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{20DFFB1C-9847-4D17-9605-27CC2FE8C0B4}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | "{22846037-B841-451C-B045-F09A3835E6F3}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | "{2350948B-436C-481D-B03E-9CF12D1A10F0}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{2420580F-413E-49A2-B702-35FC453BA38A}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\rochard\rochard.exe | "{29943552-CE8F-4495-90DD-02475038F6A6}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | "{2BF20FC7-AF82-495A-85E9-8FD45B3706B8}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\anna\anna.exe | "{2DB8E59F-8C36-40B3-8C38-C7ABAF1B5354}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{34AD646E-F874-4458-B01D-CB45D5413715}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | "{35DB17E3-1E24-4E9B-A567-AAA619BE9AB4}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\maniaplanet_tmstadium\maniaplanetlauncher.exe | "{396093E6-E54F-4CC7-9EFE-8E15F96B23B5}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\half-life\hl.exe | "{396F2010-1B41-4033-A8C0-7B591AFFEFC8}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{3CA1F445-A3DC-41FA-B473-FAB84BBED6A0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3E8F5296-2F23-403F-AC86-701045F708D2}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{3EDF2B12-0AD4-4F5E-931E-F8327D01DCDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{41212074-2C64-488A-B7D9-69742C238BB8}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{41957B3F-57F1-48D2-94BA-1888EA6BF4B7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{41D63AFE-43D1-4739-8C11-D4BA89282102}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{423DD573-E252-40A7-B3B5-C49E993BD41F}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\east india company\eastindia.exe | "{4290CDF0-3DBA-471E-84B4-45481430868A}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{42BDBD6A-6C34-4BEF-A94E-DAA27BD56224}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | "{4915C18D-3148-49A0-993F-C0B5C8ABD921}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | "{4990E8EA-7DCF-4CA4-A0A2-6B9030493E97}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{49DC76FA-8A1A-46EC-8C4D-881E407B4B49}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{4D6A65CB-5BA6-41A2-986A-4C4B1C89DCBD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{55A8C526-A706-4414-B8A1-7CF116CC54E8}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "{5648C49D-F275-4D78-A371-0CF9BFC1E410}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\rochard\rochard.exe | "{5A638ADE-B42A-4942-BE9D-0BAA9F66B64D}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{5BF4F525-9F2C-4842-B27F-BF429F620BCC}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | "{622E7C12-0ADA-402D-A4F7-ED959FA84A7A}" = protocol=6 | dir=in | app=f:\program files (x86)\origin games\command and conquer generals zero hour\generals.exe | "{674152EC-D4B1-4A3F-ADEC-81E052F3B1CB}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | "{68EA7190-AD26-4FDA-AEC8-3595D4DB4402}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\crazy machines\crazymachines.exe | "{6E11D90B-86F0-4F7A-B9F4-D02AB2028673}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\maniaplanet_tmstadium\maniaplanetlauncher.exe | "{6E9EE935-A350-4657-8125-550928F99D46}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | "{6F3AF8FF-50C1-4514-9EA3-FF9EA9303FC5}" = protocol=17 | dir=in | app=f:\program files (x86)\origin games\battlefield 3\bf3.exe | "{6F418B60-F05D-40E2-B1F1-CE64178EAC77}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\crazy machines\crazymachines.exe | "{6F8DD525-5E8F-46CE-8D7F-0D427B9BB10B}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{7172F5F7-9110-40EB-BBE2-391DE0C98D89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{77EFD485-7900-43F6-AE71-EAFBD07794CE}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\dlc quest\dlc.exe | "{78D10B09-A51B-457B-A37F-4DE71B26609A}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftplayer.dll | "{7DD754BD-BA14-4756-AA12-F2FD8B45147E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{7FE80CD2-F5F8-46E0-B2A1-9B28EAAB2644}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{81E09846-6591-4157-810C-C2C0CDBB91E5}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{8820A551-877C-4331-8F85-83444D0E32AA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{8A330054-CFA4-44F8-B779-C479EC0A351D}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | "{8DD4A367-7463-44EC-8F67-5A11D8381716}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | "{8F58D332-47BE-4C03-AF6C-C3AB691C882D}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\east india company\eastindia.exe | "{8FE2AE7A-EEBD-4002-984B-421CB9816E03}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\anna\anna.exe | "{900BDBDE-0022-44C3-B9BA-FB4A66B05C0B}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe | "{96C59E5F-47BA-4AB5-B25F-86D92C6B22C9}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{96D80E2E-FDCF-4473-9AD7-E4818CCF6C61}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{97DEB3E8-DD4A-4A3A-8C74-B94A1C6AD128}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{98C8BAF2-7F60-45A1-BB3D-E12B5B417BDB}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\stalker call of pripyat\stalker-cop.exe | "{98DE361B-78EC-44DD-A006-C8B5FADC3306}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | "{9A7A5DAF-F90B-4840-999D-BED6B648E3F2}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\arnos_the_empero\counter-strike source\hl2.exe | "{9B91F430-C7EC-4E06-9382-10B7E8C1ED43}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\arnos_the_empero\day of defeat source\hl2.exe | "{9D34CA4B-2A6E-4293-9565-AEA721997EBC}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | "{9D603D9F-A855-4CB4-97FF-310B75BDED9C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A1C44105-0286-40EB-AA76-DCCBD71EDD4A}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\trine 2\trine2_launcher.exe | "{A34CB27E-366C-47BE-8927-6E17492B8265}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{A75D9A21-9198-4299-B066-101347BA81A1}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | "{AABDB3C3-7B90-4364-9C87-DEEB42E02277}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\dlc quest\dlc.exe | "{ABE5ACCD-B6BA-49CF-AA7E-4BC6A5FE78E4}" = protocol=17 | dir=in | app=f:\program files (x86)\origin games\command and conquer generals zero hour\generals.exe | "{ACC274FE-8FA1-4FEB-A84F-E45A128CBF72}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe | "{B1A7CF80-BA93-4934-9481-CF042C447159}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe | "{B5F28858-1776-46DD-9AD4-0C84E1660100}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steam.exe | "{B840EECE-796E-4EB0-9E7F-DCA88CC99C2F}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\microsoft flight\flight.exe | "{B92FC9D7-E627-41D6-BF2D-B360F6E69337}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | "{C0F987FE-CBC9-4645-B4C1-7ECDE634FD24}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "{C12C4270-ED3D-42AB-84C9-EDAB41790AAA}" = protocol=6 | dir=in | app=d:\users\adler-wolf\appdata\roaming\dropbox\bin\dropbox.exe | "{C2939DDD-9810-441A-8279-2A44079C7BBF}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{CAD98644-BC42-4F0C-B730-C5B9F1C85BBF}" = protocol=17 | dir=in | app=d:\users\adler-wolf\appdata\roaming\dropbox\bin\dropbox.exe | "{CD8286E6-D3BF-4FE9-9D71-376E7164B927}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{CFFF2E21-29DD-4C1D-9859-984CDFCCB958}" = protocol=6 | dir=in | app=d:\users\adler-wolf\appdata\roaming\dropbox\bin\dropbox.exe | "{D0A40A70-5C0A-4F8F-811F-904BEE18256C}" = dir=in | app=c:\program files\apowersoft\streaming video recorder\apowersoftac.dll | "{D24965F2-2A9E-48CC-855D-BC524B78A93A}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | "{D3BE184C-DA75-46EC-BE90-F54551D6E3C0}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steam.exe | "{D3CB1C83-6957-4E36-983E-7B872E1245A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DC3EDB03-5C0B-455F-A41B-5322853F785B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DC927F07-09A5-44F2-BECD-9649DF2A014A}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\arnos_the_empero\counter-strike source\hl2.exe | "{DDF5BF52-7B03-4A6D-9D44-675F7DA37FD6}" = protocol=6 | dir=in | app=f:\program files (x86)\origin games\battlefield 3\bf3.exe | "{DE32E104-277B-4FEF-90FA-078F76ED2A5E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DF9FF9B3-53B2-4663-A2F7-C775E0AA4442}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | "{DFECB480-2EE7-48E4-9D0F-38CFD4C94A53}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{E04DD22D-78B3-48A7-955C-AF6FA3926113}" = protocol=17 | dir=in | app=d:\users\adler-wolf\appdata\roaming\dropbox\bin\dropbox.exe | "{E0B77A26-6F50-4835-9FDD-2A17E8E9B437}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E17626B4-7225-49D1-90AF-5DA8E2727B02}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\arnos_the_empero\day of defeat source\hl2.exe | "{E2FC9B73-D504-4A03-BD3C-8BD9A359C6DB}" = protocol=17 | dir=in | app=f:\program files (x86)\origin games\darkspore\darksporebin\darkspore.exe | "{E3137008-A664-4927-AC00-AC918774B156}" = protocol=6 | dir=in | app=f:\program files (x86)\origin games\darkspore\darksporebin\darkspore.exe | "{E36B2C90-6131-4FE1-9C66-B332457F1D54}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{E416A495-2314-4E85-A314-DA6E5148A159}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\age2hd\launcher.exe | "{EDBCBFDA-9DB5-4268-98F0-73174E7CBCAD}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{EFEA84BE-E04B-4C8B-AF92-85D587FD056D}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | "{F21156C9-4C3A-40BB-BA40-B422EF755A09}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "{F2F03CED-367C-449A-AE37-DB9CA0ADCE03}" = protocol=6 | dir=out | app=system | "{F6F26387-5DE8-47A0-B54A-5B98F32CA529}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F80C787D-FFDD-4A53-86E2-11C923D36897}" = protocol=17 | dir=in | app=e:\program files (x86)\steam\steamapps\common\unreal tournament 3\binaries\ut3.exe | "{F9BECDD5-C667-46CD-ACF0-EEA547D5F2EC}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{F9E7A2DD-91F8-4AEA-BA43-F51BFB0ECC53}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FC8F457B-65D6-4062-8BEA-825978E14D07}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{FF4D7BBA-4400-4F73-A508-7AF4DF4CC603}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{FFD099AA-A487-4723-B871-B2AD21A11EFA}" = protocol=6 | dir=in | app=e:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{20384EBF-4F10-13F0-07C6-7A6C87FD83DF}" = AMD Catalyst Install Manager "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit) "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 "{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 "{477D05CA-C151-9CF5-22A1-9DF6DF543CD4}" = AMD Media Foundation Decoders "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{90150000-007E-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component "{90150000-008C-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component "{90150000-008C-0407-1000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{B2B47795-9ABC-37C1-0633-68B1B7104543}" = AMD Drag and Drop Transcoding "{C1ACBDBF-6F86-185A-E158-AB07893968FC}" = AMD Accelerated Video Transcoding "{D61EB116-6878-9676-F28F-54F6B647023C}" = ccc-utility64 "{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Logitech Gaming Software" = Logitech Gaming Software 8.40 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "ProPlusRetail - de-de" = Microsoft Office Professional Plus 2013 - de-de "Sandboxie" = Sandboxie 3.76 (64-bit) "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 4.20 (64-Bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{009B1E9D-38AB-8B9E-DB07-8318DAAE1941}" = CCC Help Greek "{022BC727-ACB7-4C1D-109C-177515714A32}" = Catalyst Control Center "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07E46A4A-F2BA-FE48-9464-E11250502C6A}" = CCC Help Swedish "{07E5C16F-9194-E31B-BB6C-C3E8FBD79C30}" = CCC Help English "{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = Die Sims Mittelalter Piraten und Edelleute "{0F2CF890-D101-6CFA-8D99-0CFBF7EF4AD0}" = CCC Help Chinese Standard "{10CFB5DF-985A-8320-B4D8-461CC1F83CBF}" = CCC Help Japanese "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite "{22D071EF-A06A-6341-DFDA-FE448659A63C}" = CCC Help Portuguese "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II "{30909F74-4B46-2842-DECF-1C66F355338C}" = CCC Help Turkish "{365E16A2-FE3B-EA13-4EE0-88D570F82497}" = CCC Help Korean "{3D8AB6C1-3932-F551-2AF0-ED0612AD4B26}" = CCC Help Dutch "{40AD5E62-A31A-C414-01BA-310100577C7E}" = CCC Help Chinese Traditional "{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.4.8 "{4AA62353-C8D9-4A05-A425-D9DFC4646B99}_is1" = FFsplit version Alpha "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4F9E0D27-5525-E8C8-43D0-BA15C1A22E03}" = CCC Help Czech "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{63DEADD1-C032-4F1F-AF76-26B166D6AC30}" = G Data TotalProtection 2014 "{647E62F0-F1BC-E0C3-EDF5-67716EE75014}" = CCC Help Hungarian "{667DB2C0-AF52-021A-7CF6-DA8DD27AC215}" = CCC Help Italian "{6A4C6C0F-8791-B753-742E-06C40A6E023C}" = CCC Help Polish "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 "{6E839820-0BBA-4310-9D06-4463BAEA6641}" = Secure Download Manager "{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{793FCE60-DE5E-4977-A942-A7B69A45B17D}" = MainConcept DTV Decoder Pro "{79C61902-F44E-4190-A2B9-9B467B0380CE}" = CCC Help French "{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium "{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3 "{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die Sims Mittelalter "{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 "{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup "{8F0F5689-6900-425B-A8C2-0DBD10DAB694}" = Command & Conquer™: Generals and Zero Hour "{8FDBE1E8-2922-4750-9E4B-6B28CA67DBBB}" = Unreal "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.VISIOR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.VISIOR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.VISIOR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.VISIOR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010 "{90140000-0054-0407-0000-0000000FF1CE}_Office14.VISIOR_{1FEAC070-BB09-4055-9BD0-48CF52023F92}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.VISIOR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010 "{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1) "{91A3CEFE-A2C1-3E83-3789-F2BF8EC82106}" = CCC Help Thai "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13 "{96CAEB1D-7BFB-2A98-EBB2-414C894F694F}" = CCC Help Danish "{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A664A708-E454-4416-7D19-D0F10879522C}" = CCC Help German "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{B1AAE4BF-C98E-467E-94C7-4E1F51DD86E0}" = Darkspore™ "{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™ "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}" = Razer Lachesis "{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star "{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh "{D6F46E2D-4FE2-5FAB-5C30-230E99563DEE}" = Catalyst Control Center InstallProxy "{D9DA23F5-CE0B-EE04-B498-7EC8AFC9F232}" = CCC Help Finnish "{DA47ABC4-52DF-468D-988D-B9E768A3DF52}" = Pizza Connection 2 "{DF5182CB-192B-A6C8-9707-D7214557691C}" = CCC Help Norwegian "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E6757654-CE6A-0D0B-BBE6-F6247F05B7CD}" = Catalyst Control Center Localization All "{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 "{E8759AD8-3A58-77F1-D16D-F3C8F9E98722}" = Catalyst Control Center Graphics Previews Common "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132000C-1CBA-458F-BF2F-FD43D59410F9}" = LightScribe System Software "{F1C39CBE-4521-BEC8-5238-4A8B55FEB6B7}" = CCC Help Russian "{FBFA39D2-C55A-56DC-7EBB-767FC31B04A3}" = CCC Help Spanish "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows "4578-0181-0549-1546" = Altitude "5513-1208-7298-9440" = JDownloader 0.9 "AC3Filter_is1" = AC3Filter 2.5b "Activision_StarTrekArmadaUninstallKey" = Star Trek: Armada "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Afterburner" = MSI Afterburner 2.3.1 "AIMP3" = AIMP3 "ALchemy" = Creative ALchemy "Armagetron Advanced" = Armagetron Advanced "AudioCS" = Creative Audio-Systemsteuerung "AVMWLANCLI" = AVM FRITZ!WLAN "Battlelog Web Plugins" = Battlelog Web Plugins "Console Launcher" = Creative Konsole Starter "Creative AutoMode Switcher" = Creative AutoMode Switcher "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "Creative Volume Panel" = Lautstärkefenster "DEMONWORLD" = DEMONWORLD "DVBViewer Pro_is1" = DVBViewer Pro "DVBViewer TE2_is1" = DVBViewer TE2 "ESET Online Scanner" = ESET Online Scanner v3 "ESN Sonar-0.70.4" = ESN Sonar "FileZilla Client" = FileZilla Client "Free Download Manager_is1" = Free Download Manager 3.9.2 "GOGPACKRCT2_is1" = RollerCoaster Tycoon 2 Triple Thrill Pack "GOGPACKSTRONGHOLDCRUSADERHD_is1" = Stronghold Crusader Extreme HD "GOGPACKSTRONGHOLDHD_is1" = Stronghold HD "Halo" = Microsoft Halo "Inno Setup 5_is1" = Inno Setup Version 5.5.3 "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0 "Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control "KKND Krossfire" = KKND Krossfire "lavfilters_is1" = LAV Filters 0.55.3 "Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "nGlide" = nGlide 0.97 "Notepad++" = Notepad++ "NSIS" = Nullsoft Install System "Office14.VISIOR" = Microsoft Visio Professional 2010 "OpenAL" = OpenAL "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "Star Trek Armada II" = Star Trek Armada II "Steam App 105600" = Terraria "Steam App 18420" = Crazy Machines "Steam App 203850" = Microsoft Flight "Steam App 221380" = Age of Empires II: HD Edition "Steam App 230050" = DLC Quest "Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad "Steam App 41700" = S.T.A.L.K.E.R.: Call of Pripyat "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 570" = Dota 2 "Super Castle Attack" = Super Castle Attack "TechnoMage" = TechnoMage "TechPowerUp GPU-Z" = TechPowerUp GPU-Z "THX_Console_Unicode" = THX-Einrichtungskonsole "ToshibaEdit" = ToshibaEdit (remove only) "VirusTotalUploader2.0" = VirusTotal Uploader 2.0 "VMware_Player" = VMware Player "Warcraft III" = Warcraft III ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "Spotify" = Spotify ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.04.2013 06:30:05 | Computer Name = Adler-Wolf-PC | Source = WinMgmt | ID = 10 Description = Error - 16.04.2013 06:32:18 | Computer Name = Adler-Wolf-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Users\Adler-Wolf\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 16.04.2013 06:32:20 | Computer Name = Adler-Wolf-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Users\Adler-Wolf\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 17.04.2013 08:06:39 | Computer Name = Adler-Wolf-PC | Source = WinMgmt | ID = 10 Description = Error - 17.04.2013 11:41:15 | Computer Name = Adler-Wolf-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 17.04.2013 12:04:25 | Computer Name = Adler-Wolf-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 18.04.2013 08:11:49 | Computer Name = Adler-Wolf-PC | Source = WinMgmt | ID = 10 Description = Error - 18.04.2013 08:30:26 | Computer Name = Adler-Wolf-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error - 18.04.2013 13:17:03 | Computer Name = Adler-Wolf-PC | Source = WinMgmt | ID = 10 Description = Error - 18.04.2013 13:20:09 | Computer Name = Adler-Wolf-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "D:\Users\Adler-Wolf\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. [ System Events ] Error - 16.04.2013 07:13:49 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 16.04.2013 07:14:23 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 16.04.2013 07:23:56 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 16.04.2013 07:24:11 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 16.04.2013 07:46:40 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 17.04.2013 08:05:11 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 17.04.2013 08:06:07 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 18.04.2013 08:10:36 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 18.04.2013 08:10:57 | Computer Name = Adler-Wolf-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 18.04.2013 13:14:16 | Computer Name = Adler-Wolf-PC | Source = DCOM | ID = 10010 Description = < End of report > Code:
ATTFilter GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-18 19:57:31 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-VERTEX2 rev.1.37 55,90GB Running: gmer_2.1.19163.exe; Driver: D:\Users\Adler-Wolf\AppData\Local\Temp\kgldipob.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002ffe000 63 bytes [00, 00, 1C, 02, 4D, 49, 63, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 624 fffff80002ffe040 22 bytes [98, F7, 15, 07, 80, FA, FF, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75] .text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75] .text ... * 2 .text C:\Windows\SysWOW64\PnkBstrA.exe[2200] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000074031a22 2 bytes [03, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2200] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000074031ad0 2 bytes [03, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2200] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000074031b08 2 bytes [03, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2200] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000074031bba 2 bytes [03, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2200] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000074031bda 2 bytes [03, 74] .text C:\Windows\SysWOW64\PnkBstrA.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75] .text ... * 2 .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75] .text C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe[2224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75] .text ... * 2 .text C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26 0000000071d713c6 2 bytes [D7, 71] .text C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74 0000000071d713f6 2 bytes [D7, 71] .text C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257 0000000071d714ad 2 bytes [D7, 71] .text C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303 0000000071d714db 2 bytes [D7, 71] .text ... * 2 .text C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79 0000000071d71577 2 bytes [D7, 71] .text C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175 0000000071d715d7 2 bytes [D7, 71] .text C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620 0000000071d71794 2 bytes [D7, 71] .text C:\Windows\SysWOW64\vmnat.exe[2260] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921 0000000071d718c1 2 bytes [D7, 71] .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75] .text C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe[2360] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75] .text ... * 2 .text C:\Program Files (x86)\Free Download Manager\fdm.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75] .text C:\Program Files (x86)\Free Download Manager\fdm.exe[5260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75] .text ... * 2 .text E:\Program Files (x86)\Steam\Steam.exe[5232] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000074f9549c 5 bytes JMP 0000000100080800 .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75] .text C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75] .text ... * 2 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[7172] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000074f9549c 5 bytes JMP 00000001000f0800 .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[7172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75] .text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[7172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75] .text ... * 2 .text D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe[4596] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075141465 2 bytes [14, 75] .text D:\Users\Adler-Wolf\AppData\Roaming\Dropbox\bin\Dropbox.exe[4596] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000751414bb 2 bytes [14, 75] .text ... * 2 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fef83f741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fef83f5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fef83f5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fef83f5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fef83f7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fef83f6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fef83f6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fef83f7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fef83f7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fef83f78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fef83f4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fef83f5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2292] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fef83f7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDE 0x4F 0x69 0x68 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x60 0xC7 0xD7 0xE6 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBB 0xAD 0x38 0xCD ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDE 0x4F 0x69 0x68 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x60 0xC7 0xD7 0xE6 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xBB 0xAD 0x38 0xCD ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
![]() |
Themen zu "C:\Windows\SysWOW64" öffnet sich bei Systemstart |
adobe, adobe flash player, antivirus, bho, excel, explorer, firefox, firewall, flash player, format, free download, ftp, gdata, installation, launch, logfile, mozilla, plug-in, problem, programme, registry, scan, software, stick, super, system, totalprotection, trojaner-board, usb, windows, öffnet |