Browser öffnet andere Seite!

LSatan · 24.04.2013, 22:29

Hallo Zusammen,

heute wollte ich mal wieder auf die Homepage meines MMORPGS, ohne erfolg. Sobald ich in die Adresszeile tera-europe.com eingebe bekomme ich eine rumänische Filmesite geöffnet. -> Bild im Anhang

Diese Probleme habe ich mit Firefox/Chrome/IE
Neu Installation ohne erfolg

Mein Antivirenprogramm ist Bitdefernder Internet Security 2013.
Es hat leider nichts Gefunden.

Ich nutze Windows 8

Hier schon einmal mein HijackThis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:40:54, on 24.04.2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Users\LSatan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\LSatan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LSatan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LSatan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LSatan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LSatan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LSatan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LSatan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\LSatan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LSatan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LSatan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\LSatan\Downloads\HiJackThis204.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 213.239.204.183 www.subdomain.sls.tera-europe.de
O1 - Hosts: 213.239.204.183 subdomain.sls.tera-europe.de
O1 - Hosts: 213.239.204.183 www.account.tera-europe.com
O1 - Hosts: 213.239.204.183 account.tera-europe.com
O1 - Hosts: 213.239.204.183 www.sls.tera-europe.de
O1 - Hosts: 213.239.204.183 www.tera-europe.com
O1 - Hosts: 213.239.204.183 sls.tera-europe.de
O1 - Hosts: 213.239.204.183 tera-europe.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: (no name) - {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [emsisoft anti-malware] "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60
O4 - HKLM\..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
O4 - HKLM\..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\LSatan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [!DefaultSetup] C:\Users\LSatan\AppData\Local\Microsoft\DefaultSetup\DefaultSetup.exe
O4 - Startup: Dropbox.lnk = C:\Users\LSatan\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Emsisoft Anti-Malware 7.0 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 9837 bytes

--- --- ---

Helft mir ich bin mit meinem Latein am Ende.

LSatan

smeenk · 24.04.2013, 23:00

Hallo ich bin smeenk und ich werde versuchen dir mit deinem Problem zu helfen

Systemscan mit ZOEK

Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
Klicke auf "Options" und wähle die folgenden Optionen aus:
- Recently Created
- Startup Information
- Firefox Look
- Chrome Look
- Reset Hosts
- System Restore Point
- Auto Clean
Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
Poste mir das Log File zoek-results.log

Systemscan mit OTL

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von zoek
Logs von OTL

LSatan · 25.04.2013, 10:03

Hier einmal der zoek-results.log

Zitat:

Zoek.exe Version 4.0.0.2 Updated 23-04-2013
Tool run by LSatan on 25.04.2013 at 10:43:08,70.
Microsoft Windows 8 Pro with Media Center 6.2.9200 x64
Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

25.04.2013 10:43:58 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Files \ Folders ======================

"C:\Program Files (x86)\TornTV.com" deleted
"C:\Users\LSatan\AppData\Roaming\pdfforge" deleted
"C:\Users\LSatan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com" deleted
"C:\Users\LSatan\AppData\Local\CRE" deleted
"C:\Users\LSatan\AppData\Local\Conduit" deleted
"C:\Users\LSatan\AppData\LocalLow\BittorrentBar_DE" deleted
"C:\Users\LSatan\AppData\LocalLow\Conduit" deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\Users\LSatan\AppData\Local\Temp ====
====== C:\WINDOWS\SysWOW64 =====
2013-04-24 20:50:49 6E4916DC5BA0697C28915DA5261FF250 70490256 ----a-w- C:\WINDOWS\SysWOW64\MRT.exe
2013-04-18 09:02:19 5109E3FA09CBFA2DAA0A13752A694C8A 3520 ----a-w- C:\WINDOWS\SysWOW64\EasyRedirect.ini
2013-04-18 09:02:19 4786591FFD60B7CC8F4F3F7A7CB3F124 2040 ----a-w- C:\WINDOWS\SysWOW64\EasyRedirectOff.ini
2013-04-18 09:02:18 CA801594D75013A428168FD4081BF745 380240 ----a-w- C:\WINDOWS\SysWOW64\EasyRedirect.dll
2013-04-15 11:04:08 9D21B8111AF66A984E00BC447F4EA79A 17560576 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2013-04-15 11:04:05 E5AA5FCA529FB3FD88D2C3EB38BBD899 1338880 ----a-w- C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2013-04-15 11:04:05 DE86072021309EE80B38AD4A3795BF3B 8857088 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll
2013-04-15 11:04:03 E8BBE0E535426911F7342AA0E8031AB0 246784 ----a-w- C:\WINDOWS\SysWOW64\ubpm.dll
2013-04-15 11:04:03 54574CAD4D52690EA31BB5BE4DF00608 850944 ----a-w- C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-04-15 11:04:01 8A68C50B0520F53113E4AC1BEB98D63F 309760 ----a-w- C:\WINDOWS\SysWOW64\BCP47Langs.dll
2013-04-15 11:04:01 2072CE914C627A37E8CC8592E68A8851 357888 ----a-w- C:\WINDOWS\SysWOW64\netcfgx.dll
2013-04-15 11:04:01 1A242673EFA49EC8C16AA691DC027E6F 5091840 ----a-w- C:\WINDOWS\SysWOW64\mstscax.dll
2013-04-15 11:04:00 9DEE93BEA6D719FCA849B7ABFCCE5621 601088 ----a-w- C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2013-04-15 11:04:00 9C4CD6ADB8FB30BAA1B642FFFD04E194 893952 ----a-w- C:\WINDOWS\SysWOW64\winmde.dll
2013-04-15 11:04:00 8C70B51A829282AD20EFC443B054E21D 621056 ----a-w- C:\WINDOWS\SysWOW64\wuapi.dll
2013-04-15 11:04:00 0BF4D74962263306006C82DFBB114554 550912 ----a-w- C:\WINDOWS\SysWOW64\drvstore.dll
2013-04-15 11:03:56 B577FC9A355C11746D5AE2D0BCB697F8 2033664 ----a-w- C:\WINDOWS\SysWOW64\authui.dll
2013-04-15 11:03:54 FC4A7834626A7CCFF76313EDA2814CE6 125952 ----a-w- C:\WINDOWS\SysWOW64\wuwebv.dll
2013-04-15 11:03:54 C9CB81C364B16A2FD421B8EC1DB712FF 83968 ----a-w- C:\WINDOWS\SysWOW64\wudriver.dll
2013-04-15 11:03:54 7F8D446C49D3052CD364C01477BCE5ED 100864 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncInfo.dll
2013-04-15 11:03:54 67A05BE41C37A3BF140377C0CEFFC309 145408 ----a-w- C:\WINDOWS\SysWOW64\powercfg.cpl
2013-04-15 11:03:54 2C574148A7DB534A72199D775591D1B4 356352 ----a-w- C:\WINDOWS\SysWOW64\SettingSync.dll
2013-04-15 11:03:53 73DC5278EE0A0F01750A0DEF17FE7EFD 36352 ----a-w- C:\WINDOWS\SysWOW64\DevDispItemProvider.dll
2013-04-15 11:03:53 23A7D64AB45FA0494C040A95DEDFEDCC 34304 ----a-w- C:\WINDOWS\SysWOW64\wuapp.exe
2013-04-12 17:29:13 D017BF8D92938EEB9B3A1D1C53FDA152 14323200 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2013-04-12 17:29:06 0B6118058942961D504AAEA04FECB116 13761024 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll
2013-04-12 17:29:05 B5DEC0D4CBBC333CA99FE10B06D4747E 2046464 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll
2013-04-12 17:29:04 9B59687619B27CDA24638CDC3AF079FB 2877440 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
2013-04-12 17:29:03 CFE0CEE587F9CEA4C29DEEC6D85FC91C 1766912 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll
2013-04-12 17:29:03 6EF6B6EACCA13DD6131624E0DD5C14A3 690688 ----a-w- C:\WINDOWS\SysWOW64\jscript.dll
2013-04-12 17:29:03 69CB1A65B835EE6ADF9E16ED6D443072 1129984 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll
2013-04-12 17:29:02 B5D742C535D37A7DA0649E03B32CAD80 493056 ----a-w- C:\WINDOWS\SysWOW64\msfeeds.dll
2013-04-12 17:29:02 2CD665EF1353721341B789B78E25B3AC 534528 ----a-w- C:\WINDOWS\SysWOW64\uxtheme.dll
2013-04-12 17:29:01 BFDD0C5F3E435596F197F003609989C4 61440 ----a-w- C:\WINDOWS\SysWOW64\iesetup.dll
2013-04-12 17:29:01 A7CFDA703AF9AD409DAA521487E0CB53 109056 ----a-w- C:\WINDOWS\SysWOW64\iesysprep.dll
2013-04-12 17:29:01 87B775A458A73BB7381E5B67B5652496 39424 ----a-w- C:\WINDOWS\SysWOW64\jsproxy.dll
2013-04-12 17:29:01 3FA7F736B877B46EDF1EE6BE6051848D 33280 ----a-w- C:\WINDOWS\SysWOW64\iernonce.dll
2013-04-12 17:29:01 22921396AB06C926366594526A902093 2706432 ----a-w- C:\WINDOWS\SysWOW64\mshtml.tlb
2013-04-12 16:25:10 BB494AA9267EBD12DEC13025C2CE9359 375808 ----a-w- C:\WINDOWS\SysWOW64\ReAgent.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2013-04-18 09:02:19 75A023D8CC183D2A6879A00016B33BE4 2040 ----a-w- C:\WINDOWS\Sysnative\EasyRedirectOff.ini
2013-04-18 09:02:19 1F1C72D9527212C5938954F8D33B9C40 539984 ----a-w- C:\WINDOWS\Sysnative\EasyRedirect64.dll
2013-04-15 11:04:10 79F95469604B77296346DE7DB463EA2A 3240448 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll
2013-04-15 11:04:09 F162757540A3307AF777C056544AE871 19748864 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2013-04-15 11:04:08 5DF7FCCCCC71E230883DC30AF3FE0203 1161728 ----a-w- C:\WINDOWS\Sysnative\sppobjs.dll
2013-04-15 11:04:06 6587EB86E32C49AC726817220390CFFE 1627648 ----a-w- C:\WINDOWS\Sysnative\WindowsCodecs.dll
2013-04-15 11:04:06 3D1E4E187270B03BA28F8CF0C7C66C22 10116608 ----a-w- C:\WINDOWS\Sysnative\twinui.dll
2013-04-15 11:04:04 0E8924B51839B0CC8AB4B9C456220683 1048576 ----a-w- C:\WINDOWS\Sysnative\mfasfsrcsnk.dll
2013-04-15 11:04:03 C911D9E6BDE318D513D9168F947E1800 328192 ----a-w- C:\WINDOWS\Sysnative\ubpm.dll
2013-04-15 11:04:03 C7E0C8B888B034D1A66840A5E34D61FC 389120 ----a-w- C:\WINDOWS\Sysnative\BCP47Langs.dll
2013-04-15 11:04:03 01344DD46C95BC2A478B52AF07336F4A 5978624 ----a-w- C:\WINDOWS\Sysnative\mstscax.dll
2013-04-15 11:04:02 D608E0955BF3623B54CFA1A90FCA59FD 1149952 ----a-w- C:\WINDOWS\Sysnative\winmde.dll
2013-04-15 11:04:01 F8E1CA7D41BC44662D7F8936A9588201 2302464 ----a-w- C:\WINDOWS\Sysnative\authui.dll
2013-04-15 11:04:01 C15FF2B4C82792230CD9742253C68CF1 760320 ----a-w- C:\WINDOWS\Sysnative\wuapi.dll
2013-04-15 11:04:01 76E6465F3153FCA20F07928BBA62D7B8 951808 ----a-w- C:\WINDOWS\Sysnative\Windows.Globalization.dll
2013-04-15 11:04:01 6FB88606C4A71E1BFAF97D63A676C673 180224 ----a-w- C:\WINDOWS\Sysnative\SystemEventsBrokerServer.dll
2013-04-15 11:04:00 D3CD3034E2292DBECCD3161DC29D8E07 455168 ----a-w- C:\WINDOWS\Sysnative\netcfgx.dll
2013-04-15 11:04:00 BE611E28DD9AF75A6B904B55F5D6E6C3 245248 ----a-w- C:\WINDOWS\Sysnative\usbmon.dll
2013-04-15 11:04:00 4515B9E4140F04FB3907692DF89FCA87 171008 ----a-w- C:\WINDOWS\Sysnative\TimeBrokerServer.dll
2013-04-15 11:04:00 3013658A4D327854BEEC4A08D9655194 103936 ----a-w- C:\WINDOWS\Sysnative\wpdbusenum.dll
2013-04-15 11:04:00 116FBD7F3F98CB90680BCB5E5CBD0715 448512 ----a-w- C:\WINDOWS\Sysnative\SettingSync.dll
2013-04-15 11:03:55 5EE6D3195E6470DB22F480CCF5F5FF4A 2146304 ----a-w- C:\WINDOWS\Sysnative\actxprxy.dll
2013-04-15 11:03:54 F5BB165DD4C8B784E06E3F0324150E0F 156160 ----a-w- C:\WINDOWS\Sysnative\powercfg.cpl
2013-04-15 11:03:54 EF9A6AA4956FCD2D0EECD48ECC54B303 251904 ----a-w- C:\WINDOWS\Sysnative\WUSettingsProvider.dll
2013-04-15 11:03:54 ED84544A18C02EE2DF436A94436168BA 1619968 ----a-w- C:\WINDOWS\Sysnative\wucltux.dll
2013-04-15 11:03:54 E781EB5E43013C358B9A335103C2B9AE 98304 ----a-w- C:\WINDOWS\Sysnative\wudriver.dll
2013-04-15 11:03:54 A6B742C6B8CF9A37E0EF470DF890F74B 703488 ----a-w- C:\WINDOWS\Sysnative\drvstore.dll
2013-04-15 11:03:54 821D79C4602C5BF6C8183630D301638A 150016 ----a-w- C:\WINDOWS\Sysnative\discan.dll
2013-04-15 11:03:54 79CE97524CEC063C9A2750CCFE253847 173568 ----a-w- C:\WINDOWS\Sysnative\storewuauth.dll
2013-04-15 11:03:54 69A7C97D2FF3252039F18EB36B4AF76B 43520 ----a-w- C:\WINDOWS\Sysnative\wups.dll
2013-04-15 11:03:54 50361572A98348A6E780FFE231B55D49 49152 ----a-w- C:\WINDOWS\Sysnative\DevDispItemProvider.dll
2013-04-15 11:03:54 3C39BF7BBD73C3D862F5266D316D88D0 58288 ----a-w- C:\WINDOWS\Sysnative\wuauclt.exe
2013-04-15 11:03:54 3AF11BF2AA45E222D5923E59596AC984 128512 ----a-w- C:\WINDOWS\Sysnative\SettingSyncInfo.dll
2013-04-15 11:03:54 3A014B98C45AA8C0E4ABF2AB764F9AAC 71168 ----a-w- C:\WINDOWS\Sysnative\WSDPrintProxy.DLL
2013-04-15 11:03:54 3426BE7D0ED8888ACFE04BA6BB9AF83B 77824 ----a-w- C:\WINDOWS\Sysnative\taskhost.exe
2013-04-15 11:03:54 25FD6AB608C7CFDEAAC24BA882AC4052 117248 ----a-w- C:\WINDOWS\Sysnative\NdisImPlatform.dll
2013-04-15 11:03:54 0899BF12B2142213630D49E645B8A507 72192 ----a-w- C:\WINDOWS\Sysnative\taskhostex.exe
2013-04-15 11:03:54 05677EEFA7E6AAF414F4C31FD9EBF2C0 141824 ----a-w- C:\WINDOWS\Sysnative\wuwebv.dll
2013-04-15 11:03:53 750082FFD280AD15DA524379CD863721 39424 ----a-w- C:\WINDOWS\Sysnative\wuapp.exe
2013-04-15 11:03:53 4FD2E5BDBBBAB094B65E76908F9FADB3 387867 ----a-w- C:\WINDOWS\Sysnative\ApnDatabase.xml
2013-04-13 16:23:54 BF511C667E0D464E4D238C50630A44D8 434680 ----a-w- C:\WINDOWS\Sysnative\FNTCACHE.DAT
2013-04-12 17:29:19 394ECD933CD66BADF97EA85A183B9E1E 19230208 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2013-04-12 17:29:07 DE3C3B1B4FA5FBF1F17BCD3B3AE1ED15 3958784 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
2013-04-12 17:29:07 D744D5B8145C2303B19A288AF695E9AD 15404544 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll
2013-04-12 17:29:05 85F1FE2D5EDBFD26066F5ABB9504A69C 2647040 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll
2013-04-12 17:29:04 753C0848AE7872A3F59663078A517293 2240512 ----a-w- C:\WINDOWS\Sysnative\wininet.dll
2013-04-12 17:29:03 8C1EFE99D4C9462EF2E10E7140B44D4A 855552 ----a-w- C:\WINDOWS\Sysnative\jscript.dll
2013-04-12 17:29:03 29812E9971077BE3F8B9DC225CF9D454 1365504 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll
2013-04-12 17:29:03 11B62706B48F8D8F624F39C4F6E98B5C 915968 ----a-w- C:\WINDOWS\Sysnative\uxtheme.dll
2013-04-12 17:29:02 A89103864B67CE1ED3BB5D48569D3D94 51712 ----a-w- C:\WINDOWS\Sysnative\ie4uinit.exe
2013-04-12 17:29:02 268E23EAEDF3FAF87A7A87F0257C9E87 603136 ----a-w- C:\WINDOWS\Sysnative\msfeeds.dll
2013-04-12 17:29:01 3E56860C3490630B2C9FD5398C10D2E8 2706432 ----a-w- C:\WINDOWS\Sysnative\mshtml.tlb
2013-04-12 17:29:01 38BEBBC4CF9FE6566262F0037DF843BF 136704 ----a-w- C:\WINDOWS\Sysnative\iesysprep.dll
2013-04-12 17:29:01 194125E7839D4902F2490A70049E8F78 53248 ----a-w- C:\WINDOWS\Sysnative\jsproxy.dll
2013-04-12 17:28:45 9E93469F299BBCB4ECD1378403C9B8CD 4041728 ----a-w- C:\WINDOWS\Sysnative\win32k.sys
2013-04-12 16:25:11 79CAB096514C381152F4306BC87A7B29 1011200 ----a-w- C:\WINDOWS\Sysnative\reseteng.dll
2013-04-12 16:24:57 299F354F0808017F6927B35C8FB6EFCD 6991592 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe
====== C:\WINDOWS\Sysnative\drivers =====
2013-04-15 11:04:07 B6D52E2C38B49A156E58FF5B9C6CA8BE 2231528 ----a-w- C:\WINDOWS\Sysnative\drivers\tcpip.sys
2013-04-15 11:04:03 9531E7D938912F315F8161B5DA5DAD13 327912 ----a-w- C:\WINDOWS\Sysnative\drivers\Classpnp.sys
2013-04-15 11:04:00 36E2B5A5AC7688FFB3270F57103507D2 411880 ----a-w- C:\WINDOWS\Sysnative\drivers\FWPKCLNT.SYS
2013-04-15 11:04:00 091607B272C5E7BE2DCEF2D5463A407B 332520 ----a-w- C:\WINDOWS\Sysnative\drivers\storport.sys
2013-04-15 11:03:58 500BE6B2E49883720D0AE8BB859ED7A3 495336 ----a-w- C:\WINDOWS\Sysnative\drivers\vhdmp.sys
2013-04-15 11:03:54 B240874B2CA0CD02E8CD11E140B14C57 77544 ----a-w- C:\WINDOWS\Sysnative\drivers\storahci.sys
2013-04-15 11:03:54 7D0570A2C678116523BB4932A6D71020 125160 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2013-04-15 11:03:54 739A739DCC5D02FE30EDEADEBD7B9898 283880 ----a-w- C:\WINDOWS\Sysnative\drivers\spaceport.sys
2013-04-15 11:03:54 6F0BFF80EE2A5BC841286A51F893CBAD 148712 ----a-w- C:\WINDOWS\Sysnative\drivers\tpm.sys
2013-04-15 11:03:54 11C0CF143D246E2F0E9BDBF17A0CC70B 337128 ----a-w- C:\WINDOWS\Sysnative\drivers\USBXHCI.SYS
2013-04-15 11:03:54 0698DEDEAD6A00AD0D468C687D830FBF 69864 ----a-w- C:\WINDOWS\Sysnative\drivers\pdc.sys
2013-04-15 11:03:54 047315E75392CEA447ACC86257824C16 194792 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2013-04-15 11:03:53 EA8EAD3F5B762F889CC7F3966625B48B 30720 ----a-w- C:\WINDOWS\Sysnative\drivers\monitor.sys
2013-04-15 11:03:53 C0ADEBED913295803B579ED288936CBB 26112 ----a-w- C:\WINDOWS\Sysnative\drivers\mouhid.sys
2013-04-05 15:33:27 FC0E8778C000291CAF60EB88C011E931 314016 ----a-w- C:\WINDOWS\Sysnative\drivers\atksgt.sys
2013-04-05 15:33:27 156AB2E56DC3CA0B582E3362E07CDED7 43680 ----a-w- C:\WINDOWS\Sysnative\drivers\lirsgt.sys
2013-03-29 16:52:45 DB8A82239139348D6666434128D6F5DC 147232 ----a-w- C:\WINDOWS\Sysnative\drivers\gzflt.sys
2013-03-26 13:49:10 99D404A9A0AFC4734E014EBEBAC13F8F 230904 ----a-w- C:\WINDOWS\Sysnative\drivers\WdFilter.sys
2013-03-26 13:49:10 6F4B5DDDC3B86091E94BC47347A78AF7 35232 ----a-w- C:\WINDOWS\Sysnative\drivers\WdBoot.sys
====== C:\WINDOWS\Tasks ======
2013-04-24 20:36:06 !HASH: COULD NOT OPEN FILE !!!!! 1148 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3813394021-1948135682-3251271600-1001UA.job
2013-04-24 20:36:04 !HASH: COULD NOT OPEN FILE !!!!! 1096 ----a-w- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3813394021-1948135682-3251271600-1001Core.job
2013-04-22 12:23:00 !HASH: COULD NOT OPEN FILE !!!!! 884 ----a-w- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2013-04-01 13:16:32 -------- d-----w- C:\Program Files\Microsoft Silverlight
======= C:\Program Files (x86) =====
2013-04-24 20:14:33 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-04-21 16:47:35 -------- d-----w- C:\Program Files (x86)\Steam
2013-04-07 15:07:09 -------- d-----w- C:\Program Files (x86)\Ubisoft
2013-04-03 19:47:04 -------- d-----w- C:\Program Files (x86)\JDownloader
2013-04-01 13:16:32 -------- d-----w- C:\Program Files (x86)\Microsoft Silverlight
======= C: =====
====== C:\Users\LSatan\AppData\Roaming ======
2013-04-24 21:00:05 -------- d-----w- C:\users\LSatan\AppData\Local\NPE
2013-04-24 20:36:34 -------- d-----w- C:\users\LSatan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-04-22 12:31:53 -------- d-----w- C:\users\LSatan\AppData\Local\Warframe
2013-04-21 16:56:29 -------- d-----w- C:\users\LSatan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-04-17 11:05:52 -------- d-----w- C:\users\LSatan\AppData\Local\Vidalia
2013-04-17 11:02:30 -------- d-----w- C:\users\LSatan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tor
2013-04-17 11:00:44 -------- d-----w- C:\users\LSatan\AppData\Roaming\tor
2013-04-17 11:00:37 -------- d-----w- C:\users\LSatan\AppData\Local\Mozilla
====== C:\Users\LSatan ======
2013-04-24 20:14:41 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-04-21 16:47:35 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2013-04-18 09:03:58 -------- d-----w- C:\ProgramData\notracks.com
2013-04-16 20:26:30 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2013-04-16 20:26:26 -------- d-----w- C:\ProgramData\MediaMonkey
2013-04-07 15:16:34 -------- d-----w- C:\ProgramData\Tages
2013-04-07 13:06:42 -------- d-----w- C:\ProgramData\Solidshield
2013-04-07 12:50:58 -------- d-----w- C:\ProgramData\bdch
2013-04-01 13:17:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

====== C: exe-files ==
2013-04-25 08:36:39 FFC1FF783B62D50C8EAF654228397B73 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$IOWXQ3W.exe
2013-04-25 08:36:39 EFD04F03FC6F13FAF27161439D902DF0 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$IC0DI3N.exe
2013-04-25 08:36:39 C5CBD8A89F3D8DBF0C34C49A121579DB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$IXB1ZUS.exe
2013-04-25 08:36:39 A596BBCB67FDF7C2F0B96B332054229A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$IYL25O7.exe
2013-04-25 08:36:39 90DC49D357A2E29B60821FA423335ADB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$IADE4ZQ.exe
2013-04-25 08:36:39 79348C64D03F25795302A647AC73A8C4 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$IKNIAYV.exe
2013-04-25 08:36:39 7814B4757EC54B1AC3E7E098FAF6DC31 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$IZZWTNR.exe
2013-04-25 08:36:39 7547592CBF7C1191123034F4CE32605B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$ILTAGSC.exe
2013-04-25 08:36:39 6833611CFE181E3CA7FA66F73D6DDC54 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$I1BFZBZ.exe
2013-04-25 08:36:39 66164ED990A495F5D2B5E7CB1F1E8EB9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$IH5F5TY.exe
2013-04-25 08:36:39 65545D5F1C69962B10F66CA987DC56E9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$ID51F1N.exe
2013-04-25 08:36:12 847B82A07142E76BF2946E8663DFF8FE 1267788 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$RADE4ZQ.exe
2013-04-25 08:34:56 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$RYL25O7.exe
2013-04-25 08:34:48 847B82A07142E76BF2946E8663DFF8FE 1267788 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$RKNIAYV.exe
2013-04-24 21:40:10 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$RXB1ZUS.exe
2013-04-24 21:40:05 9A2347903D6EDB84C10F288BC0578C1C 388608 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$RH5F5TY.exe
2013-04-24 21:05:40 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$RD51F1N.exe
2013-04-24 21:03:00 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$RZZWTNR.exe
2013-04-24 21:00:42 2E9D7C81BE0FD97577BC0FA1F051C4C1 2567216 ----a-w- C:\Users\LSatan\AppData\Local\Microsoft\DefaultSetup\DefaultSetup.exe
2013-04-24 20:59:57 311606C4229C57AD3C1CCD6FBC4E499A 2989560 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$RLTAGSC.exe
2013-04-24 20:55:50 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$R1BFZBZ.exe
2013-04-24 20:50:49 6E4916DC5BA0697C28915DA5261FF250 70490256 ----a-w- C:\Windows\SysWOW64\MRT.exe
2013-04-24 20:49:45 08B84215BFD37691BA3D6A32F5CEE45E 19622496 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$ROWXQ3W.exe
2013-04-24 20:49:09 5A4F386010A650FEC6ABE2272D35C60A 244183920 ----a-w- C:\$Recycle.Bin\S-1-5-21-3813394021-1948135682-3251271600-1001\$RC0DI3N.exe
2013-04-24 20:45:47 59DCE6783F9ED27EB72C81466E363BF8 166528 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
2013-04-24 20:45:46 59DCE6783F9ED27EB72C81466E363BF8 166528 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\SDWSCSvc.exe
2013-04-24 20:45:44 01DB315291406DBE0523CFB084543AB4 4909600 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exe
2013-04-24 20:45:41 01DB315291406DBE0523CFB084543AB4 4909600 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\SDTools.exe
2013-04-24 20:45:40 2888755BDD43B8F9D2529579394F177F 3343384 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSysRepair.exe
2013-04-24 20:45:39 2888755BDD43B8F9D2529579394F177F 3343384 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\SDSysRepair.exe
2013-04-24 20:45:37 82C13F2B678D1F6225024EE02EBA0FCE 3226648 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDShred.exe
2013-04-24 20:45:36 82C13F2B678D1F6225024EE02EBA0FCE 3226648 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\SDShred.exe
2013-04-24 20:45:34 7C084FFAE9757827C6D2C9FA0EF4698B 4697104 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSettings.exe
2013-04-24 20:45:32 7C084FFAE9757827C6D2C9FA0EF4698B 4697104 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\SDSettings.exe
2013-04-24 20:45:30 EA932C3B977A5941FF220951C05981E1 3912736 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
2013-04-24 20:45:28 EA932C3B977A5941FF220951C05981E1 3912736 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\SDRootAlyzer.exe
2013-04-24 20:45:26 15AF7C79B94FBA50631668AE52727AAA 3209744 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDQuarantine.exe
2013-04-24 20:45:24 15AF7C79B94FBA50631668AE52727AAA 3209744 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\SDQuarantine.exe
2013-04-24 20:45:22 4EEA188CF3DF6696544C5F96A95995A5 3120680 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDPrepPos.exe
2013-04-24 20:45:21 4EEA188CF3DF6696544C5F96A95995A5 3120680 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\SDPrepPos.exe
2013-04-24 20:45:15 BD313CF4DEA43D3DAD7F4753D9CBB1FE 3760664 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
2013-04-24 20:45:14 BD313CF4DEA43D3DAD7F4753D9CBB1FE 3760664 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\SDImmunize.exe
2013-04-24 20:45:08 F87B7FB71ED1061033C3EDC7E3EAC31B 3336216 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe
2013-04-24 20:45:07 F87B7FB71ED1061033C3EDC7E3EAC31B 3336216 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\SDFiles.exe
2013-04-24 20:45:04 DB977E79C9CABCDC0C84E8C167A31C81 2720792 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDDelFile.exe
2013-04-24 20:45:02 DB977E79C9CABCDC0C84E8C167A31C81 2720792 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\SDDelFile.exe
2013-04-24 20:45:02 1DC278B8557581109F5687B9D9140001 3527176 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
2013-04-24 20:45:00 1DC278B8557581109F5687B9D9140001 3527176 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\SDCleaner.exe
2013-04-24 20:44:38 90ACE81DABD8FF86C22451DC07A11AB7 129560 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\Updates\Extracts\blindman.exe
2013-04-24 20:44:38 90ACE81DABD8FF86C22451DC07A11AB7 129560 ----a-w- C:\Program Files (x86)\Spybot - Search & Destroy 2\blindman.exe
2013-04-24 20:41:21 BECDDA0990DEBD72A30096533521AD73 213384 ----atw- C:\Users\LSatan\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe
2013-04-24 20:41:21 B676429E44F2F8ACC3BAE7C89F46B212 281480 ----atw- C:\Users\LSatan\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
2013-04-24 20:41:21 984CC93BB0EF86A0B4825269D8379D81 774424 ----a-w- C:\Users\LSatan\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateSetup.exe
2013-04-24 20:41:21 74E337FFEB2B34043F8499D2F3DE03A8 59784 ----atw- C:\Users\LSatan\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe
2013-04-24 20:41:21 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\LSatan\AppData\Local\Google\Update\1.3.21.135\GoogleUpdate.exe
2013-04-24 20:41:21 376ECCCE33C2C232112DE830E3C81763 59784 ----atw- C:\Users\LSatan\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateBroker.exe
2013-04-24 20:41:20 984CC93BB0EF86A0B4825269D8379D81 774424 ----a-w- C:\Users\LSatan\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.135\GoogleUpdateSetup.exe
2013-04-24 20:36:28 88363B688206D0C89FB1DD926F074C42 33302880 ----a-w- C:\Users\LSatan\AppData\Local\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\26.0.1410.64\26.0.1410.64_chrome_installer.exe
2013-04-24 20:36:04 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\LSatan\AppData\Local\Google\Update\GoogleUpdate.exe
2013-04-23 19:17:26 AAD923999DF6889F91F10BE68FF044C8 237568 ----a-w- C:\Program Files (x86)\Steam\steamerrorreporter64.exe
2013-04-22 17:58:24 EC49E08005AFBA2E425B2A5FAC9C6D3A 314784 ----a-w- C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\Uninstaller.exe
2013-04-22 17:58:12 C10C44C13ECCE7C64F898529D00A2089 805232 ----a-w- C:\Users\LSatan\AppData\Local\Sony Online Entertainment\ApplicationUpdater\ApplicationUpdaterService.exe
2013-04-22 17:58:12 BC2CA36102A73CDAF19F29E7EFE857D4 294400 ----a-w- C:\Users\LSatan\AppData\Local\Sony Online Entertainment\ApplicationUpdater\wws_crashreport_uploader.exe
2013-04-22 17:58:10 C10C44C13ECCE7C64F898529D00A2089 805232 ----a-w- C:\Users\LSatan\AppData\Local\Sony Online Entertainment\ApplicationUpdater\ApplicationDownloaderService.exe
2013-04-22 13:57:47 D5B4F2DFD62B67F8CF1C0A69ABE36305 98304 ----a-w- C:\Users\LSatan\Dropbox\Paypal geld adder.exe
2013-04-22 13:15:56 42E1A5A014CDC7E9ABE789A738F9DFA6 156160 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\FixTimestamps.exe
2013-04-22 13:08:54 497C64DAD21473EC354D9E3CB3C8EA7F 38240 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\awesomium_process.exe
2013-04-22 13:08:24 EC49E08005AFBA2E425B2A5FAC9C6D3A 314784 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\Uninstaller.exe
2013-04-22 13:08:24 BF3F290275C21BDD3951955C9C3CF32C 517976 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\redist\DirectX\DXSETUP.exe
2013-04-22 13:08:24 9ED398276601DFF29A65041DB3C1B33D 290816 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\wws_crashreport_uploader.exe
2013-04-22 13:08:23 E83DAD7482A58480889D48FAC374CCEA 300392 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\LaunchPad.libs\wws_crashreport_uploader.exe
2013-04-22 13:08:23 A7A1C824D39907EC977C03ED00DE882C 454504 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\LaunchPad.libs\AwesomiumProcess.exe
2013-04-22 13:08:23 98A5CBF0EFFAF928998E495E9A76ED96 1022808 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\LaunchPad.exe
2013-04-22 13:08:23 4C2223EE3612427339A2A5CDF402374E 56666112 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\PlanetSide 2\PlanetSide2.exe
2013-04-22 11:54:48 9891BB8D5F371887FB51D10C570BBB11 92072 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Day of Defeat Source\hl2.exe
2013-04-21 17:58:47 D92FCDD7E815FBFECD9F9C8F7766DD05 659880 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Day of Defeat Source\bin\vpk.exe
2013-04-21 16:47:53 3DD25048297A24AB4B3BFC17ABA5D0DB 1242448 ----a-w- C:\Program Files (x86)\Steam\SteamTmp.exe
2013-04-19 19:10:08 ED136EE9DD4D9EBC59AD7272C03D8AC8 6065712 ----a-w- C:\ProgramData\Battle.net\Agent\Agent.1737\Agent.exe
=== C: other files ==
2013-04-24 20:32:11 FBFD88E882285BA076255C7E25CF2B21 2718 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip
2013-04-24 20:32:11 E2DA0F887A4DF77DBD8B75B2B7D8E918 2547 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip
2013-04-24 20:32:11 DF16F0927A57D63A7907F62CC0EF55CC 2617 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip
2013-04-24 20:32:11 D93F6E822F51C6609A875CAE1D7DC30B 2712 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip
2013-04-24 20:32:11 C1054E3664AE8C5E7F7A33A5E7822132 2276 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip
2013-04-24 20:32:11 AC3A08F74072FD9134616E6BEA16B2B5 2578 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip
2013-04-24 20:32:11 7E4D0B887478D39A7AA51C5115780269 2286 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Verlauf-0000.zip
2013-04-24 20:32:11 33F048C3C4520A6ECE7F4CFC73DA4DA2 2280 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip
2013-04-24 20:32:11 2D22074B23099AF2959FB97D1AC4257C 2306 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Right Media-0000.zip
2013-04-24 20:32:11 2B862003FF53E44865AA9314F303EE5A 2902 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip
2013-04-24 20:32:11 18D345BFA0E4A9B990C34B6EF93D24CA 2581 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\SweetIM-0000.zip
2013-04-24 20:32:11 01A94880E64D78D528A31D4ED22E2E82 2685 ----a-w- C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip
2013-04-21 17:58:47 1886D3B7BF763A41A983CD2F366C40D1 7253928 ----a-w- C:\Program Files (x86)\Steam\SteamApps\common\Day of Defeat Source\bin\itemtest.com
2013-04-18 08:51:34 9B3CE46FBF486FD66FB49077D461CA18 816001 ----a-w- C:\Users\LSatan\AppData\Roaming\Mozilla\Firefox\Profiles\pcc01t1o.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3813394021-1948135682-3251271600-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe /MINIMIZED"
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"Google Update"="C:\Users\LSatan\AppData\Local\Google\Update\GoogleUpdate.exe /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AVMWlanClient"="C:\Program Files (x86)\avmwlanstick\wlangui.exe"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="C:\Program Files (x86)\BitTorrent\BitTorrent.exe /MINIMIZED"
"OfficeSyncProcess"="C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"Google Update"="C:\Users\LSatan\AppData\Local\Google\Update\GoogleUpdate.exe /c"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bdagent"="C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe"

==== Startup Folders ======================

2012-11-04 21:36:27 1012 ----a-w- C:\users\LSatan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2012-11-08 19:18:40 1314 ----a-w- C:\users\LSatan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a-------- [Undertermined Task]
C:\WINDOWS\tasks\AutoKMS.job --a-------- [Undertermined Task]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3813394021-1948135682-3251271600-1001Core.job --a-------- [Undertermined Task]
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3813394021-1948135682-3251271600-1001UA.job --a-------- [Undertermined Task]

==== Firefox Extensions ======================

ProfilePath: C:\Users\LSatan\AppData\Roaming\Mozilla\Firefox\Profiles\pcc01t1o.default
- Torbutton - %ProfilePath%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi

==== Firefox Plugins ======================

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hempmfkijmahkaddljkmchcmjbojoedl - C:\Users\LSatan\AppData\Local\CRE\hempmfkijmahkaddljkmchcmjbojoedl.crx[]
jcdgjdiieiljkfkdcloehkohchhpekkn - C:\Users\LSatan\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx[]
nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files (x86)\TornTV.com\torn2_10.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
hempmfkijmahkaddljkmchcmjbojoedl - C:\Users\LSatan\AppData\Local\CRE\hempmfkijmahkaddljkmchcmjbojoedl.crx[]

Google Docs - LSatan - Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - LSatan - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - LSatan - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - LSatan - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - LSatan - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
BittorrentBar_DE - LSatan - Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl
ProxMate - unblock the Internet - LSatan - Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm
Chrome to Mobile - LSatan - Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd
Facebook Ad Block - LSatan - Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa
Ghostery - LSatan - Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij
Gmail - LSatan - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\LSatan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hempmfkijmahkaddljkmchcmjbojoedl deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3813394021-1948135682-3251271600-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\hempmfkijmahkaddljkmchcmjbojoedl deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\hempmfkijmahkaddljkmchcmjbojoedl deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\LSatan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFL79DQD will be deleted at reboot
C:\Users\LSatan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCSHOAFP will be deleted at reboot
C:\Users\LSatan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QC6WIPC6 will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\users\LSatan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

After Reboot

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\LSatan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\LSatan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KFL79DQD" not found
"C:\Users\LSatan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCSHOAFP" not found
"C:\Users\LSatan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QC6WIPC6" not found

und die OTL.txt OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.04.2013 10:56:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\LSatan\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,09 Gb Available Physical Memory | 76,25% Memory free
9,17 Gb Paging File | 7,06 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 595,95 Gb Total Space | 383,25 Gb Free Space | 64,31% Space Free | Partition Type: NTFS
 
Computer Name: CHEMIKER-PC | User Name: LSatan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.25 10:55:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LSatan\Downloads\OTL.exe
PRC - [2013.04.04 15:03:57 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\LSatan\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.10.22 03:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Users\LSatan\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Users\LSatan\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Users\LSatan\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Users\LSatan\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Users\LSatan\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013.04.04 15:03:57 | 002,243,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013.04.04 15:03:57 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2013.04.04 15:03:57 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2013.03.29 18:52:34 | 000,204,280 | ---- | M] () -- C:\Programme\Bitdefender\Bitdefender 2013\antispam32\txmlutil.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.03.29 18:53:10 | 001,646,792 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe -- (VSSERV)
SRV:64bit: - [2013.03.29 18:52:47 | 000,068,856 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2013.03.02 04:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013.03.02 04:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012.07.26 05:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013.04.22 14:23:00 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.19 23:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.29 18:52:30 | 000,069,392 | ---- | M] (Bitdefender) [Disabled | Stopped] -- C:\Programme\Bitdefender\Bitdefender 2013\bdparentalservice.exe -- (BdDesktopParental)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012.10.03 00:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose64)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.05 17:33:27 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013.04.05 17:33:27 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013.03.29 18:52:45 | 000,147,232 | ---- | M] (BitDefender LLC) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\gzflt.sys -- (gzflt)
DRV:64bit: - [2013.03.02 12:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013.03.02 12:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013.03.02 12:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013.03.02 12:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013.03.02 12:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013.03.02 12:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013.02.06 08:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013.02.06 08:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013.01.30 22:31:25 | 000,082,384 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bdsandbox.sys -- (BDSandBox)
DRV:64bit: - [2013.01.30 22:31:15 | 000,707,528 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avc3.sys -- (avc3)
DRV:64bit: - [2013.01.30 22:30:44 | 000,589,000 | ---- | M] (BitDefender) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\avckf.sys -- (avckf)
DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012.11.09 16:35:12 | 000,225,960 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RTL2832UBDA.sys -- (RTL2832UBDA)
DRV:64bit: - [2012.11.09 16:35:12 | 000,049,192 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID)
DRV:64bit: - [2012.11.09 16:35:12 | 000,039,720 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RTL2832UUSB.sys -- (RTL2832UUSB)
DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012.11.02 14:17:46 | 000,261,056 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012.10.31 13:13:18 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\trufos.sys -- (trufos)
DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.07.26 04:29:47 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012.07.26 04:26:57 | 000,089,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\xusb22.sys -- (xusb22)
DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.26 04:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012.07.26 04:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012.07.26 04:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012.07.11 07:48:42 | 000,023,456 | ---- | M] (Bitdefender) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bdelam.sys -- (bdelam)
DRV:64bit: - [2012.07.09 14:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.06.02 16:31:31 | 000,100,864 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2012.03.21 16:26:40 | 000,013,168 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SMARTMouseFilterx64.sys -- (SMARTMouseFilterx64)
DRV:64bit: - [2012.03.21 16:26:32 | 000,024,944 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SMARTVTabletPCx64.sys -- (SMARTVTabletPCx64)
DRV:64bit: - [2012.03.21 16:26:30 | 000,016,368 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SMARTVHidMiniVistaAmd64.sys -- (SMARTVHidMiniVistaAmd64)
DRV:64bit: - [2010.10.22 03:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.10.20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.02.03 11:05:44 | 000,113,280 | ---- | M] (ITE                      ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IT9135BDA.sys -- (IT9135BDA)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hamachi.sys -- (hamachi)
DRV - [2012.10.17 15:13:46 | 000,106,568 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV - [2012.09.03 11:46:15 | 000,097,816 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys -- (BdfNdisf)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3813394021-1948135682-3251271600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3813394021-1948135682-3251271600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
IE - HKU\S-1-5-21-3813394021-1948135682-3251271600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3813394021-1948135682-3251271600-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 C3 05 5F D2 BA CD 01  [binary data]
IE - HKU\S-1-5-21-3813394021-1948135682-3251271600-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3813394021-1948135682-3251271600-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3813394021-1948135682-3251271600-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-3813394021-1948135682-3251271600-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3813394021-1948135682-3251271600-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledAddons: %7Be0204bd5-9d31-402b-a99d-a6aa8ffebdca%7D:1.4.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\LSatan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\LSatan\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll File not found
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2013.01.28 17:28:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.06 14:47:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013.01.28 17:28:39 | 000,000,000 | ---D | M]
 
[2012.11.06 14:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LSatan\AppData\Roaming\mozilla\Extensions
[2012.11.04 23:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LSatan\AppData\Roaming\mozilla\Firefox\extensions
[2012.11.04 23:34:39 | 000,000,000 | ---D | M] (BittorrentBar_DE) -- C:\Users\LSatan\AppData\Roaming\mozilla\Firefox\extensions\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}
[2013.04.05 17:23:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LSatan\AppData\Roaming\mozilla\Firefox\Profiles\[opt]rs0\extensions
[2013.04.18 10:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LSatan\AppData\Roaming\mozilla\Firefox\Profiles\pcc01t1o.default\extensions
[2013.04.18 10:54:43 | 000,816,001 | ---- | M] () (No name found) -- C:\Users\LSatan\AppData\Roaming\mozilla\firefox\profiles\pcc01t1o.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\LSatan\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\LSatan\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\LSatan\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Google Update (Enabled) = C:\Users\LSatan\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\LSatan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\LSatan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\LSatan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\LSatan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\LSatan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: ProxMate - unblock the Internet! = C:\Users\LSatan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.2.4_0\
CHR - Extension: Chrome to Mobile = C:\Users\LSatan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\1.0.0_0\
CHR - Extension: Facebook Ad Block = C:\Users\LSatan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa\1.0.4_0\
CHR - Extension: Ghostery = C:\Users\LSatan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.1_0\
CHR - Extension: Google Mail = C:\Users\LSatan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.04.25 10:44:00 | 000,000,840 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost 
O1 - Hosts: ::1             localhost 
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Programme\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-3813394021-1948135682-3251271600-1001..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKU\S-1-5-21-3813394021-1948135682-3251271600-1001..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-21-3813394021-1948135682-3251271600-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-3813394021-1948135682-3251271600-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-3813394021-1948135682-3251271600-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\LSatan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\LSatan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\LSatan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08AAFC9E-967D-4D4A-9F40-6A66E22A5A22}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.11.03 13:25:42 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{406ea921-4ab9-11e2-be85-001f3f013e96}\Shell - "" = AutoRun
O33 - MountPoints2\{406ea921-4ab9-11e2-be85-001f3f013e96}\Shell\AutoRun\command - "" = "G:\setup.exe" 
O33 - MountPoints2\{60e2b60d-2509-11e2-be68-001f3f013e96}\Shell - "" = AutoRun
O33 - MountPoints2\{60e2b60d-2509-11e2-be68-001f3f013e96}\Shell\AutoRun\command - "" = "E:\pushinst.exe" 
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.25 10:51:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.25 10:48:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2013.04.25 10:48:08 | 000,000,000 | ---D | C] -- C:\Users\LSatan\AppData\Local\Temp
[2013.04.24 23:03:33 | 000,000,000 | ---D | C] -- C:\Users\LSatan\AppData\Roaming\Malwarebytes
[2013.04.24 23:03:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.24 23:00:05 | 000,000,000 | ---D | C] -- C:\Users\LSatan\AppData\Local\NPE
[2013.04.24 23:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013.04.24 22:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013.04.24 22:52:17 | 000,000,000 | ---D | C] -- C:\Users\LSatan\Documents\Anti-Malware
[2013.04.24 22:50:49 | 070,490,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MRT.exe
[2013.04.24 22:36:34 | 000,000,000 | ---D | C] -- C:\Users\LSatan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.04.24 22:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.24 22:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.04.22 14:31:53 | 000,000,000 | ---D | C] -- C:\Users\LSatan\AppData\Local\Warframe
[2013.04.21 18:56:29 | 000,000,000 | ---D | C] -- C:\Users\LSatan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.21 18:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.21 18:47:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.04.18 11:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\notracks.com
[2013.04.18 11:02:19 | 000,539,984 | ---- | C] (EasyTech) -- C:\WINDOWS\SysNative\EasyRedirect64.dll
[2013.04.18 11:02:18 | 000,380,240 | ---- | C] (EasyTech) -- C:\WINDOWS\SysWow64\EasyRedirect.dll
[2013.04.17 13:05:52 | 000,000,000 | ---D | C] -- C:\Users\LSatan\AppData\Local\Vidalia
[2013.04.17 13:02:30 | 000,000,000 | ---D | C] -- C:\Users\LSatan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tor
[2013.04.17 13:00:44 | 000,000,000 | ---D | C] -- C:\Users\LSatan\AppData\Roaming\tor
[2013.04.17 13:00:37 | 000,000,000 | ---D | C] -- C:\Users\LSatan\AppData\Local\Mozilla
[2013.04.16 22:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
[2013.04.16 22:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2013.04.15 13:04:08 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2013.04.15 13:04:06 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2013.04.15 13:04:06 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecs.dll
[2013.04.15 13:04:05 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2013.04.15 13:04:04 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfasfsrcsnk.dll
[2013.04.15 13:04:03 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2013.04.15 13:04:03 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
[2013.04.15 13:04:03 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BCP47Langs.dll
[2013.04.15 13:04:03 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll
[2013.04.15 13:04:03 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\Classpnp.sys
[2013.04.15 13:04:03 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ubpm.dll
[2013.04.15 13:04:02 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2013.04.15 13:04:01 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2013.04.15 13:04:01 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2013.04.15 13:04:01 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2013.04.15 13:04:01 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll
[2013.04.15 13:04:01 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.OnlineId.dll
[2013.04.15 13:04:01 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netcfgx.dll
[2013.04.15 13:04:01 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BCP47Langs.dll
[2013.04.15 13:04:01 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll
[2013.04.15 13:04:00 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2013.04.15 13:04:00 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll
[2013.04.15 13:04:00 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2013.04.15 13:04:00 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\drvstore.dll
[2013.04.15 13:04:00 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2013.04.15 13:04:00 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netcfgx.dll
[2013.04.15 13:04:00 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSync.dll
[2013.04.15 13:04:00 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS
[2013.04.15 13:04:00 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys
[2013.04.15 13:04:00 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usbmon.dll
[2013.04.15 13:04:00 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TimeBrokerServer.dll
[2013.04.15 13:03:56 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2013.04.15 13:03:55 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2013.04.15 13:03:54 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll
[2013.04.15 13:03:54 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvstore.dll
[2013.04.15 13:03:54 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSync.dll
[2013.04.15 13:03:54 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS
[2013.04.15 13:03:54 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2013.04.15 13:03:54 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll
[2013.04.15 13:03:54 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\sdbus.sys
[2013.04.15 13:03:54 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2013.04.15 13:03:54 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\powercfg.cpl
[2013.04.15 13:03:54 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\discan.dll
[2013.04.15 13:03:54 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\tpm.sys
[2013.04.15 13:03:54 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\powercfg.cpl
[2013.04.15 13:03:54 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll
[2013.04.15 13:03:54 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncInfo.dll
[2013.04.15 13:03:54 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll
[2013.04.15 13:03:54 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpsd.sys
[2013.04.15 13:03:54 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NdisImPlatform.dll
[2013.04.15 13:03:54 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncInfo.dll
[2013.04.15 13:03:54 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll
[2013.04.15 13:03:54 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll
[2013.04.15 13:03:54 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskhost.exe
[2013.04.15 13:03:54 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storahci.sys
[2013.04.15 13:03:54 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskhostex.exe
[2013.04.15 13:03:54 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSDPrintProxy.DLL
[2013.04.15 13:03:54 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\pdc.sys
[2013.04.15 13:03:54 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe
[2013.04.15 13:03:54 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevDispItemProvider.dll
[2013.04.15 13:03:54 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll
[2013.04.15 13:03:53 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe
[2013.04.15 13:03:53 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevDispItemProvider.dll
[2013.04.15 13:03:53 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe
[2013.04.12 19:29:07 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2013.04.12 19:29:03 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uxtheme.dll
[2013.04.12 19:29:03 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2013.04.12 19:29:03 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2013.04.12 19:29:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2013.04.12 19:29:02 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2013.04.12 19:29:01 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesysprep.dll
[2013.04.12 19:29:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesysprep.dll
[2013.04.12 19:29:01 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2013.04.12 19:29:01 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll
[2013.04.12 18:25:11 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\reseteng.dll
[2013.04.12 18:25:10 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll
[2013.04.12 18:24:57 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2013.04.07 17:16:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages
[2013.04.07 17:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2013.04.07 15:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2013.04.07 14:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\bdch
[2013.04.03 21:47:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.04.01 15:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.04.01 15:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.04.01 15:16:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.31 17:16:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\appmgmt
[2013.03.29 23:09:08 | 000,000,000 | ---D | C] -- C:\CAVEDOG
[2013.03.29 18:52:45 | 000,147,232 | ---- | C] (BitDefender LLC) -- C:\WINDOWS\SysNative\drivers\gzflt.sys
[2013.03.26 15:49:10 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdFilter.sys
[2013.03.26 15:49:10 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\WdBoot.sys
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.25 10:51:08 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.25 10:49:21 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\AutoKMS.job
[2013.04.25 10:49:07 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013.04.25 10:44:00 | 000,000,840 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\etc\hosts
[2013.04.25 10:43:07 | 000,024,064 | ---- | M] () -- C:\WINDOWS\zoek-delete.exe
[2013.04.25 01:10:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.25 00:46:00 | 000,001,148 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3813394021-1948135682-3251271600-1001UA.job
[2013.04.25 00:23:40 | 001,745,416 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013.04.25 00:23:40 | 000,751,892 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2013.04.25 00:23:40 | 000,710,046 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013.04.25 00:23:40 | 000,155,620 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2013.04.25 00:23:40 | 000,132,416 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013.04.24 23:23:21 | 000,186,538 | ---- | M] () -- C:\Users\LSatan\Desktop\teran.JPG
[2013.04.24 22:46:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3813394021-1948135682-3251271600-1001Core.job
[2013.04.24 22:36:39 | 000,002,327 | ---- | M] () -- C:\Users\LSatan\Desktop\Google Chrome.lnk
[2013.04.23 16:19:23 | 000,000,219 | ---- | M] () -- C:\Users\LSatan\Desktop\Day of Defeat Source.url
[2013.04.22 20:02:23 | 000,000,222 | ---- | M] () -- C:\Users\LSatan\Desktop\PlanetSide 2.url
[2013.04.21 18:47:36 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.04.18 11:14:15 | 000,003,520 | ---- | M] () -- C:\WINDOWS\SysWow64\EasyRedirect.ini
[2013.04.18 11:14:15 | 000,002,040 | ---- | M] () -- C:\WINDOWS\SysWow64\EasyRedirectOff.ini
[2013.04.18 11:14:15 | 000,002,040 | ---- | M] () -- C:\WINDOWS\SysNative\EasyRedirectOff.ini
[2013.04.16 22:26:30 | 000,001,047 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2013.04.13 18:24:02 | 000,434,680 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.04.05 17:33:27 | 000,314,016 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\atksgt.sys
[2013.04.05 17:33:27 | 000,043,680 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\lirsgt.sys
[2013.04.03 00:08:01 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2013.04.03 00:08:01 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.01 19:48:44 | 070,490,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MRT.exe
[2013.03.29 18:52:45 | 000,147,232 | ---- | M] (BitDefender LLC) -- C:\WINDOWS\SysNative\drivers\gzflt.sys
[2013.03.28 13:06:26 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.03.27 23:32:37 | 000,001,012 | ---- | M] () -- C:\Users\LSatan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.25 10:48:08 | 000,024,064 | ---- | C] () -- C:\WINDOWS\zoek-delete.exe
[2013.04.24 23:23:21 | 000,186,538 | ---- | C] () -- C:\Users\LSatan\Desktop\teran.JPG
[2013.04.24 22:36:34 | 000,002,327 | ---- | C] () -- C:\Users\LSatan\Desktop\Google Chrome.lnk
[2013.04.24 22:36:06 | 000,001,148 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3813394021-1948135682-3251271600-1001UA.job
[2013.04.24 22:36:04 | 000,001,096 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3813394021-1948135682-3251271600-1001Core.job
[2013.04.23 16:19:23 | 000,000,219 | ---- | C] () -- C:\Users\LSatan\Desktop\Day of Defeat Source.url
[2013.04.22 15:08:25 | 000,000,222 | ---- | C] () -- C:\Users\LSatan\Desktop\PlanetSide 2.url
[2013.04.22 14:23:00 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.21 18:47:36 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.04.18 11:02:19 | 000,003,520 | ---- | C] () -- C:\WINDOWS\SysWow64\EasyRedirect.ini
[2013.04.18 11:02:19 | 000,002,040 | ---- | C] () -- C:\WINDOWS\SysWow64\EasyRedirectOff.ini
[2013.04.18 11:02:19 | 000,002,040 | ---- | C] () -- C:\WINDOWS\SysNative\EasyRedirectOff.ini
[2013.04.16 22:26:30 | 000,001,047 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2013.04.15 13:03:53 | 000,387,867 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2013.04.13 18:23:54 | 000,434,680 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2013.04.05 17:33:27 | 000,314,016 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\atksgt.sys
[2013.04.05 17:33:27 | 000,043,680 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\lirsgt.sys
[2013.04.03 21:48:08 | 000,002,005 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.04.03 21:48:08 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.04.03 21:48:08 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.03.20 18:54:17 | 000,000,003 | ---- | C] () -- C:\Users\LSatan\AppData\Local\user_data.ini
[2013.02.10 14:59:20 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2013.02.10 14:59:20 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2013.01.28 17:30:56 | 000,599,772 | ---- | C] () -- C:\ProgramData\1359386687.bdinstall.bin
[2013.01.13 22:21:45 | 000,223,192 | ---- | C] () -- C:\ProgramData\1358108413.bdinstall.bin
[2012.12.02 23:27:19 | 000,696,794 | ---- | C] () -- C:\ProgramData\1354483221.bdinstall.bin
[2012.11.18 16:38:24 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2012.11.12 23:24:10 | 000,000,017 | ---- | C] () -- C:\Users\LSatan\AppData\Local\resmon.resmoncfg
[2012.11.11 20:05:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\Access.dat
[2012.11.05 01:07:03 | 000,000,667 | ---- | C] () -- C:\WINDOWS\Settings.ini
[2012.11.04 23:05:57 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2012.10.29 13:09:28 | 000,974,848 | ---- | C] () -- C:\WINDOWS\SysWow64\cis-2.4.dll
[2012.10.29 13:09:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_bs-2.3.dll
[2012.10.29 13:09:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_pe-2.3.dll
[2012.10.29 13:09:28 | 000,057,344 | ---- | C] () -- C:\WINDOWS\SysWow64\issacapi_se-2.3.dll
[2012.10.29 13:09:28 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2012.12.03 14:56:44 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

--- --- ---

smeenk · 25.04.2013, 10:23

bemerkst du momentan noch einige Probleme?

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

LSatan · 25.04.2013, 10:26

Keine Probleme mehr vorhanden.

Ich wüsste nur gerne um was sich gehandelt hat, da mein Vierenprogramm usw nichts feststellen konnte.

MfG

LSatan

smeenk · 25.04.2013, 10:37

Dein Hosts-Datei war geändert:

Zitat:

O1 - Hosts: 213.239.204.183 www.subdomain.sls.tera-europe.de
O1 - Hosts: 213.239.204.183 subdomain.sls.tera-europe.de
O1 - Hosts: 213.239.204.183 www.account.tera-europe.com
O1 - Hosts: 213.239.204.183 account.tera-europe.com
O1 - Hosts: 213.239.204.183 www.sls.tera-europe.de
O1 - Hosts: 213.239.204.183 www.tera-europe.com
O1 - Hosts: 213.239.204.183 sls.tera-europe.de
O1 - Hosts: 213.239.204.183 tera-europe.com

Mit Zoek ist diese wieder nach Standardeinstellungen zurückgesetzt.
Die Ursache könnte ich im Logs leider nicht nachweisen.

Browser öffnet andere Seite!

Plagegeister aller Art und deren Bekämpfung: Browser öffnet andere Seite!