| |
| |||||||
Log-Analyse und Auswertung: Sporadische Adf.ly-Popups, Verdacht auf RootkitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.06.2013, 21:34
| #1 |
 |  Sporadische Adf.ly-Popups, Verdacht auf Rootkit Hey, seit einigen Tagen ist mir aufgefallen, dass ich in unregelmäßigen Abständen beim Surfen Popups (trotz Adblocker) der Seite Adf.ly bekomme, die mich auf MSN.com weiterleiten sollen. Davor hatte ich einige Popups russischer Werbeseiten (komischerweise ausschließlich beim Durchstöbern des Forums eines bekannten PC-Spiels), hab diese Seiten aber letztendlich einfach blockiert mittels Adblock Plus und dann war eine Zeit lang Ruhe. Zum Surfen benutze ich Firefox. Ein Rootkit oder Malware hab ich bis dahin ausgeschlossen, da ich eigentlich nicht auf dubiosen Seiten unterwegs bin und auch auf Sicherheit achte, was solche Dinge anbelangt. Natürlich hab ich rein aus Neugier trotzdem Spybot und Malwarebytes drüber laufen lassen, ohne "Erfolg". So langsam kommt mir das ganze aber komisch vor. Noch dazu war ich heute mit meinem Handy (Samsung Galaxy S2, also Android) online und auch dort genau das selbe, allerdings eine etwas andere Seite (Adfoc.us). Nun stell ich mir die Frage: Liegt es an mir? Hab ich mir irgendwie etwas eingefangen oder ist das ein Problem auf Seiten der Server? Hier einige Logs von vor ein paar Minuten: Gmer: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-04 21:58:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 SanDisk_SDSSDX120GG25 rev.R112 111,79GB
Running: myxl1e2z.exe; Driver: d:\Users\Dani\AppData\Local\Temp\kxldapod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff800031a5000 2 bytes [4D, 5A]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 563 fffff800031a5003 42 bytes [00, 03, 00, 00, 00, 04, 00, ...]
.text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff88003c39d64 12 bytes {MOV RAX, 0xfffffa800797c2a0; JMP RAX}
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3748] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075a61465 2 bytes [A6, 75]
.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3748] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000075a614bb 2 bytes [A6, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3144] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075a61465 2 bytes [A6, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3144] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 0000000075a614bb 2 bytes [A6, 75]
.text ... * 2
---- Devices - GMER 2.1 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa80066ac2c0
Device \Driver\atapi \Device\Ide\IdePort0 fffffa80066ac2c0
Device \Driver\atapi \Device\Ide\IdePort1 fffffa80066ac2c0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80066ac2c0
Device \Driver\atygi1u3 \Device\Scsi\atygi1u31 fffffa8007a512c0
Device \Driver\atygi1u3 \Device\Scsi\atygi1u31Port2Path0Target0Lun0 fffffa8007a512c0
Device \FileSystem\Ntfs \Ntfs fffffa80070082c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{50D0A1FD-79D4-4C74-BABD-180E8FEC2688} fffffa800785e2c0
Device \Driver\USBSTOR \Device\0000008e fffffa800957d2c0
Device \Driver\atapi \Device\Dev_fffffa800751c060 fffffa800ef5f880
Device \Driver\usbehci \Device\USBPDO-1 fffffa800797a2c0
Device \Driver\cdrom \Device\CdRom0 fffffa80081bc2c0
Device \Driver\USBSTOR \Device\0000008b fffffa800957d2c0
Device \Driver\usbehci \Device\USBFDO-0 fffffa800797a2c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{F9DE9B3B-D6F4-44C4-9ABA-AE230A8CDF98} fffffa800785e2c0
Device \Driver\atapi \Device\Dev_fffffa80071b2060 fffffa800ef5f880
Device \Driver\USBSTOR -> DriverStartIo \Device\Dev_fffffa80095a7b60 fffffa800eea19c4
Device \Driver\USBSTOR \Device\Dev_fffffa80095a7b60 fffffa800eeb3578
Device \Driver\usbehci \Device\USBFDO-1 fffffa800797a2c0
Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa800785e2c0
Device \Driver\atapi \Device\ScsiPort0 fffffa80066ac2c0
Device \Driver\usbehci \Device\USBPDO-0 fffffa800797a2c0
Device \Driver\atapi \Device\ScsiPort1 fffffa80066ac2c0
Device \Driver\atygi1u3 \Device\ScsiPort2 fffffa8007a512c0
---- Trace I/O - GMER 2.1 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80066ac2c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa80066ac2c0
Trace 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8007715060] fffffa8007715060
Trace 3 CLASSPNP.SYS[fffff88001a9143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80071b2060] fffffa80071b2060
Trace \Driver\atapi[0xfffffa80071948f0] -> IRP_MJ_CREATE -> 0xfffffa80066ac2c0 fffffa80066ac2c0
---- Modules - GMER 2.1 ----
Module \SystemRoot\System32\Drivers\atygi1u3.SYS (USB Mass Storage Class Driver/Microsoft Corporation SIGNED)(2012-08-10 18:52:26) fffff88005578000-fffff880055c9000 (331776 bytes)
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [17892:17852] 0000000075a47587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [17892:17820] 000000007230758a
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [17892:17828] 0000000077a82e25
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [17892:1156] 0000000077a83e45
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [17892:18332] 0000000077a83e45
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [17892:17900] 0000000077a83e45
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x02 0xDC 0xEE 0xD4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF9 0x7F 0x2A 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0x5E 0x19 0x22 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x02 0xDC 0xEE 0xD4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF9 0x7F 0x2A 0x88 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0x5E 0x19 0x22 ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter ---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16576
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.303000 GHz
Memory total: 8549089280, free: 5070921728
Downloaded database version: v2013.06.04.08
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
06/04/2013 21:25:47
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\scmndisp.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\??\C:\Program Files\NetLimiter 3\nltdi.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\jswpslwfx.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\System32\Drivers\atygi1u3.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\nlndis.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\athurx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\adfs.SYS
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\user32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\setupapi.dll
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\nsi.dll
\Windows\System32\usp10.dll
\Windows\System32\lpk.dll
\Windows\System32\Wldap32.dll
\Windows\System32\gdi32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\iertutil.dll
\Windows\System32\psapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msctf.dll
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800970a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008e\
Lower Device Object: 0xfffffa80095a7b60
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800970a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008e\
Lower Device Object: 0xfffffa80095a7b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007715060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80071b2060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007714060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
Lower Device Object: 0xfffffa800751c060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
<<<2>>>
Device number: 1, partition: 2
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007715060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007715b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007715060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80071b2060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a014e91540, 0xfffffa8007715060, 0xfffffa801002f490
Lower DeviceData: 0xfffff8a00ceca230, 0xfffffa80071b2060, 0xfffffa800997be40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 1, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 1, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007714060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007714b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007714060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800751c060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a005ae95a0, 0xfffffa8007714060, 0xfffffa801002b510
Lower DeviceData: 0xfffff8a01add8160, 0xfffffa800751c060, 0xfffffa800a271320
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: FDB476BB
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953519616
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7760A44E
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 234231808
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 120034123776 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa800970a790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009708990, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800970a790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80095a7b60, DeviceName: \Device\0000008e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00e3529c0, 0xfffffa800970a790, 0xfffffa800fc00790
Lower DeviceData: 0xfffff8a0276ee590, 0xfffffa80095a7b60, 0xfffffa8009e69230
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 200EF8
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953517568
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000202043392 bytes
Sector size: 512 bytes
Done!
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: D:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scan finished
=======================================
Removal queue found; removal started
Removing d:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing d:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing d:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing d:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_2048_i.mbam...
Removing d:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removing d:\programdata\malwarebytes' anti-malware (portable)\mbr_2_i.mbam...
Removing d:\programdata\malwarebytes' anti-malware (portable)\mbr_2_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
(c) Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 10.0.9200.16576
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 3.303000 GHz
Memory total: 8549089280, free: 5430894592
=======================================
Code:
ATTFilter 22:26:40.0889 18360 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34
22:26:40.0981 18360 ============================================================
22:26:40.0981 18360 Current date / time: 2013/06/04 22:26:40.0981
22:26:40.0981 18360 SystemInfo:
22:26:40.0981 18360
22:26:40.0981 18360 OS Version: 6.1.7601 ServicePack: 1.0
22:26:40.0981 18360 Product type: Workstation
22:26:40.0982 18360 ComputerName: DANI-PC
22:26:40.0982 18360 UserName: Dani
22:26:40.0982 18360 Windows directory: C:\Windows
22:26:40.0982 18360 System windows directory: C:\Windows
22:26:40.0982 18360 Running under WOW64
22:26:40.0982 18360 Processor architecture: Intel x64
22:26:40.0982 18360 Number of processors: 4
22:26:40.0982 18360 Page size: 0x1000
22:26:40.0982 18360 Boot type: Normal boot
22:26:40.0982 18360 ============================================================
22:26:41.0141 18360 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:26:41.0141 18360 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:26:41.0143 18360 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:26:41.0144 18360 ============================================================
22:26:41.0144 18360 \Device\Harddisk1\DR1:
22:26:41.0144 18360 MBR partitions:
22:26:41.0144 18360 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:26:41.0144 18360 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
22:26:41.0144 18360 \Device\Harddisk0\DR0:
22:26:41.0144 18360 MBR partitions:
22:26:41.0144 18360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
22:26:41.0144 18360 \Device\Harddisk2\DR2:
22:26:41.0145 18360 MBR partitions:
22:26:41.0145 18360 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
22:26:41.0145 18360 ============================================================
22:26:41.0145 18360 C: <-> \Device\Harddisk1\DR1\Partition2
22:26:41.0167 18360 D: <-> \Device\Harddisk0\DR0\Partition1
22:26:41.0170 18360 E: <-> \Device\Harddisk2\DR2\Partition1
22:26:41.0170 18360 ============================================================
22:26:41.0170 18360 Initialize success
22:26:41.0170 18360 ============================================================
22:26:41.0782 15864 ============================================================
22:26:41.0783 15864 Scan started
22:26:41.0783 15864 Mode: Manual;
22:26:41.0783 15864 ============================================================
22:26:41.0938 15864 ================ Scan system memory ========================
22:26:41.0938 15864 System memory - ok
22:26:41.0939 15864 ================ Scan services =============================
22:26:41.0968 15864 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:26:41.0969 15864 1394ohci - ok
22:26:41.0973 15864 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:26:41.0975 15864 ACPI - ok
22:26:41.0976 15864 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:26:41.0977 15864 AcpiPmi - ok
22:26:41.0980 15864 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
22:26:41.0980 15864 adfs - ok
22:26:41.0984 15864 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:26:41.0984 15864 AdobeARMservice - ok
22:26:42.0008 15864 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:26:42.0009 15864 AdobeFlashPlayerUpdateSvc - ok
22:26:42.0014 15864 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
22:26:42.0016 15864 adp94xx - ok
22:26:42.0020 15864 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
22:26:42.0021 15864 adpahci - ok
22:26:42.0024 15864 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
22:26:42.0025 15864 adpu320 - ok
22:26:42.0028 15864 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:26:42.0028 15864 AeLookupSvc - ok
22:26:42.0033 15864 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:26:42.0035 15864 AFD - ok
22:26:42.0038 15864 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:26:42.0038 15864 agp440 - ok
22:26:42.0040 15864 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:26:42.0041 15864 ALG - ok
22:26:42.0042 15864 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:26:42.0043 15864 aliide - ok
22:26:42.0045 15864 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:26:42.0045 15864 amdide - ok
22:26:42.0047 15864 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
22:26:42.0048 15864 AmdK8 - ok
22:26:42.0050 15864 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
22:26:42.0050 15864 AmdPPM - ok
22:26:42.0053 15864 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:26:42.0053 15864 amdsata - ok
22:26:42.0056 15864 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
22:26:42.0057 15864 amdsbs - ok
22:26:42.0059 15864 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:26:42.0060 15864 amdxata - ok
22:26:42.0062 15864 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:26:42.0062 15864 AppID - ok
22:26:42.0064 15864 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:26:42.0064 15864 AppIDSvc - ok
22:26:42.0067 15864 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
22:26:42.0067 15864 Appinfo - ok
22:26:42.0071 15864 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:26:42.0071 15864 Apple Mobile Device - ok
22:26:42.0075 15864 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:26:42.0076 15864 AppMgmt - ok
22:26:42.0078 15864 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
22:26:42.0078 15864 arc - ok
22:26:42.0081 15864 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
22:26:42.0081 15864 arcsas - ok
22:26:42.0091 15864 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:26:42.0091 15864 aspnet_state - ok
22:26:42.0093 15864 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:26:42.0094 15864 AsyncMac - ok
22:26:42.0096 15864 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:26:42.0096 15864 atapi - ok
22:26:42.0109 15864 [ A42A4052A7DC86E3A01DFAE97FFE2ED1 ] athur C:\Windows\system32\DRIVERS\athurx.sys
22:26:42.0115 15864 athur - ok
22:26:42.0118 15864 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
22:26:42.0119 15864 AtiHDAudioService - ok
22:26:42.0125 15864 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:26:42.0127 15864 AudioEndpointBuilder - ok
22:26:42.0132 15864 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:26:42.0135 15864 AudioSrv - ok
22:26:42.0138 15864 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:26:42.0139 15864 AxInstSV - ok
22:26:42.0143 15864 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
22:26:42.0145 15864 b06bdrv - ok
22:26:42.0148 15864 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:26:42.0149 15864 b57nd60a - ok
22:26:42.0153 15864 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:26:42.0154 15864 BDESVC - ok
22:26:42.0156 15864 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:26:42.0156 15864 Beep - ok
22:26:42.0158 15864 [ 1680699C6EDCCBC1CC3AC2FF42FE5603 ] BEService C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
22:26:42.0159 15864 BEService - ok
22:26:42.0165 15864 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:26:42.0168 15864 BFE - ok
22:26:42.0175 15864 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:26:42.0178 15864 BITS - ok
22:26:42.0180 15864 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:26:42.0181 15864 blbdrive - ok
22:26:42.0185 15864 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:26:42.0187 15864 Bonjour Service - ok
22:26:42.0190 15864 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:26:42.0190 15864 bowser - ok
22:26:42.0192 15864 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
22:26:42.0193 15864 BrFiltLo - ok
22:26:42.0194 15864 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
22:26:42.0194 15864 BrFiltUp - ok
22:26:42.0197 15864 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:26:42.0198 15864 Browser - ok
22:26:42.0201 15864 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:26:42.0202 15864 Brserid - ok
22:26:42.0204 15864 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:26:42.0205 15864 BrSerWdm - ok
22:26:42.0206 15864 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:26:42.0207 15864 BrUsbMdm - ok
22:26:42.0208 15864 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:26:42.0208 15864 BrUsbSer - ok
22:26:42.0210 15864 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
22:26:42.0211 15864 BTHMODEM - ok
22:26:42.0214 15864 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:26:42.0214 15864 bthserv - ok
22:26:42.0216 15864 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:26:42.0217 15864 cdfs - ok
22:26:42.0219 15864 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:26:42.0220 15864 cdrom - ok
22:26:42.0222 15864 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:26:42.0223 15864 CertPropSvc - ok
22:26:42.0225 15864 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
22:26:42.0225 15864 circlass - ok
22:26:42.0229 15864 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:26:42.0230 15864 CLFS - ok
22:26:42.0234 15864 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:26:42.0235 15864 clr_optimization_v2.0.50727_32 - ok
22:26:42.0239 15864 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:26:42.0239 15864 clr_optimization_v2.0.50727_64 - ok
22:26:42.0246 15864 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:26:42.0246 15864 clr_optimization_v4.0.30319_32 - ok
22:26:42.0248 15864 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:26:42.0249 15864 clr_optimization_v4.0.30319_64 - ok
22:26:42.0251 15864 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
22:26:42.0251 15864 CmBatt - ok
22:26:42.0253 15864 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:26:42.0253 15864 cmdide - ok
22:26:42.0258 15864 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
22:26:42.0260 15864 CNG - ok
22:26:42.0262 15864 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
22:26:42.0262 15864 Compbatt - ok
22:26:42.0264 15864 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:26:42.0265 15864 CompositeBus - ok
22:26:42.0266 15864 COMSysApp - ok
22:26:42.0268 15864 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
22:26:42.0269 15864 crcdisk - ok
22:26:42.0273 15864 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:26:42.0274 15864 CryptSvc - ok
22:26:42.0279 15864 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
22:26:42.0281 15864 CSC - ok
22:26:42.0286 15864 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
22:26:42.0289 15864 CscService - ok
22:26:42.0294 15864 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:26:42.0297 15864 DcomLaunch - ok
22:26:42.0301 15864 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:26:42.0302 15864 defragsvc - ok
22:26:42.0304 15864 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:26:42.0305 15864 DfsC - ok
22:26:42.0308 15864 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:26:42.0310 15864 Dhcp - ok
22:26:42.0312 15864 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:26:42.0312 15864 discache - ok
22:26:42.0314 15864 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
22:26:42.0315 15864 Disk - ok
22:26:42.0317 15864 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
22:26:42.0317 15864 dmvsc - ok
22:26:42.0320 15864 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:26:42.0321 15864 Dnscache - ok
22:26:42.0325 15864 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:26:42.0326 15864 dot3svc - ok
22:26:42.0329 15864 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:26:42.0330 15864 DPS - ok
22:26:42.0332 15864 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:26:42.0332 15864 drmkaud - ok
22:26:42.0340 15864 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:26:42.0343 15864 DXGKrnl - ok
22:26:42.0346 15864 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:26:42.0347 15864 EapHost - ok
22:26:42.0369 15864 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
22:26:42.0380 15864 ebdrv - ok
22:26:42.0383 15864 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:26:42.0383 15864 EFS - ok
22:26:42.0390 15864 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:26:42.0393 15864 ehRecvr - ok
22:26:42.0395 15864 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:26:42.0395 15864 ehSched - ok
22:26:42.0400 15864 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
22:26:42.0402 15864 elxstor - ok
22:26:42.0404 15864 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:26:42.0405 15864 ErrDev - ok
22:26:42.0410 15864 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:26:42.0412 15864 EventSystem - ok
22:26:42.0415 15864 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:26:42.0416 15864 exfat - ok
22:26:42.0419 15864 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:26:42.0420 15864 fastfat - ok
22:26:42.0426 15864 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:26:42.0429 15864 Fax - ok
22:26:42.0431 15864 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
22:26:42.0431 15864 fdc - ok
22:26:42.0433 15864 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:26:42.0433 15864 fdPHost - ok
22:26:42.0435 15864 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:26:42.0436 15864 FDResPub - ok
22:26:42.0439 15864 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:26:42.0439 15864 FileInfo - ok
22:26:42.0441 15864 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:26:42.0441 15864 Filetrace - ok
22:26:42.0447 15864 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:26:42.0449 15864 FLEXnet Licensing Service - ok
22:26:42.0458 15864 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:26:42.0461 15864 FLEXnet Licensing Service 64 - ok
22:26:42.0463 15864 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
22:26:42.0464 15864 flpydisk - ok
22:26:42.0467 15864 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:26:42.0468 15864 FltMgr - ok
22:26:42.0478 15864 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
22:26:42.0482 15864 FontCache - ok
22:26:42.0485 15864 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:26:42.0485 15864 FontCache3.0.0.0 - ok
22:26:42.0488 15864 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:26:42.0488 15864 FsDepends - ok
22:26:42.0490 15864 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:26:42.0490 15864 Fs_Rec - ok
22:26:42.0494 15864 [ 895BA1CFF25E867CE5A52073E905C93B ] fussvc C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe
22:26:42.0495 15864 fussvc - ok
22:26:42.0498 15864 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:26:42.0499 15864 fvevol - ok
22:26:42.0501 15864 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
22:26:42.0502 15864 gagp30kx - ok
22:26:42.0504 15864 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:26:42.0504 15864 GEARAspiWDM - ok
22:26:42.0510 15864 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:26:42.0513 15864 gpsvc - ok
22:26:42.0516 15864 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:26:42.0517 15864 gupdate - ok
22:26:42.0519 15864 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:26:42.0520 15864 gupdatem - ok
22:26:42.0522 15864 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:26:42.0522 15864 hcw85cir - ok
22:26:42.0526 15864 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:26:42.0527 15864 HdAudAddService - ok
22:26:42.0530 15864 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:26:42.0531 15864 HDAudBus - ok
22:26:42.0533 15864 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
22:26:42.0533 15864 HidBatt - ok
22:26:42.0535 15864 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
22:26:42.0536 15864 HidBth - ok
22:26:42.0538 15864 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
22:26:42.0538 15864 HidIr - ok
22:26:42.0540 15864 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:26:42.0541 15864 hidserv - ok
22:26:42.0543 15864 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:26:42.0543 15864 HidUsb - ok
22:26:42.0545 15864 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:26:42.0546 15864 hkmsvc - ok
22:26:42.0549 15864 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:26:42.0550 15864 HomeGroupListener - ok
22:26:42.0554 15864 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:26:42.0555 15864 HomeGroupProvider - ok
22:26:42.0557 15864 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:26:42.0558 15864 HpSAMD - ok
22:26:42.0564 15864 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:26:42.0566 15864 HTTP - ok
22:26:42.0568 15864 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:26:42.0568 15864 hwpolicy - ok
22:26:42.0571 15864 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:26:42.0571 15864 i8042prt - ok
22:26:42.0575 15864 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:26:42.0577 15864 iaStorV - ok
22:26:42.0584 15864 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:26:42.0587 15864 idsvc - ok
22:26:42.0590 15864 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
22:26:42.0590 15864 iirsp - ok
22:26:42.0597 15864 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:26:42.0600 15864 IKEEXT - ok
22:26:42.0628 15864 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
22:26:42.0641 15864 IntcAzAudAddService - ok
22:26:42.0648 15864 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
22:26:42.0650 15864 Intel(R) Capability Licensing Service Interface - ok
22:26:42.0652 15864 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:26:42.0653 15864 intelide - ok
22:26:42.0655 15864 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:26:42.0655 15864 intelppm - ok
22:26:42.0657 15864 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:26:42.0658 15864 IPBusEnum - ok
22:26:42.0660 15864 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:26:42.0661 15864 IpFilterDriver - ok
22:26:42.0666 15864 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:26:42.0668 15864 iphlpsvc - ok
22:26:42.0671 15864 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:26:42.0671 15864 IPMIDRV - ok
22:26:42.0673 15864 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:26:42.0674 15864 IPNAT - ok
22:26:42.0680 15864 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:26:42.0682 15864 iPod Service - ok
22:26:42.0684 15864 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:26:42.0684 15864 IRENUM - ok
22:26:42.0686 15864 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:26:42.0686 15864 isapnp - ok
22:26:42.0689 15864 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:26:42.0690 15864 iScsiPrt - ok
22:26:42.0693 15864 [ B2381712638B0B714D0EEAB9A1F7C640 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
22:26:42.0693 15864 iusb3hcs - ok
22:26:42.0697 15864 [ FD2C6457232E95C014DAD21DEBC64867 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
22:26:42.0698 15864 iusb3hub - ok
22:26:42.0704 15864 [ F6A2B5D030BE7EDF8ADC12C9A40825A8 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
22:26:42.0707 15864 iusb3xhc - ok
22:26:42.0711 15864 [ 4E5DB6816F165C0C7A7FAA0055788884 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
22:26:42.0712 15864 jhi_service - ok
22:26:42.0720 15864 [ CF9BA304B8047B9582D72D9BFEF42EAE ] jswpsapi C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
22:26:42.0723 15864 jswpsapi - ok
22:26:42.0726 15864 [ 5BE640E88814B77A9E84B4549B5DCC2C ] JSWPSLWF C:\Windows\system32\DRIVERS\jswpslwfx.sys
22:26:42.0726 15864 JSWPSLWF - ok
22:26:42.0728 15864 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:26:42.0728 15864 kbdclass - ok
22:26:42.0731 15864 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:26:42.0731 15864 kbdhid - ok
22:26:42.0733 15864 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:26:42.0733 15864 KeyIso - ok
22:26:42.0736 15864 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:26:42.0736 15864 KSecDD - ok
22:26:42.0739 15864 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:26:42.0740 15864 KSecPkg - ok
22:26:42.0742 15864 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:26:42.0742 15864 ksthunk - ok
22:26:42.0746 15864 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:26:42.0748 15864 KtmRm - ok
22:26:42.0751 15864 [ 875805538A76210489D65A37332085E9 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
22:26:42.0751 15864 L1C - ok
22:26:42.0758 15864 [ 07265E0B1A6D30453539F7DFB4942BF2 ] L6GX C:\Windows\system32\Drivers\L6GX64.sys
22:26:42.0760 15864 L6GX - ok
22:26:42.0764 15864 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:26:42.0765 15864 LanmanServer - ok
22:26:42.0768 15864 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:26:42.0770 15864 LanmanWorkstation - ok
22:26:42.0772 15864 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:26:42.0773 15864 lltdio - ok
22:26:42.0776 15864 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:26:42.0778 15864 lltdsvc - ok
22:26:42.0780 15864 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:26:42.0780 15864 lmhosts - ok
22:26:42.0784 15864 [ B596A99DD9577C6CF1C8078A9FC5038C ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:26:42.0785 15864 LMS - ok
22:26:42.0789 15864 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
22:26:42.0789 15864 LSI_FC - ok
22:26:42.0791 15864 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
22:26:42.0792 15864 LSI_SAS - ok
22:26:42.0794 15864 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
22:26:42.0794 15864 LSI_SAS2 - ok
22:26:42.0796 15864 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
22:26:42.0797 15864 LSI_SCSI - ok
22:26:42.0799 15864 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:26:42.0800 15864 luafv - ok
22:26:42.0801 15864 mbamswissarmy - ok
22:26:42.0804 15864 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:26:42.0805 15864 Mcx2Svc - ok
22:26:42.0807 15864 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
22:26:42.0807 15864 megasas - ok
22:26:42.0810 15864 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
22:26:42.0811 15864 MegaSR - ok
22:26:42.0813 15864 [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:26:42.0814 15864 MEIx64 - ok
22:26:42.0816 15864 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:26:42.0817 15864 MMCSS - ok
22:26:42.0818 15864 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:26:42.0819 15864 Modem - ok
22:26:42.0821 15864 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:26:42.0821 15864 monitor - ok
22:26:42.0823 15864 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:26:42.0823 15864 mouclass - ok
22:26:42.0825 15864 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:26:42.0825 15864 mouhid - ok
22:26:42.0828 15864 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:26:42.0828 15864 mountmgr - ok
22:26:42.0831 15864 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:26:42.0831 15864 MozillaMaintenance - ok
22:26:42.0835 15864 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
22:26:42.0836 15864 MpFilter - ok
22:26:42.0839 15864 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:26:42.0839 15864 mpio - ok
22:26:42.0841 15864 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:26:42.0842 15864 mpsdrv - ok
22:26:42.0849 15864 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:26:42.0852 15864 MpsSvc - ok
22:26:42.0855 15864 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:26:42.0856 15864 MRxDAV - ok
22:26:42.0858 15864 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:26:42.0859 15864 mrxsmb - ok
22:26:42.0863 15864 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:26:42.0864 15864 mrxsmb10 - ok
22:26:42.0866 15864 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:26:42.0867 15864 mrxsmb20 - ok
22:26:42.0869 15864 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:26:42.0870 15864 msahci - ok
22:26:42.0872 15864 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:26:42.0873 15864 msdsm - ok
22:26:42.0875 15864 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:26:42.0876 15864 MSDTC - ok
22:26:42.0879 15864 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:26:42.0880 15864 Msfs - ok
22:26:42.0881 15864 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:26:42.0882 15864 mshidkmdf - ok
22:26:42.0883 15864 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:26:42.0884 15864 msisadrv - ok
22:26:42.0886 15864 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:26:42.0887 15864 MSiSCSI - ok
22:26:42.0889 15864 msiserver - ok
22:26:42.0891 15864 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:26:42.0891 15864 MSKSSRV - ok
22:26:42.0894 15864 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
22:26:42.0894 15864 MsMpSvc - ok
22:26:42.0896 15864 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:26:42.0896 15864 MSPCLOCK - ok
22:26:42.0898 15864 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:26:42.0898 15864 MSPQM - ok
22:26:42.0902 15864 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:26:42.0903 15864 MsRPC - ok
22:26:42.0906 15864 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:26:42.0906 15864 mssmbios - ok
22:26:42.0908 15864 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:26:42.0908 15864 MSTEE - ok
22:26:42.0910 15864 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
22:26:42.0910 15864 MTConfig - ok
22:26:42.0912 15864 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:26:42.0912 15864 Mup - ok
22:26:42.0917 15864 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:26:42.0919 15864 napagent - ok
22:26:42.0923 15864 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:26:42.0925 15864 NativeWifiP - ok
22:26:42.0932 15864 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:26:42.0935 15864 NDIS - ok
22:26:42.0938 15864 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:26:42.0938 15864 NdisCap - ok
22:26:42.0940 15864 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:26:42.0940 15864 NdisTapi - ok
22:26:42.0942 15864 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:26:42.0942 15864 Ndisuio - ok
22:26:42.0945 15864 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:26:42.0945 15864 NdisWan - ok
22:26:42.0947 15864 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:26:42.0948 15864 NDProxy - ok
22:26:42.0950 15864 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:26:42.0950 15864 NetBIOS - ok
22:26:42.0954 15864 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:26:42.0955 15864 NetBT - ok
22:26:42.0957 15864 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:26:42.0958 15864 Netlogon - ok
22:26:42.0961 15864 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:26:42.0963 15864 Netman - ok
22:26:42.0966 15864 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:26:42.0966 15864 NetMsmqActivator - ok
22:26:42.0969 15864 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:26:42.0969 15864 NetPipeActivator - ok
22:26:42.0974 15864 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:26:42.0976 15864 netprofm - ok
22:26:42.0989 15864 [ 6193669D716B17F35BE1C80C675CAAD8 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
22:26:42.0994 15864 netr28ux - ok
22:26:42.0997 15864 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:26:42.0997 15864 NetTcpActivator - ok
22:26:42.0999 15864 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:26:43.0000 15864 NetTcpPortSharing - ok
22:26:43.0002 15864 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
22:26:43.0003 15864 nfrd960 - ok
22:26:43.0006 15864 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:26:43.0006 15864 NisDrv - ok
22:26:43.0010 15864 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
22:26:43.0011 15864 NisSrv - ok
22:26:43.0015 15864 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:26:43.0017 15864 NlaSvc - ok
22:26:43.0019 15864 [ AD42FB061166AF0643806800304BD76F ] NLNdisMP C:\Windows\system32\DRIVERS\nlndis.sys
22:26:43.0019 15864 NLNdisMP - ok
22:26:43.0022 15864 [ AD42FB061166AF0643806800304BD76F ] NLNdisPT C:\Windows\system32\DRIVERS\nlndis.sys
22:26:43.0022 15864 NLNdisPT - ok
22:26:43.0036 15864 [ 6988373E38223438B09F0C27D7E67393 ] nlsvc C:\Program Files\NetLimiter 3\nlsvc.exe
22:26:43.0042 15864 nlsvc - ok
22:26:43.0045 15864 [ 75E6581DE9A0B155EDAB6807E668BE06 ] nltdi C:\Program Files\NetLimiter 3\nltdi.sys
22:26:43.0045 15864 nltdi - ok
22:26:43.0047 15864 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:26:43.0047 15864 Npfs - ok
22:26:43.0049 15864 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:26:43.0050 15864 nsi - ok
22:26:43.0052 15864 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:26:43.0052 15864 nsiproxy - ok
22:26:43.0065 15864 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:26:43.0071 15864 Ntfs - ok
22:26:43.0073 15864 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:26:43.0073 15864 Null - ok
22:26:43.0076 15864 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:26:43.0077 15864 NVHDA - ok
22:26:43.0148 15864 [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:26:43.0184 15864 nvlddmkm - ok
22:26:43.0190 15864 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:26:43.0191 15864 nvraid - ok
22:26:43.0194 15864 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:26:43.0194 15864 nvstor - ok
22:26:43.0202 15864 [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:26:43.0206 15864 nvsvc - ok
22:26:43.0217 15864 [ FB660F80BDC4F13D594996976AFAECD9 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:26:43.0222 15864 nvUpdatusService - ok
22:26:43.0224 15864 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:26:43.0225 15864 nv_agp - ok
22:26:43.0227 15864 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:26:43.0228 15864 ohci1394 - ok
22:26:43.0231 15864 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:26:43.0233 15864 p2pimsvc - ok
22:26:43.0238 15864 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:26:43.0240 15864 p2psvc - ok
22:26:43.0243 15864 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
22:26:43.0243 15864 Parport - ok
22:26:43.0245 15864 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:26:43.0246 15864 partmgr - ok
22:26:43.0249 15864 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:26:43.0250 15864 PcaSvc - ok
22:26:43.0253 15864 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:26:43.0254 15864 pci - ok
22:26:43.0256 15864 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:26:43.0256 15864 pciide - ok
22:26:43.0259 15864 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
22:26:43.0260 15864 pcmcia - ok
22:26:43.0262 15864 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:26:43.0262 15864 pcw - ok
22:26:43.0267 15864 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:26:43.0270 15864 PEAUTH - ok
22:26:43.0280 15864 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:26:43.0285 15864 PeerDistSvc - ok
22:26:43.0306 15864 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:26:43.0307 15864 PerfHost - ok
22:26:43.0320 15864 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:26:43.0325 15864 pla - ok
22:26:43.0330 15864 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:26:43.0332 15864 PlugPlay - ok
22:26:43.0335 15864 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:26:43.0335 15864 PNRPAutoReg - ok
22:26:43.0340 15864 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:26:43.0341 15864 PNRPsvc - ok
22:26:43.0346 15864 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:26:43.0348 15864 PolicyAgent - ok
22:26:43.0353 15864 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:26:43.0354 15864 Power - ok
22:26:43.0357 15864 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:26:43.0357 15864 PptpMiniport - ok
22:26:43.0359 15864 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
22:26:43.0360 15864 Processor - ok
22:26:43.0363 15864 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:26:43.0364 15864 ProfSvc - ok
22:26:43.0367 15864 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:26:43.0367 15864 ProtectedStorage - ok
22:26:43.0370 15864 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:26:43.0371 15864 Psched - ok
22:26:43.0382 15864 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
22:26:43.0387 15864 ql2300 - ok
22:26:43.0390 15864 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
22:26:43.0390 15864 ql40xx - ok
22:26:43.0394 15864 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:26:43.0395 15864 QWAVE - ok
22:26:43.0397 15864 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:26:43.0398 15864 QWAVEdrv - ok
22:26:43.0402 15864 [ 3FC8252625F2574036777D2981F839EE ] RalinkRegistryWriter C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
22:26:43.0404 15864 RalinkRegistryWriter - ok
22:26:43.0409 15864 [ 3A6F58A249DF7466F9844F70499627F7 ] RalinkRegistryWriter64 C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe
22:26:43.0410 15864 RalinkRegistryWriter64 - ok
22:26:43.0412 15864 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:26:43.0412 15864 RasAcd - ok
22:26:43.0415 15864 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:26:43.0415 15864 RasAgileVpn - ok
22:26:43.0417 15864 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:26:43.0419 15864 RasAuto - ok
22:26:43.0421 15864 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:26:43.0422 15864 Rasl2tp - ok
22:26:43.0426 15864 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:26:43.0428 15864 RasMan - ok
22:26:43.0430 15864 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:26:43.0431 15864 RasPppoe - ok
22:26:43.0433 15864 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:26:43.0433 15864 RasSstp - ok
22:26:43.0437 15864 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:26:43.0438 15864 rdbss - ok
22:26:43.0440 15864 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:26:43.0440 15864 rdpbus - ok
22:26:43.0442 15864 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:26:43.0442 15864 RDPCDD - ok
22:26:43.0446 15864 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:26:43.0447 15864 RDPDR - ok
22:26:43.0449 15864 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:26:43.0449 15864 RDPENCDD - ok
22:26:43.0452 15864 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:26:43.0452 15864 RDPREFMP - ok
22:26:43.0456 15864 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:26:43.0456 15864 RdpVideoMiniport - ok
22:26:43.0459 15864 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:26:43.0460 15864 RDPWD - ok
22:26:43.0463 15864 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:26:43.0464 15864 rdyboost - ok
22:26:43.0466 15864 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:26:43.0467 15864 RemoteAccess - ok
22:26:43.0470 15864 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:26:43.0471 15864 RemoteRegistry - ok
22:26:43.0474 15864 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:26:43.0475 15864 RpcEptMapper - ok
22:26:43.0477 15864 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:26:43.0477 15864 RpcLocator - ok
22:26:43.0482 15864 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:26:43.0484 15864 RpcSs - ok
22:26:43.0487 15864 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:26:43.0487 15864 rspndr - ok
22:26:43.0489 15864 RTHDMIAzAudService - ok
22:26:43.0491 15864 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:26:43.0492 15864 s3cap - ok
22:26:43.0493 15864 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:26:43.0494 15864 SamSs - ok
22:26:43.0496 15864 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:26:43.0497 15864 sbp2port - ok
22:26:43.0499 15864 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:26:43.0501 15864 SCardSvr - ok
22:26:43.0503 15864 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:26:43.0503 15864 scfilter - ok
22:26:43.0512 15864 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:26:43.0516 15864 Schedule - ok
22:26:43.0518 15864 [ 6011CDF54BB6F4C69F38FACCDAD73D7E ] SCMNdisP C:\Windows\system32\DRIVERS\scmndisp.sys
22:26:43.0519 15864 SCMNdisP - ok
22:26:43.0521 15864 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:26:43.0522 15864 SCPolicySvc - ok
22:26:43.0525 15864 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:26:43.0526 15864 SDRSVC - ok
22:26:43.0541 15864 [ 95AA9E165C7DE1B64A11E8B18E91E499 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
22:26:43.0547 15864 SDScannerService - ok
22:26:43.0555 15864 [ D31398D4BB4907B517B6E784C2100C4A ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
22:26:43.0559 15864 SDUpdateService - ok
22:26:43.0562 15864 [ 6AE8E702D1027A9627DDE2B77BB9992B ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
22:26:43.0563 15864 SDWSCService - ok
22:26:43.0565 15864 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:26:43.0565 15864 secdrv - ok
22:26:43.0567 15864 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:26:43.0568 15864 seclogon - ok
22:26:43.0570 15864 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:26:43.0572 15864 SENS - ok
22:26:43.0574 15864 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:26:43.0574 15864 SensrSvc - ok
22:26:43.0576 15864 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:26:43.0576 15864 Serenum - ok
22:26:43.0579 15864 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:26:43.0579 15864 Serial - ok
22:26:43.0581 15864 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
22:26:43.0581 15864 sermouse - ok
22:26:43.0586 15864 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:26:43.0588 15864 SessionEnv - ok
22:26:43.0590 15864 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:26:43.0590 15864 sffdisk - ok
22:26:43.0592 15864 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:26:43.0592 15864 sffp_mmc - ok
22:26:43.0594 15864 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:26:43.0594 15864 sffp_sd - ok
22:26:43.0596 15864 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
22:26:43.0596 15864 sfloppy - ok
22:26:43.0600 15864 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:26:43.0602 15864 SharedAccess - ok
22:26:43.0606 15864 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:26:43.0608 15864 ShellHWDetection - ok
22:26:43.0610 15864 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
22:26:43.0611 15864 SiSRaid2 - ok
22:26:43.0613 15864 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
22:26:43.0613 15864 SiSRaid4 - ok
22:26:43.0615 15864 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:26:43.0616 15864 Smb - ok
22:26:43.0620 15864 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:26:43.0621 15864 SNMPTRAP - ok
22:26:43.0622 15864 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:26:43.0623 15864 spldr - ok
22:26:43.0628 15864 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:26:43.0631 15864 Spooler - ok
22:26:43.0655 15864 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:26:43.0667 15864 sppsvc - ok
22:26:43.0670 15864 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:26:43.0671 15864 sppuinotify - ok
22:26:43.0677 15864 [ D6AB7C13FCDD2E4CAC35244D2C172D9A ] sptd C:\Windows\System32\Drivers\sptd.sys
22:26:43.0679 15864 sptd - ok
22:26:43.0682 15864 [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:26:43.0682 15864 SQLWriter - ok
22:26:43.0687 15864 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:26:43.0689 15864 srv - ok
22:26:43.0694 15864 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:26:43.0695 15864 srv2 - ok
22:26:43.0698 15864 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:26:43.0699 15864 srvnet - ok
22:26:43.0702 15864 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:26:43.0704 15864 SSDPSRV - ok
22:26:43.0706 15864 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:26:43.0708 15864 SstpSvc - ok
22:26:43.0709 15864 Steam Client Service - ok
22:26:43.0715 15864 [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:26:43.0716 15864 Stereo Service - ok
22:26:43.0719 15864 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
22:26:43.0719 15864 stexstor - ok
22:26:43.0725 15864 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:26:43.0728 15864 stisvc - ok
22:26:43.0730 15864 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:26:43.0731 15864 storflt - ok
22:26:43.0733 15864 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
22:26:43.0734 15864 StorSvc - ok
22:26:43.0736 15864 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:26:43.0737 15864 storvsc - ok
22:26:43.0739 15864 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:26:43.0739 15864 swenum - ok
22:26:43.0745 15864 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:26:43.0747 15864 swprv - ok
22:26:43.0760 15864 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:26:43.0767 15864 SysMain - ok
22:26:43.0770 15864 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:26:43.0773 15864 TabletInputService - ok
22:26:43.0777 15864 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:26:43.0779 15864 TapiSrv - ok
22:26:43.0782 15864 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:26:43.0783 15864 TBS - ok
22:26:43.0796 15864 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:26:43.0803 15864 Tcpip - ok
22:26:43.0817 15864 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:26:43.0824 15864 TCPIP6 - ok
22:26:43.0827 15864 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:26:43.0828 15864 tcpipreg - ok
22:26:43.0831 15864 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:26:43.0831 15864 TDPIPE - ok
22:26:43.0833 15864 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:26:43.0833 15864 TDTCP - ok
22:26:43.0836 15864 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:26:43.0836 15864 tdx - ok
22:26:43.0840 15864 [ BB676D2C7AD5E7131D12417E4691F9B9 ] Te.Service C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe
22:26:43.0840 15864 Te.Service - ok
22:26:43.0843 15864 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:26:43.0843 15864 TermDD - ok
22:26:43.0849 15864 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:26:43.0853 15864 TermService - ok
22:26:43.0855 15864 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:26:43.0857 15864 Themes - ok
22:26:43.0859 15864 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:26:43.0860 15864 THREADORDER - ok
22:26:43.0862 15864 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:26:43.0864 15864 TrkWks - ok
22:26:43.0867 15864 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:26:43.0868 15864 TrustedInstaller - ok
22:26:43.0871 15864 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:26:43.0871 15864 tssecsrv - ok
22:26:43.0874 15864 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:26:43.0874 15864 TsUsbFlt - ok
22:26:43.0876 15864 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
22:26:43.0877 15864 TsUsbGD - ok
22:26:43.0879 15864 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:26:43.0880 15864 tunnel - ok
22:26:43.0882 15864 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
22:26:43.0883 15864 uagp35 - ok
22:26:43.0887 15864 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:26:43.0888 15864 udfs - ok
22:26:43.0892 15864 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:26:43.0893 15864 UI0Detect - ok
22:26:43.0895 15864 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:26:43.0896 15864 uliagpkx - ok
22:26:43.0898 15864 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:26:43.0898 15864 umbus - ok
22:26:43.0900 15864 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
22:26:43.0900 15864 UmPass - ok
22:26:43.0903 15864 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
22:26:43.0905 15864 UmRdpService - ok
22:26:43.0911 15864 [ C5CC2D35F038F2A934483A4D1C2E4435 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:26:43.0912 15864 UNS - ok
22:26:43.0916 15864 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:26:43.0918 15864 upnphost - ok
22:26:43.0922 15864 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
22:26:43.0922 15864 USBAAPL64 - ok
22:26:43.0925 15864 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
22:26:43.0925 15864 usbaudio - ok
22:26:43.0927 15864 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:26:43.0928 15864 usbccgp - ok
22:26:43.0930 15864 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:26:43.0931 15864 usbcir - ok
22:26:43.0933 15864 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:26:43.0933 15864 usbehci - ok
22:26:43.0937 15864 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:26:43.0939 15864 usbhub - ok
22:26:43.0941 15864 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:26:43.0941 15864 usbohci - ok
22:26:43.0943 15864 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
22:26:43.0943 15864 usbprint - ok
22:26:43.0946 15864 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:26:43.0946 15864 USBSTOR - ok
22:26:43.0948 15864 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:26:43.0949 15864 usbuhci - ok
22:26:43.0951 15864 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:26:43.0952 15864 UxSms - ok
22:26:43.0954 15864 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:26:43.0955 15864 VaultSvc - ok
22:26:43.0957 15864 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:26:43.0957 15864 vdrvroot - ok
22:26:43.0963 15864 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:26:43.0966 15864 vds - ok
22:26:43.0968 15864 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:26:43.0968 15864 vga - ok
22:26:43.0971 15864 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:26:43.0971 15864 VgaSave - ok
22:26:43.0974 15864 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:26:43.0975 15864 vhdmp - ok
22:26:43.0977 15864 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:26:43.0977 15864 viaide - ok
22:26:43.0980 15864 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:26:43.0981 15864 vmbus - ok
22:26:43.0983 15864 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:26:43.0983 15864 VMBusHID - ok
22:26:43.0986 15864 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:26:43.0987 15864 volmgr - ok
22:26:43.0990 15864 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:26:43.0992 15864 volmgrx - ok
22:26:43.0996 15864 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:26:43.0997 15864 volsnap - ok
22:26:43.0999 15864 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
22:26:44.0000 15864 vsmraid - ok
22:26:44.0005 15864 [ F972436B5ED08069A1E7D623B77C226A ] VSPerfDrv110 C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys
22:26:44.0006 15864 VSPerfDrv110 - ok
22:26:44.0017 15864 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:26:44.0023 15864 VSS - ok
22:26:44.0025 15864 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:26:44.0026 15864 vwifibus - ok
22:26:44.0028 15864 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:26:44.0028 15864 vwififlt - ok
22:26:44.0033 15864 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:26:44.0035 15864 W32Time - ok
22:26:44.0038 15864 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
22:26:44.0038 15864 WacomPen - ok
22:26:44.0041 15864 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:26:44.0041 15864 WANARP - ok
22:26:44.0043 15864 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:26:44.0043 15864 Wanarpv6 - ok
22:26:44.0054 15864 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:26:44.0058 15864 WatAdminSvc - ok
22:26:44.0069 15864 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:26:44.0075 15864 wbengine - ok
22:26:44.0079 15864 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:26:44.0080 15864 WbioSrvc - ok
22:26:44.0084 15864 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:26:44.0087 15864 wcncsvc - ok
22:26:44.0089 15864 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:26:44.0090 15864 WcsPlugInService - ok
22:26:44.0092 15864 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
22:26:44.0092 15864 Wd - ok
22:26:44.0099 15864 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:26:44.0102 15864 Wdf01000 - ok
22:26:44.0104 15864 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:26:44.0106 15864 WdiServiceHost - ok
22:26:44.0108 15864 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:26:44.0109 15864 WdiSystemHost - ok
22:26:44.0112 15864 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:26:44.0114 15864 WebClient - ok
22:26:44.0117 15864 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:26:44.0119 15864 Wecsvc - ok
22:26:44.0122 15864 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:26:44.0124 15864 wercplsupport - ok
22:26:44.0126 15864 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:26:44.0127 15864 WerSvc - ok
22:26:44.0130 15864 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:26:44.0130 15864 WfpLwf - ok
22:26:44.0132 15864 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:26:44.0132 15864 WIMMount - ok
22:26:44.0133 15864 WinDefend - ok
22:26:44.0138 15864 WinHttpAutoProxySvc - ok
22:26:44.0145 15864 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:26:44.0146 15864 Winmgmt - ok
22:26:44.0165 15864 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\Windows\system32\WsmSvc.dll
22:26:44.0175 15864 WinRM - ok
22:26:44.0180 15864 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:26:44.0180 15864 WinUsb - ok
22:26:44.0188 15864 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:26:44.0191 15864 Wlansvc - ok
22:26:44.0193 15864 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:26:44.0194 15864 WmiAcpi - ok
22:26:44.0198 15864 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:26:44.0199 15864 wmiApSrv - ok
22:26:44.0201 15864 WMPNetworkSvc - ok
22:26:44.0203 15864 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:26:44.0204 15864 WPCSvc - ok
22:26:44.0207 15864 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:26:44.0208 15864 WPDBusEnum - ok
22:26:44.0210 15864 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:26:44.0211 15864 ws2ifsl - ok
22:26:44.0213 15864 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:26:44.0215 15864 wscsvc - ok
22:26:44.0216 15864 WSearch - ok
22:26:44.0222 15864 [ FA09E0D44E35DEF68A56E0A2FA35E427 ] WSWNA1100 C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
22:26:44.0223 15864 WSWNA1100 - ok
22:26:44.0240 15864 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:26:44.0249 15864 wuauserv - ok
22:26:44.0252 15864 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:26:44.0252 15864 WudfPf - ok
22:26:44.0255 15864 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:26:44.0256 15864 WUDFRd - ok
22:26:44.0259 15864 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:26:44.0260 15864 wudfsvc - ok
22:26:44.0263 15864 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
22:26:44.0265 15864 WwanSvc - ok
22:26:44.0269 15864 ================ Scan global ===============================
22:26:44.0271 15864 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:26:44.0274 15864 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:26:44.0278 15864 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:26:44.0281 15864 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:26:44.0285 15864 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:26:44.0287 15864 [Global] - ok
22:26:44.0287 15864 ================ Scan MBR ==================================
22:26:44.0289 15864 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:26:44.0349 15864 \Device\Harddisk1\DR1 - ok
22:26:44.0350 15864 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:26:44.0352 15864 \Device\Harddisk0\DR0 - ok
22:26:44.0355 15864 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
22:26:44.0359 15864 \Device\Harddisk2\DR2 - ok
22:26:44.0359 15864 ================ Scan VBR ==================================
22:26:44.0360 15864 [ 89697EEEBD6E84F365E93425063982BA ] \Device\Harddisk1\DR1\Partition1
22:26:44.0361 15864 \Device\Harddisk1\DR1\Partition1 - ok
22:26:44.0362 15864 [ F128CD3DA617F2485C8854A5E4D71F10 ] \Device\Harddisk1\DR1\Partition2
22:26:44.0363 15864 \Device\Harddisk1\DR1\Partition2 - ok
22:26:44.0364 15864 [ 9804A02B71CB4C1FF62840209A531282 ] \Device\Harddisk0\DR0\Partition1
22:26:44.0365 15864 \Device\Harddisk0\DR0\Partition1 - ok
22:26:44.0366 15864 [ E287FDD61BAB789FCF0E1AEB0DF3A946 ] \Device\Harddisk2\DR2\Partition1
22:26:44.0368 15864 \Device\Harddisk2\DR2\Partition1 - ok
22:26:44.0369 15864 ============================================================
22:26:44.0369 15864 Scan finished
22:26:44.0369 15864 ============================================================
22:26:44.0373 18340 Detected object count: 0
22:26:44.0373 18340 Actual detected object count: 0
Es scheint zumindest alles in Ordnung zu sein laut diesen Programmen, sicher bin ich mir aber nicht. Ein Scan mit aswMBR war nicht möglich, da das Programm bei einer Datei mit dem Pfad "C:\Windows\assembly\Microsoft.VisualStudio.Tools.Applications..." abstürzt. Den genauen Dateinamen kann ich nicht erkennen, da das Fenster zu klein ist, allerdings scheint das laut Google-Recherche ein bekannter Bug zu sein und nicht durch ein Rootkit ausgelöst zu werden. Ich bedanke mich für die Hilfe  |
|
04.06.2013, 21:48
| #2 |
| /// TB-Ausbilder   | Sporadische Adf.ly-Popups, Verdacht auf Rootkit Hi,
__________________MBAR (Malwarebytes' Anti-Rootkit) sollte in seinem Ordner auch noch ein Log mbar-log-<Jahr-Monat-Tag>.txt erstellt haben. Kannst du dieses bitte ebenfalls noch hier posten?
__________________ |
|
04.06.2013, 21:51
| #3 |
| | Sporadische Adf.ly-Popups, Verdacht auf Rootkit Natürlich
__________________Das wäre dann das hier: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.06.04.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Dani :: DANI-PC [administrator]
04.06.2013 21:25:50
mbar-log-2013-06-04 (21-25-50).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P
Scan options disabled: PUP
Objects scanned: 280467
Time elapsed: 5 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
|
|
04.06.2013, 21:53
| #4 |
| /// TB-Ausbilder | Sporadische Adf.ly-Popups, Verdacht auf Rootkit Hallo Deeee und  Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eins vorneweg: Ich kann dir keine Garantien geben, dass ich alles finden werde. Bei schwerwiegenden Infektionen ist ein Formatieren und Neuinstallieren meist der schnellere und immer der sicherere Weg. Wenn du dich für eine Bereinigung entscheidest, dann sollten wir gründlich vorgehen. Bleib also dran, bis ich dir eindeutig mitteile, dass wir fertig sind. Auch wenn die auffälligen Symptome schon früh verschwinden, bedeutet das nicht, dass dein Rechner dann schon sauber und sicher ist.  Hinweise zum Ablauf
Los geht's: Ok, dann schauen wir mal rein: Schritt 1 Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
04.06.2013, 22:24
| #5 |
| | Sporadische Adf.ly-Popups, Verdacht auf Rootkit Hallo Leo, danke für deine Hilfe Hier die Logs: OTL.txt Code:
ATTFilter OTL logfile created on: 04.06.2013 23:13:55 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = d:\Users\Dani\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 5,06 Gb Available Physical Memory | 63,61% Memory free 15,96 Gb Paging File | 13,16 Gb Available in Paging File | 82,43% Paging File free Paging file location(s): d:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 68,67 Gb Free Space | 61,48% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 799,70 Gb Free Space | 85,85% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 600,58 Gb Free Space | 64,47% Space Free | Partition Type: NTFS Computer Name: DANI-PC | User Name: Dani | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.04 22:56:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\Dani\Desktop\OTL.exe PRC - [2013.05.23 18:35:24 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.01.15 01:00:00 | 002,578,312 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe PRC - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2012.05.15 15:17:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.05.15 15:17:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.05.10 15:20:34 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.03.27 01:14:28 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.22 16:31:38 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe PRC - [2010.06.14 14:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe PRC - [2010.03.22 20:07:22 | 000,268,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ========== Modules (No Company Name) ========== MOD - [2013.06.04 17:50:33 | 001,022,416 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\windows._cacheinvalidation.pyd MOD - [2013.06.04 17:50:33 | 000,805,888 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\wx._gdi_.pyd MOD - [2013.06.04 17:50:33 | 000,557,056 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\pysqlite2._sqlite.pyd MOD - [2013.06.04 17:50:33 | 000,320,512 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\win32com.shell.shell.pyd MOD - [2013.06.04 17:50:33 | 000,128,512 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\_elementtree.pyd MOD - [2013.06.04 17:50:33 | 000,098,816 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\win32api.pyd MOD - [2013.06.04 17:50:33 | 000,070,656 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\wx._html2.pyd MOD - [2013.06.04 17:50:33 | 000,044,032 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\_socket.pyd MOD - [2013.06.04 17:50:33 | 000,026,624 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\_multiprocessing.pyd MOD - [2013.06.04 17:50:33 | 000,022,528 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\win32ts.pyd MOD - [2013.06.04 17:50:33 | 000,011,264 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\win32crypt.pyd MOD - [2013.06.04 17:50:32 | 001,175,040 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\wx._core_.pyd MOD - [2013.06.04 17:50:32 | 001,153,024 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\_ssl.pyd MOD - [2013.06.04 17:50:32 | 001,062,400 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\wx._controls_.pyd MOD - [2013.06.04 17:50:32 | 000,811,008 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\wx._windows_.pyd MOD - [2013.06.04 17:50:32 | 000,735,232 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\wx._misc_.pyd MOD - [2013.06.04 17:50:32 | 000,711,680 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\_hashlib.pyd MOD - [2013.06.04 17:50:32 | 000,364,544 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\pythoncom27.dll MOD - [2013.06.04 17:50:32 | 000,122,368 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\wx._wizard.pyd MOD - [2013.06.04 17:50:32 | 000,119,808 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\win32file.pyd MOD - [2013.06.04 17:50:32 | 000,110,080 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\pywintypes27.dll MOD - [2013.06.04 17:50:32 | 000,108,544 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\win32security.pyd MOD - [2013.06.04 17:50:32 | 000,087,040 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\_ctypes.pyd MOD - [2013.06.04 17:50:32 | 000,038,912 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\win32inet.pyd MOD - [2013.06.04 17:50:32 | 000,035,840 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\win32process.pyd MOD - [2013.06.04 17:50:32 | 000,025,600 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\win32pdh.pyd MOD - [2013.06.04 17:50:32 | 000,017,408 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\win32profile.pyd MOD - [2013.06.04 17:50:31 | 000,686,080 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\unicodedata.pyd MOD - [2013.06.04 17:50:31 | 000,127,488 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\pyexpat.pyd MOD - [2013.06.04 17:50:31 | 000,018,432 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\win32event.pyd MOD - [2013.06.04 17:50:31 | 000,010,240 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI31322\select.pyd MOD - [2013.05.23 18:35:10 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.01.15 01:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Trillian\libpng15.dll MOD - [2013.01.15 01:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll MOD - [2013.01.15 01:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll MOD - [2013.01.15 01:00:00 | 000,010,752 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\buddy.dll MOD - [2013.01.15 01:00:00 | 000,007,168 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\talk.dll MOD - [2013.01.15 01:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\trillian.dll MOD - [2013.01.15 01:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\events.dll MOD - [2013.01.15 01:00:00 | 000,003,584 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\toolkit.dll MOD - [2010.06.14 14:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe MOD - [2009.08.28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.23 18:35:23 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.19 17:09:43 | 000,053,248 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.05.14 20:09:31 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.01 09:45:15 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2013.03.01 09:43:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.29 12:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.07.25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service) SRV - [2012.07.25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.05.15 15:17:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.05.15 15:17:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.05.10 15:20:34 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.04.20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.02.11 08:55:04 | 000,129,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011.11.22 16:31:38 | 000,451,936 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe -- (RalinkRegistryWriter64) SRV - [2011.11.22 16:31:38 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2011.03.21 17:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Programme\NetLimiter 3\nlsvc.exe -- (nlsvc) SRV - [2010.03.22 20:07:22 | 000,268,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100) SRV - [2010.03.22 20:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.05 20:27:19 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 19:14:02 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6GX64.sys -- (L6GX) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.04.25 09:07:18 | 000,104,560 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012.03.27 01:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.03.27 01:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.03.27 01:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.16 21:17:40 | 001,675,840 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2011.03.21 17:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT) DRV:64bit: - [2011.03.21 17:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.03.09 16:33:10 | 001,849,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008.05.15 02:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF) DRV:64bit: - [2007.01.19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2012.07.13 16:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110) DRV - [2011.03.21 17:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Programme\NetLimiter 3\nltdi.sys -- (nltdi) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 7A D7 B7 BB B6 CD 01 [binary data] IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "eBay" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: d:\Users\Dani\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.23 18:35:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.23 18:35:07 | 000,000,000 | ---D | M] [2012.08.10 00:15:18 | 000,000,000 | ---D | M] (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\Extensions [2013.06.03 19:12:34 | 000,000,000 | ---D | M] (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\7qmo9taz.default\extensions [2013.04.05 22:25:02 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- d:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\7qmo9taz.default\extensions\ich@maltegoetz.de [2013.06.03 19:12:34 | 000,374,078 | ---- | M] () (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\7qmo9taz.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013.05.08 21:00:25 | 000,870,680 | ---- | M] () (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\7qmo9taz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.24 16:37:16 | 000,434,392 | ---- | M] () (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\7qmo9taz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013.05.23 18:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.23 18:35:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.05.10 09:57:26 | 000,187,456 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll O1 HOSTS File: ([2013.06.04 23:13:40 | 000,448,071 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 2O7.net O1 - Hosts: 127.0.0.1 192.168.112.2O7.net O1 - Hosts: 127.0.0.1 im.adtech.de O1 - Hosts: 127.0.0.1 adserver.adtech.de O1 - Hosts: 127.0.0.1 adtech.de O1 - Hosts: 127.0.0.1 ar.atwola.com O1 - Hosts: 127.0.0.1 atwola.com O1 - Hosts: 127.0.0.1 adserver.71i.de O1 - Hosts: 127.0.0.1 adicqserver.71i.de O1 - Hosts: 127.0.0.1 71i.de O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 15386 more lines... O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe" File not found O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd) O4 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..Trusted Domains: line6.net ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.208.58.166 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35ABAE31-17B1-48E1-A4F7-A319F6F08AF3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9DE9B3B-D6F4-44C4-9ABA-AE230A8CDF98}: DhcpNameServer = 88.208.58.166 192.168.1.1 O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation) O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation) O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.10 06:33:52 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.16 14:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.04 22:56:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\Users\Dani\Desktop\OTL.exe [2013.06.04 21:49:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013.06.04 17:59:25 | 000,000,000 | ---D | C] -- d:\ProgramData\Spybot - Search & Destroy [2013.06.04 17:59:00 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.06.04 17:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.05.23 18:42:22 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\Heroes of Umbra [2013.05.23 18:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.22 23:09:24 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\gdx-texturepacker-3.2.0 [2013.05.21 01:09:05 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.21 01:09:05 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.21 01:09:05 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.21 01:09:05 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.21 01:09:05 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.21 01:09:05 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.21 01:09:05 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.21 01:09:05 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.21 01:09:05 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.21 01:09:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.21 01:09:04 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.21 01:09:04 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.21 01:09:04 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.21 01:09:04 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.21 01:09:04 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.21 01:09:04 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.21 01:09:04 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.21 01:09:04 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.21 01:09:04 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.21 01:09:04 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.21 01:09:04 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.21 01:09:04 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.21 01:09:04 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.21 01:09:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.21 01:09:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.21 01:09:04 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.21 01:09:04 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.21 01:09:04 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.21 01:09:04 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.21 01:09:04 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.21 01:09:04 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.21 01:09:04 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.21 01:09:04 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.21 01:09:04 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.05.21 01:09:03 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.21 01:09:03 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.21 01:09:03 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.21 01:09:03 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.21 01:09:03 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.21 01:09:03 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.21 01:09:03 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.21 01:09:03 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.21 01:09:03 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.21 01:09:03 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.21 01:09:03 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.21 01:09:03 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.21 01:09:03 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.21 01:09:03 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.21 01:09:03 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.21 01:09:03 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.21 01:09:03 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.21 01:09:03 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.21 01:09:03 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.21 01:09:03 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.21 01:09:03 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.21 01:09:03 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.21 01:09:03 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.21 01:09:03 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.21 01:09:03 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.21 01:09:03 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.21 01:09:03 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.21 01:09:03 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.21 01:09:03 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.21 01:09:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.21 01:09:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.21 01:09:03 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.21 01:09:03 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.21 01:09:03 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.05.21 01:05:41 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll [2013.05.19 17:09:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye [2013.05.19 17:02:46 | 000,000,000 | ---D | C] -- d:\ProgramData\Bohemia Interactive Studio [2013.05.19 16:43:25 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Local\DayZCommander [2013.05.19 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios [2013.05.19 16:33:35 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Local\ArmA 2 OA [2013.05.19 16:32:22 | 000,000,000 | ---D | C] -- d:\Users\Dani\Documents\ArmA 2 [2013.05.19 16:32:22 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Local\ArmA 2 [2013.05.19 16:32:17 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2013.05.18 18:12:50 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\6px [2013.05.15 21:13:50 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Roaming\Malwarebytes [2013.05.15 21:13:39 | 000,000,000 | ---D | C] -- d:\ProgramData\Malwarebytes [2013.05.15 21:13:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.15 21:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.15 20:23:36 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2013.05.15 20:23:36 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013.05.15 20:23:35 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.05.15 20:23:34 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.05.15 20:23:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll [2013.05.15 20:23:34 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2013.05.14 19:47:20 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\kryonet-2.20 [2013.05.10 18:59:51 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\jd-gui-0.3.5.windows [2013.05.06 18:21:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2013.05.06 18:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2013.05.06 18:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2013.05.06 18:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.04 23:13:40 | 000,448,071 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.06.04 23:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.04 22:56:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\Dani\Desktop\OTL.exe [2013.06.04 22:17:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.04 21:17:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.04 18:03:55 | 000,448,539 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130604-191031.backup [2013.06.04 17:57:06 | 000,022,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 17:57:06 | 000,022,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.04 17:54:19 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.04 17:54:19 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.04 17:54:19 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.04 17:54:19 | 000,149,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.04 17:54:19 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.04 17:49:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.23 18:44:01 | 000,005,906 | ---- | M] () -- d:\Users\Dani\Desktop\grasfield.png [2013.05.23 18:44:01 | 000,001,390 | ---- | M] () -- d:\Users\Dani\Desktop\grasfield.pack [2013.05.22 23:07:35 | 007,465,366 | ---- | M] () -- d:\Users\Dani\Desktop\gdx-texturepacker-3.2.0.zip [2013.05.22 17:55:02 | 007,810,128 | ---- | M] () -- d:\Users\Dani\Desktop\Silverstein - Smashed Into Pieces (2013).mp3 [2013.05.21 20:25:10 | 003,147,197 | ---- | M] () -- d:\Users\Dani\Desktop\Element Eighty - Broken Promises.mp3 [2013.05.21 15:26:46 | 000,000,219 | ---- | M] () -- d:\Users\Dani\Desktop\Dota 2.url [2013.05.21 01:09:05 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2013.05.21 01:09:05 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2013.05.21 01:09:05 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll [2013.05.21 01:09:05 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll [2013.05.21 01:09:05 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2013.05.21 01:09:05 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe [2013.05.21 01:09:05 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe [2013.05.21 01:09:05 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2013.05.21 01:09:05 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.05.21 01:09:05 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013.05.21 01:09:04 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.05.21 01:09:04 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat [2013.05.21 01:09:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.05.21 01:09:04 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2013.05.21 01:09:04 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2013.05.21 01:09:04 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.05.21 01:09:04 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2013.05.21 01:09:04 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.05.21 01:09:04 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll [2013.05.21 01:09:04 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2013.05.21 01:09:04 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.05.21 01:09:04 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2013.05.21 01:09:04 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2013.05.21 01:09:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll [2013.05.21 01:09:04 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.05.21 01:09:04 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013.05.21 01:09:04 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe [2013.05.21 01:09:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll [2013.05.21 01:09:04 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx [2013.05.21 01:09:04 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.05.21 01:09:04 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll [2013.05.21 01:09:04 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll [2013.05.21 01:09:04 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.05.21 01:09:04 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.21 01:09:04 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2013.05.21 01:09:04 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2013.05.21 01:09:03 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.05.21 01:09:03 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.05.21 01:09:03 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat [2013.05.21 01:09:03 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2013.05.21 01:09:03 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.05.21 01:09:03 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2013.05.21 01:09:03 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.05.21 01:09:03 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.05.21 01:09:03 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.05.21 01:09:03 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2013.05.21 01:09:03 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2013.05.21 01:09:03 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.05.21 01:09:03 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.05.21 01:09:03 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe [2013.05.21 01:09:03 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2013.05.21 01:09:03 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe [2013.05.21 01:09:03 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.05.21 01:09:03 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2013.05.21 01:09:03 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll [2013.05.21 01:09:03 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2013.05.21 01:09:03 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.05.21 01:09:03 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe [2013.05.21 01:09:03 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll [2013.05.21 01:09:03 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx [2013.05.21 01:09:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013.05.21 01:09:03 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll [2013.05.21 01:09:03 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.05.21 01:09:03 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll [2013.05.21 01:09:03 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll [2013.05.21 01:09:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013.05.21 01:09:03 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2013.05.21 01:09:03 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.21 01:09:03 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe [2013.05.21 01:09:03 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2013.05.21 01:06:16 | 001,593,956 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.20 14:14:10 | 000,047,198 | ---- | M] () -- d:\Users\Dani\Desktop\Kurzfassung.zip [2013.05.19 03:23:43 | 002,895,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.18 02:10:32 | 009,514,359 | ---- | M] () -- d:\Users\Dani\Desktop\hiero.jar [2013.05.16 20:58:49 | 017,698,934 | ---- | M] () -- d:\Users\Dani\Desktop\Medienprojekt_Backup.zip [2013.05.14 20:09:31 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.05.14 20:09:31 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.05.14 19:39:38 | 002,005,341 | ---- | M] () -- d:\Users\Dani\Desktop\kryonet-2.20.zip [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.23 18:44:01 | 000,005,906 | ---- | C] () -- d:\Users\Dani\Desktop\grasfield.png [2013.05.23 18:44:01 | 000,001,390 | ---- | C] () -- d:\Users\Dani\Desktop\grasfield.pack [2013.05.22 23:07:24 | 007,465,366 | ---- | C] () -- d:\Users\Dani\Desktop\gdx-texturepacker-3.2.0.zip [2013.05.22 17:54:57 | 007,810,128 | ---- | C] () -- d:\Users\Dani\Desktop\Silverstein - Smashed Into Pieces (2013).mp3 [2013.05.21 20:25:10 | 003,147,197 | ---- | C] () -- d:\Users\Dani\Desktop\Element Eighty - Broken Promises.mp3 [2013.05.21 15:26:46 | 000,000,219 | ---- | C] () -- d:\Users\Dani\Desktop\Dota 2.url [2013.05.21 01:09:04 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.21 01:09:03 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.20 14:14:01 | 000,047,198 | ---- | C] () -- d:\Users\Dani\Desktop\Kurzfassung.zip [2013.05.18 02:10:17 | 009,514,359 | ---- | C] () -- d:\Users\Dani\Desktop\hiero.jar [2013.05.14 19:39:36 | 002,005,341 | ---- | C] () -- d:\Users\Dani\Desktop\kryonet-2.20.zip [2013.05.11 22:43:25 | 017,698,934 | ---- | C] () -- d:\Users\Dani\Desktop\Medienprojekt_Backup.zip [2013.04.23 21:24:06 | 000,000,056 | ---- | C] () -- d:\Users\Dani\.gitconfig [2013.02.28 07:07:15 | 000,000,000 | ---- | C] () -- d:\Users\Dani\__ng3d.lock [2012.11.20 01:56:54 | 000,000,218 | ---- | C] () -- d:\Users\Dani\.recently-used.xbel [2012.11.03 01:13:59 | 000,007,604 | ---- | C] () -- d:\Users\Dani\AppData\Local\Resmon.ResmonCfg [2012.08.27 14:30:06 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012.08.12 03:08:58 | 000,003,072 | ---- | C] () -- d:\Users\Dani\AppData\Local\file__0.localstorage [2012.08.10 00:46:52 | 001,593,956 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.10 00:10:00 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.08.10 00:09:18 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2012.08.10 00:09:18 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 1133 bytes -> d:\Users\Dani\AppData\Local\MtU6VhvQJQn:cFhHSrafV9iwkp3kFEJXN < End of report > |
|
04.06.2013, 22:24
| #6 |
| | Sporadische Adf.ly-Popups, Verdacht auf Rootkit Hier die zweite Datei: Extras.txt Code:
ATTFilter OTL Extras logfile created on: 04.06.2013 23:13:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = d:\Users\Dani\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,96 Gb Total Physical Memory | 5,06 Gb Available Physical Memory | 63,61% Memory free
15,96 Gb Paging File | 13,16 Gb Available in Paging File | 82,43% Paging File free
Paging file location(s): d:\pagefile.sys 8192 8192 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 68,67 Gb Free Space | 61,48% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 799,70 Gb Free Space | 85,85% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 600,58 Gb Free Space | 64,47% Space Free | Partition Type: NTFS
Computer Name: DANI-PC | User Name: Dani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FDE96A8-4550-4FAA-973A-CDCE07C96D8E}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{197BE1CD-4689-41BA-BF45-DB0BB30C33E3}" = rport=139 | protocol=6 | dir=out | app=system |
"{1D2A1FBF-7338-4778-AE38-86D63EA26655}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{1F7FB6B4-387C-456E-87B6-169C311B99F2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3150771C-A2E6-487D-B84D-9C2107FFD023}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{4DCA8FFE-B8F7-4543-BC34-BAF157E98320}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AC43362-FC55-4057-ADA3-053EA47E61FD}" = rport=137 | protocol=17 | dir=out | app=system |
"{6816C1D3-EB12-419A-BAA1-1D67BB46100D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{687531C3-82F8-4075-BB07-DC160708A96C}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{6ADC9DF7-0B06-46E4-BFEC-6E9149A91117}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{6CF4D375-7F10-4DDC-981B-D6BE89F6F4B2}" = rport=138 | protocol=17 | dir=out | app=system |
"{6DE6C1A6-E23C-4C07-8DF2-8694D0CFD640}" = rport=445 | protocol=6 | dir=out | app=system |
"{6F11045C-957D-400D-9DD7-CAD87F90B5AA}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7081E4CD-3CCB-4344-8690-2308511915BA}" = lport=137 | protocol=17 | dir=in | app=system |
"{710179A7-2633-4781-A44E-F03353661464}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73FFF082-2620-40CD-9AD5-AF336B74D693}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{7A909AFE-2604-4C6F-8537-D086655BBC96}" = lport=138 | protocol=17 | dir=in | app=system |
"{7F3742BC-C875-4A32-BB46-3BB404B52F48}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{865832EA-2CC3-407F-8BC7-4919E08C49DE}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{89046AB2-212F-4E8C-AAB4-06573031226D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9DF28337-B85A-48A9-A9FF-A6C3BA7744AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9F6376D4-1D16-484A-844C-2FA3DB28E1A6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A1F80B24-F936-4B51-A4B5-E5FC40530C3B}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{A2CD933C-A9CC-4BC5-994A-5B404097E1B9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A63262C4-8DCD-4174-B91D-1DC847B76F6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9923D9F-26FB-428A-A1A6-959F6EBCADF3}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{BC45AC6C-9E71-4D68-84B8-80500F762AD8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C489BABB-DD0F-4B1E-9C4E-7909D25AF032}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{D476805D-7B2F-4A80-843D-9796AE97DDAA}" = lport=139 | protocol=6 | dir=in | app=system |
"{D793A714-838F-4E63-B4B3-80D8F3D8F099}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{DC949E7D-89EA-48F1-A445-2AEF77741451}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DF4A532F-A451-4EC0-86AF-6DCE7E825444}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{EE5CC41D-B513-4A82-9501-8517056B39FA}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{F261DCA1-E7AE-4806-ABDC-DB6B355CA0BB}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{FA6BC93A-502E-4DE8-A274-3F443B2A642B}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04853D9A-AFDD-4529-B158-BE7FA0C38B20}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{05F508A5-EC90-4173-9594-F2FE77A77E15}" = protocol=6 | dir=in | app=d:\spiele\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{07FCAE5F-84AC-41A9-AA42-C13F8F4C10FB}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\c9\c9.exe |
"{0BC782EF-7058-47A4-AAE6-1AFD2A891283}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\bioshock infinite\binaries\win32\benchmark.bat |
"{0BF4B44E-8E15-418A-8587-67E240616610}" = protocol=6 | dir=in | app=d:\spiele\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{0CD3C451-C83E-4F30-94FF-A86571DB91E8}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\portal 2\portal2.exe |
"{0F73F57A-F848-4546-98E1-A6BB7BB85A0D}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\borderlands 2\binaries\win32\borderlands2.exe |
"{12A93821-DE0D-4F05-8789-DAA78CBB7668}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{167C8684-CD3C-42D0-8097-1F2BA7D1D633}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\c9\c9.exe |
"{168E1CF4-4C0A-4401-BF5A-B5B4E86C2CA2}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{18F6B914-9268-42DB-AC86-E4BD7951B95C}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{190D8EE7-2599-4D13-97E8-0AB93F7B1E47}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\arma 2 operation arrowhead\arma2oa.exe |
"{1B6E50AD-E7CC-4188-8D91-2ADC622BF5B0}" = protocol=17 | dir=in | app=d:\spiele\landwirtschafts simulator 2013\farmingsimulator2013game.exe |
"{28493A6D-31E0-4EAB-9A60-AFA59E84C740}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2C09F0DC-6EE2-4243-9FE0-68229CD0B3FB}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{2DC464D0-AE69-4478-8EF5-D9F225B8469E}" = protocol=17 | dir=in | app=d:\programdata\battle.net\agent\agent.1040\agent.exe |
"{32A6F276-165F-4961-B60D-3FEBCD2F9EFA}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\moep99\garrysmod\hl2.exe |
"{373E9C15-D510-4EBB-84C8-85B0594E0ABD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{381F3CBA-044E-4674-8702-48996034A385}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3B126881-501A-4582-BF0A-4885AE9FFAC0}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\dota 2 beta\dota.exe |
"{3C2F6F0B-74B1-429A-AD41-125B35E2AC74}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3E11F313-D1C6-4D17-B308-E03A01446DEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F7D2339-8792-48B7-9194-C718301B2AAB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{42EA7766-6D21-4ED2-AA51-C97381300646}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\forge\binaries\win32\forgegame.exe |
"{44B9C54B-E3AA-4C60-9CD7-6835989E886F}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{46381B61-2B2D-4C59-8F8E-1189C72D63A1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{50887EA3-84AB-42EF-B6DA-1594EE952A11}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{58B8B8D3-956F-40FC-8EBF-F31D0206E2B5}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\arma 2\arma2.exe |
"{5DC09C10-3B7C-4058-B31C-2A8A0EBF635B}" = protocol=6 | dir=in | app=d:\programdata\battle.net\agent\agent.1363\agent.exe |
"{5EAF3021-4AE7-469F-ABCD-997BA4F82A74}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5EE9FD76-1F59-4E3D-911C-026478421432}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\borderlands 2\binaries\win32\launcher.exe |
"{5F5D26EA-58F0-4424-A329-1793981059C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6099E003-7962-4BA4-A772-DF830C1563CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61F9AD30-97D6-430F-ADE2-BC7B807B2993}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{67E99A66-0545-43CF-B389-06F0179FAEEA}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\dota 2 beta\dota.exe |
"{6B31E034-5E02-41AD-8D5C-CE0B331EC0B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7C49541C-A84C-405D-92DC-D79842F0DB0F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F24910D-146E-4974-BC15-D5DFD3F5D450}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\borderlands 2\binaries\win32\borderlands2.exe |
"{8275BDFA-962D-48E0-A3A6-9FF0C67F1B8B}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\moep99\garrysmod\hl2.exe |
"{86D8189D-FC42-4333-96F1-72D5276AB077}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\portal 2\portal2.exe |
"{89CD39EC-604A-45D1-9182-F01142A1F500}" = protocol=17 | dir=in | app=d:\spiele\landwirtschafts simulator 2013\farmingsimulator2013.exe |
"{8B2CC668-1334-4EF2-AD30-476EE50CFCD5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{986AAD94-F4AA-4BA4-A631-8B26CDC18AA1}" = protocol=6 | dir=in | app=d:\programdata\battle.net\agent\agent.1040\agent.exe |
"{9D39334C-86C2-4B80-A55C-A71AEB7B6381}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9F03E273-C2FF-4FFB-82D5-EDA2A38A21A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A0F10D73-D72B-47A1-BE24-90007EE51FF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A86F855F-1E99-4647-B047-1B95B24CEF9D}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\regnum\rolaunchersteam.exe |
"{AE1C75D9-18D8-480D-810B-63C6D73F11B2}" = protocol=6 | dir=out | app=system |
"{B2F334EB-2C38-4914-A378-21348180D631}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B435BF41-5531-4B81-A66C-4183968A0E2E}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\regnum\liveserver\roclientgame.exe |
"{B49C7C26-51C7-4A0A-96AA-45FCABB3F76E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{B918F742-C2DA-4E47-BB6B-0A2BDC1C2696}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\skyrim\skyrimlauncher.exe |
"{BB241184-33D9-4952-A597-F1FE5BE128A3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BCD4AF54-802F-4893-8011-3B4F7A975673}" = protocol=17 | dir=in | app=d:\programdata\battle.net\agent\agent.1363\agent.exe |
"{BFA405C5-F4BC-48B5-9664-89F98A00D940}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C224B2C5-231C-4E78-A48D-D277FA5B4116}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\skyrim\skyrimlauncher.exe |
"{C294EA2D-17C2-4B6E-A32B-8BA381A6F9AD}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\regnum\liveserver\roclientgame.exe |
"{C701E8E8-CAAD-40D7-B95D-1B8E11A905CA}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\arma 2\arma2.exe |
"{CAD77283-E8E8-4A43-A00F-24C15E0EE2B6}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\bioshock infinite\binaries\win32\benchmark.bat |
"{D3698177-D3BA-4732-BAAE-7504D22E9698}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D6ACCF86-61C5-4F4F-9250-3A70FB4A9D8E}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{DE9BB8D5-E8BD-4053-BA41-2A5E87F5213D}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\forge\binaries\win32\forgegame.exe |
"{E3EE9F03-7F29-49FD-A8E1-0800BAFD943D}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\arma 2 operation arrowhead\arma2oa.exe |
"{E4CF3A49-151D-421F-B8CB-972B4AE40600}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED01A5EA-A5D2-4A95-ACB2-50ABA9B5861E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EDF639F8-F2BD-461D-9382-DA8461D09EC4}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\c9\c9mappingaccount.exe |
"{F6F8224A-9390-4ACD-8D18-6A1979BA85E9}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\borderlands 2\binaries\win32\launcher.exe |
"{F71EC1AA-FF0E-4183-BF47-141BF4319C46}" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\c9\c9mappingaccount.exe |
"{F79D5E59-6A99-4749-8805-C30B7117185D}" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\regnum\rolaunchersteam.exe |
"{FCBC8688-76D1-4868-8132-CC1AED36EC14}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE61EEB0-731F-4FD9-BD2A-6DD555213143}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{0BC812D7-6E04-4F02-98AF-3B4334BCA234}C:\program files (x86)\unity\editor\unity.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"TCP Query User{1AADA373-0386-4BF5-9860-64AAB176FDF6}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{414AFAF7-C7CB-4371-B557-7E5C60BC2177}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"TCP Query User{50FF4B10-5DF0-4D5D-8F3D-202567B89065}D:\users\dani\desktop\cryptload 1.1.8\routerclient.exe" = protocol=6 | dir=in | app=d:\users\dani\desktop\cryptload 1.1.8\routerclient.exe |
"TCP Query User{65A2E05D-620A-4CE9-BF4D-2269D63D993D}D:\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\spiele\guild wars 2\gw2.exe |
"TCP Query User{74A8D9DC-F805-4735-A2D3-0B452E7029E0}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{81BB1228-214D-403B-B2B8-4028BB9D9CC9}D:\spiele\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\spiele\guild wars 2\gw2.exe |
"TCP Query User{857C8531-94F4-4B88-A236-A9DABB3BE388}D:\spiele\steam spiele\moep99\garrysmod\hl2.exe" = protocol=6 | dir=in | app=d:\spiele\steam spiele\moep99\garrysmod\hl2.exe |
"TCP Query User{8C4BE9B3-96A5-413C-8D0D-6EB481B8DA16}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{950580A0-0A41-4294-B5CF-5AC3C91CA108}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{95CF2F89-041C-475A-9062-1F09B8C6A4BC}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"TCP Query User{BA396770-9CDE-4D2E-9AFB-9F719C3EBB4E}D:\spiele\steam spiele\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=d:\spiele\steam spiele\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{C3EAEA59-5186-453A-A6AA-811AB850FD27}D:\spiele\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=6 | dir=in | app=d:\spiele\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |
"TCP Query User{E311E6CD-CED5-4EC2-8CE2-5E8ABE0A3B93}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{FA157C45-4051-475B-A157-97D2C963B860}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{FEE6DA25-22D4-427A-B164-4C9FCD89C634}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{0257B358-609B-47A7-9B8B-EDA6D2F5BE7B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{0653A0FD-7773-44FE-9BB6-C92DF45F3291}D:\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\spiele\guild wars 2\gw2.exe |
"UDP Query User{0D007585-ABAE-4220-A8D3-9759FB9DE936}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"UDP Query User{1FF964D7-4C85-43D5-A154-49D518234609}C:\program files (x86)\bitcoin\bitcoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitcoin\bitcoin-qt.exe |
"UDP Query User{3D02248E-3B67-4FCF-9DBF-05E7D9F0BBB4}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{48E63C06-6F28-4DB3-BEBA-2269746902D8}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{5740D06B-C109-4B38-8810-E27CF487F23D}D:\spiele\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=17 | dir=in | app=d:\spiele\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |
"UDP Query User{58F32960-A2FF-40E2-86DC-DAD6FD492241}D:\users\dani\desktop\cryptload 1.1.8\routerclient.exe" = protocol=17 | dir=in | app=d:\users\dani\desktop\cryptload 1.1.8\routerclient.exe |
"UDP Query User{6AE3A2F3-C71D-425D-8286-E497DB4E31CB}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{B45C4585-8D82-4205-818D-375BC3A19F52}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{C0A8D077-E072-476C-9D3A-6D97F5B39D21}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{C5E4C0A0-D03C-4A38-BE8A-2982911A4D84}C:\program files (x86)\unity\editor\unity.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unity\editor\unity.exe |
"UDP Query User{D7E0A113-EA39-415F-8888-4B32AB481252}D:\spiele\steam spiele\moep99\garrysmod\hl2.exe" = protocol=17 | dir=in | app=d:\spiele\steam spiele\moep99\garrysmod\hl2.exe |
"UDP Query User{E1E22EB6-0724-49AA-95C1-66BBC6404FBD}D:\spiele\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\spiele\guild wars 2\gw2.exe |
"UDP Query User{E2293438-7D20-41FB-B863-79FFCC4457CF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{FDDE7BD3-F425-43D0-8A9A-7CC337BAEA8B}D:\spiele\steam spiele\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=d:\spiele\steam spiele\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{078B9199-C2A4-4468-BD5F-C060C51EC895}" = Microsoft Visual Studio 2012 IntelliTrace Core amd64
"{089E65D5-D06A-FE49-8D9C-9CABDF8858F5}" = ccc-utility64
"{0B497B28-5243-3329-9F10-DBB18E0963E6}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.51106
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 2012 Prerequisites - ENU Language Pack
"{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{28D85F24-B685-3364-BB7C-284C88C2FFE5}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
"{290329c4-a276-3aec-b633-9f5a39d8dd96}" = Python 3.3.0 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2EC3A3E2-E1EA-383D-BE76-D651C7852A05}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{41208EF0-FA40-3824-B330-5D59B666C720}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55EFD1A6-ED8E-3A4C-9581-5E1A1FF244CD}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU
"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
"{633AB014-DDE6-403E-A302-8920CC32C543}" = Microsoft Visual Studio 2012 Performance Collection Tools
"{64A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9 (64-bit)
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{6DB97EF8-603B-FB96-9B56-6F0D23E14263}" = AMD Media Foundation Decoders
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{73468C65-BC53-4D88-9246-75A5BB014DA2}" = JavaScript Tooling
"{783DD6D9-3A93-94A3-6B1F-3F534EF09419}" = AMD AVIVO64 Codecs
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82D8994C-8DC1-A68C-E966-AF915C9FE8B5}" = AMD Drag and Drop Transcoding
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{993F6DDC-63F8-4BCD-9B28-D941971A9CAC}" = Windows XP Targeting with C++
"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{D9F3D00D-E946-3B3D-A4A6-93D5020DB9F7}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"{F5D81C38-8EE1-722B-3803-1740A1420398}" = AMD Accelerated Video Transcoding
"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"{FE74AC04-F248-4641-B3A9-89C6AA4339CD}" = Microsoft Visual Studio 2012 Performance Collection Tools - ENU
"HardlinkShellExt" = Link Shell Extension
"Microsoft Security Client" = Microsoft Security Essentials
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{046806D1-0A38-3FCA-AF84-F71C50A0C363}" = Microsoft Visual Studio Premium 2012
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0666E46E-A860-4353-BE6D-13AA72FABB57}" = Microsoft XNA Game Studio Platform Tools
"{08C84CC6-E7FD-4B2D-BBF9-B02CC90EE031}" = Microsoft XNA Game Studio 4.0 (Shared Components)
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
"{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}" = Blend for Visual Studio SDK for Silverlight 5
"{0CE6E094-B07B-CC6B-F7FD-9D7BD7BE0D86}" = CCC Help Thai
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{100C8F3B-82D6-4B14-BB7A-5E8C3FF810C8}_is1" = Driver Fusion
"{1172AC15-080E-30E3-85B0-FF59AD2E6315}" = Microsoft Visual Studio Ultimate 2012 - ENU
"{1228E4A3-8371-4F9B-BA6F-3D34113811B9}" = Visual Studio Extensions for Windows Library for JavaScript
"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{18D606E9-9650-48DF-8D6E-5AC61C5AD1A9}" = Microsoft Visual Studio 2012 IntelliTrace Front End x86
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{246B0F46-F84E-4857-8C47-F2A86B598BC5}" = Microsoft Visual Studio 2012 Preparation
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Belkin N750 Dual Band Wireless USB Adapter
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2F8F489A-0476-3129-857B-A553F38B192D}" = Microsoft Visual C++ 2012 Core Libraries
"{30C27CAE-9266-3B47-837D-193C16EDB811}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{31641F51-67B3-4E7C-BC54-21069712CF0D}" = Microsoft Visual C++ 2012 Compilers - ENU Resources
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{37E53780-3944-4A6A-842F-727128E8616E}" = Blend for Visual Studio SDK for .NET 4.5
"{3857A262-3B88-127A-96DB-5317B0F9B78C}" = CCC Help Dutch
"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
"{3993DBF6-32F6-488B-9009-E156075AF7B7}" = CCC Help Greek
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A090DC5-ADF9-6B83-1095-017754BEC3D0}" = CCC Help Finnish
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{3BCD05CE-8CDE-9503-8794-D8CDB9FA8562}" = Catalyst Control Center InstallProxy
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{43002AE2-4093-49E0-A03D-990EE184C568}" = Lyrics Plugin for Windows Media Player
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{451526FA-52D1-41F2-B7E2-96343EC95853}" = Windows Azure Tools for LightSwitch HTML Client for Visual Studio 2012
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{471D4B16-BAD9-44CE-B266-E6BCCFE82D4B}" = TexturePacker
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{58E440C4-74D4-445C-B9C1-2984D1BC1971}" = Microsoft LightSwitch for Visual Studio 2012 v3.0 Core
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{59FB1BE3-155C-72B1-B5F6-B086DEB7D064}" = CCC Help Hungarian
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5EEA2FBB-1AAF-56D0-C2E5-580ACEA4DED5}" = CCC Help Russian
"{5FF5933C-61A3-4E7C-8029-DC9661DF5DEE}" = Microsoft Visual Studio 2012 IntelliTrace Core x86
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{68BD57D3-D606-411E-A7E0-3EB6EA5660F6}" = Microsoft XNA Game Studio 4.0 (Redists)
"{6A6F1B4D-1BCE-3703-93D8-4494FB7F1280}" = Microsoft Portable Library Multi-Targeting Pack
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6FC3B79F-47C6-38AF-B9A9-67DE3C639598}" = Microsoft Visual Studio Premium 2012 - ENU
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7106B820-2071-2B46-7817-5F6ADD1FA112}" = CCC Help Polish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{725B5F90-BD27-A74D-7685-48795904FCF3}" = CCC Help Japanese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73BE04D9-BA0E-4BAF-9C9D-677278BDB3DC}" = Microsoft XNA Game Studio 4.0 (ARP entry)
"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
"{78887CA0-E5F1-3C99-B120-95310B217AB8}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{790E9425-8570-493F-9AE7-81AFC9E46930}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{808118B1-60D6-4DCF-8077-73A4D3D8BB54}" = Microsoft Visual C++ 2012 x86-x64 Compilers
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82892947-1311-D6CA-8B79-2753E398FE32}" = CCC Help German
"{834B6E00-F509-40F2-A677-E86261184576}" = Blend for Visual Studio Add-in for Adobe FXG Import
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{855E0BF8-5448-9681-B36E-B84029D355E4}" = CCC Help Danish
"{8762B098-374D-4900-B68E-34BF2840E694}" = Microsoft Web Developer Tools 2012.2 - Visual Studio 2012
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{9090E44B-CFBA-47D4-2225-3037C539E7E9}" = Catalyst Control Center Graphics Previews Common
"{90DCE328-65D6-0CC0-14FF-A86D6EC57035}" = CCC Help Chinese Traditional
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
"{91C3236F-645F-52FD-6A83-A4CE5EE8028D}" = CCC Help Czech
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{943A7AF0-C019-0CFB-BA79-F063E7980B25}" = Catalyst Control Center
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95540FD3-4E2E-40E2-B315-120BB373DC23}" = Microsoft LightSwitch for Visual Studio 2012 v3.0 CoreRes - ENU
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A453EF2D-13C0-3BB8-833F-C0CF45F604C1}" = Microsoft Visual C++ 2012 Extended Libraries
"{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
"{A6CF1995-854B-0B57-BF9D-AD665C52493C}" = CCC Help Chinese Standard
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA57D6F1-6360-4397-B2D9-B21C69863D97}" = Secure Download Manager
"{AB0670D8-C462-750A-D34D-F18D38C0D64E}" = CCC Help Swedish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.7) - Deutsch
"{AD59DD0E-E36C-9FF1-2F22-ADFA10A43D61}" = CCC Help Italian
"{AFA4B0BF-3289-495A-B949-BA91F39B1A44}" = Entity Framework Designer for Visual Studio 2012 - enu
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B1465D1D-6427-4CA1-AE29-8B699209E663}" = Microsoft Visual Studio 2012 Devenv Resources
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B585A11C-4F6E-3532-97D4-3670FE94600D}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}" = LocalESPCui for en-us
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
"{BE4F3A79-8954-499C-AEF9-E8A3BC235677}" = JavaScript Tooling
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C1C7818F-8270-BA45-D317-675187B9E33E}" = CCC Help Korean
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C81452EB-CBCF-B8EB-3124-48C5B3D506B0}" = Windows Runtime Intellisense Content - en-us
"{C9115BBB-C00B-481A-FD6A-C2BCDC88D6A1}" = CCC Help Turkish
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFFDC0EC-6924-3347-B047-13339EDBEC28}" = Microsoft Visual Studio Professional 2012 - ENU
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D7ECDD70-EBAB-42AD-8BE3-2F4D1CEC70A7}" = DayZ Commander
"{D8EC110F-F88D-4DBA-B84C-C305A550B3D6}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E100AC00-5097-16FE-E007-3D5156FC2B93}" = CCC Help Portuguese
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{e238e1a0-7fbd-4146-a4ac-d48badcdf3ae}" = Microsoft Visual Studio Ultimate 2012
"{E3AA13F6-F494-D77F-C678-B8E6F8B66448}" = CCC Help Spanish
"{E4ADE757-7FE9-322D-9CAE-C77D77A2D2BF}" = Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
"{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu
"{E52C5468-A8E7-4DE5-8F99-057FF2C9BFE8}" = Microsoft Visual C++ 2012 Compilers
"{E56685FB-BC75-3BC4-526A-15FD1278F174}" = Catalyst Control Center Localization All
"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ECA16F5B-C5FD-2021-09B1-CA7CB49FDF46}" = CCC Help Norwegian
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF2586BE-6016-DBED-06AB-569B429893A1}" = CCC Help English
"{EFA87714-E75A-3BFC-A698-A3AABA5A8A0C}" = Microsoft Visual Studio Ultimate 2012
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA804794-2CCB-4301-954F-2C2894698876}" = Microsoft SQL Server Data Tools - enu (11.1.20627.00)
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"{FFC6E93A-B9AD-3F20-9B06-EE20E24AAEAF}" = Microsoft Visual C++ 2012 Core Libraries
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAEMON Tools Lite" = DAEMON Tools Lite
"Line 6 Uninstaller" = Line 6 Uninstaller
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"RaidCall" = RaidCall
"Steam App 12210" = Grand Theft Auto IV
"Steam App 223390" = Forge
"Steam App 224580" = Arma 2: DayZ Mod
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 4000" = Garry's Mod
"Steam App 49520" = Borderlands 2
"Steam App 570" = Dota 2
"Steam App 620" = Portal 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Tiled" = Tiled - Tiled Map Editor
"Trillian" = Trillian
"VLC media player" = VLC media player 2.0.4
"Winamp" = Winamp
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.05.2013 21:18:25 | Computer Name = Dani-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 9cd0 Startzeit: 01ce542ebe2a900a Endzeit: 2 Anwendungspfad:
D:\Spiele\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: fffd3d21-c021-11e2-8692-902b3435f1e3
Error - 18.05.2013 21:18:34 | Computer Name = Dani-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 9d5c Startzeit: 01ce542ec3cd0ef9 Endzeit: 2 Anwendungspfad:
D:\Spiele\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: 054a47d0-c022-11e2-8692-902b3435f1e3
Error - 18.05.2013 21:25:34 | Computer Name = Dani-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 19.05.2013 09:19:44 | Computer Name = Dani-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 19.05.2013 10:46:56 | Computer Name = Dani-PC | Source = Application Hang | ID = 1002
Description = Programm ArmA2OA.exe, Version 1.62.95.248 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2808 Startzeit:
01ce549fb0f18a24 Endzeit: 2 Anwendungspfad: C:\Program Files (x86)\Steam\steamapps\common\Arma
2 Operation Arrowhead\ArmA2OA.exe Berichts-ID: f27d9043-c092-11e2-bea9-902b3435f1e3
Error - 19.05.2013 14:29:20 | Computer Name = Dani-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 20.05.2013 07:40:45 | Computer Name = Dani-PC | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
> 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
Ereignisse übermittelt werden.
Error - 20.05.2013 18:55:40 | Computer Name = Dani-PC | Source = Application Hang | ID = 1002
Description = Programm LolClient.exe, Version 0.0.0.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2efc Startzeit:
01ce5564ae43bed5 Endzeit: 10 Anwendungspfad: D:\Spiele\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.18\deploy\LolClient.exe
Berichts-ID:
62d5e9a2-c1a0-11e2-b6f4-902b3435f1e3
Error - 20.05.2013 18:55:49 | Computer Name = Dani-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 9ba0 Startzeit: 01ce55ad27d90fda Endzeit: 1 Anwendungspfad:
D:\Spiele\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: 690149a3-c1a0-11e2-b6f4-902b3435f1e3
Error - 20.05.2013 18:55:58 | Computer Name = Dani-PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 9e58 Startzeit: 01ce55ad2c9ec01e Endzeit: 2 Anwendungspfad:
D:\Spiele\League of Legends\RADS\system\rads_user_kernel.exe Berichts-ID: 6e823654-c1a0-11e2-b6f4-902b3435f1e3
[ System Events ]
Error - 24.03.2013 15:16:49 | Computer Name = Dani-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.
Neue
Signaturversion: Vorherige Signaturversion: 18.36.0.0 Aktualisierungsquelle: %%851
Aktualisierungsphase:
%%852 Quellpfad: hxxp://go.microsoft.com/fwlink/?LinkID=260974&clcid=0x409&NRI=true&arch=x64&eng=2.1.8904.0&sig=18.36.0.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094
Signaturtyp:
%%886 Aktualisierungstyp: %%803 Benutzer: NT-AUTORITÄT\NETZWERKDIENST Aktuelle Modulversion:
Vorherige Modulversion: 2.1.8904.0 Fehlercode: 0x80072ee7 Fehlerbeschreibung: Der
Servername oder die Serveradresse konnte nicht verarbeitet werden.
Error - 24.03.2013 15:18:49 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 24.03.2013 15:18:49 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 24.03.2013 16:06:14 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Steam Client Service erreicht.
Error - 24.03.2013 16:06:14 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 25.03.2013 16:15:04 | Computer Name = Dani-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126
Error - 25.03.2013 16:17:06 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 25.03.2013 16:17:06 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
Error - 25.03.2013 18:11:27 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).
Error - 25.03.2013 18:11:27 | Computer Name = Dani-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069
< End of report >
|
|
04.06.2013, 23:32
| #7 |
| /// TB-Ausbilder | Sporadische Adf.ly-Popups, Verdacht auf Rootkit Hi, mach bitte so weiter: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Scan mit Combofix
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
05.06.2013, 15:37
| #8 |
| | Sporadische Adf.ly-Popups, Verdacht auf Rootkit Hallo, hier die angeforderten Logs: AdwCleaner: Code:
ATTFilter # AdwCleaner v2.301 - Datei am 05/06/2013 um 16:10:27 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Dani - DANI-PC
# Bootmodus : Normal
# Ausgeführt unter : D:\Users\Dani\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : d:\Users\Dani\AppData\Roaming\Mozilla\Firefox\Profiles\7qmo9taz.default\foxydeal.sqlite
Ordner Gelöscht : d:\Users\Dani\AppData\Roaming\Mozilla\Firefox\Profiles\7qmo9taz.default\jetpack
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v21.0 (de)
Datei : d:\Users\Dani\AppData\Roaming\Mozilla\Firefox\Profiles\7qmo9taz.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1180 octets] - [05/06/2013 16:10:27]
########## EOF - d:\AdwCleaner[S1].txt - [1240 octets] ##########
Code:
ATTFilter ComboFix 13-06-05.01 - Dani 05.06.2013 16:19:39.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8153.6268 [GMT 2:00]
ausgeführt von:: d:\users\Dani\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\SysWow64\d2d1debug1.dll
d:\users\Dani\AppData\Local\Temp\_MEI34762\_ctypes.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\_elementtree.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\_hashlib.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\_multiprocessing.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\_socket.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\_ssl.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\pyexpat.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\pysqlite2._sqlite.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\python27.dll
d:\users\Dani\AppData\Local\Temp\_MEI34762\pythoncom27.dll
d:\users\Dani\AppData\Local\Temp\_MEI34762\PyWinTypes27.dll
d:\users\Dani\AppData\Local\Temp\_MEI34762\select.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\unicodedata.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\win32api.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\win32com.shell.shell.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\win32crypt.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\win32event.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\win32file.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\win32inet.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\win32pdh.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\win32process.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\win32profile.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\win32security.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\win32ts.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\windows._cacheinvalidation.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\wx._controls_.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\wx._core_.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\wx._gdi_.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\wx._html2.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\wx._misc_.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\wx._windows_.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\wx._wizard.pyd
d:\users\Dani\AppData\Local\Temp\_MEI34762\wxbase294u_net_vc90.dll
d:\users\Dani\AppData\Local\Temp\_MEI34762\wxbase294u_vc90.dll
d:\users\Dani\AppData\Local\Temp\_MEI34762\wxmsw294u_adv_vc90.dll
d:\users\Dani\AppData\Local\Temp\_MEI34762\wxmsw294u_core_vc90.dll
d:\users\Dani\AppData\Local\Temp\_MEI34762\wxmsw294u_html_vc90.dll
d:\users\Dani\AppData\Local\Temp\_MEI34762\wxmsw294u_webview_vc90.dll
E:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-05 bis 2013-06-05 ))))))))))))))))))))))))))))))
.
.
2013-06-04 15:59 . 2009-01-25 11:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-06-04 15:58 . 2013-06-04 15:59 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-05-20 23:05 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-20 23:05 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-20 23:05 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-05-19 15:09 . 2013-05-19 15:09 -------- d-----w- c:\program files (x86)\Common Files\BattlEye
2013-05-19 14:43 . 2013-05-19 14:43 -------- d-----w- d:\users\Dani\AppData\Local\DayZCommander
2013-05-19 14:43 . 2013-05-19 14:43 -------- d-----w- c:\program files (x86)\Dotjosh Studios
2013-05-19 14:33 . 2013-05-19 16:22 -------- d-----w- d:\users\Dani\AppData\Local\ArmA 2 OA
2013-05-19 14:32 . 2013-05-19 14:32 -------- d-----w- d:\users\Dani\AppData\Local\ArmA 2
2013-05-15 19:13 . 2013-05-15 19:13 -------- d-----w- d:\users\Dani\AppData\Roaming\Malwarebytes
2013-05-15 19:13 . 2013-05-15 19:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-15 19:13 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-15 18:23 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 18:23 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 18:23 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 18:23 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 18:23 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 18:23 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 18:23 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 18:23 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 18:23 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 18:23 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-05-06 16:21 . 2013-05-06 16:21 -------- d-----w- c:\windows\SysWow64\xlive
2013-05-06 16:21 . 2013-05-06 16:21 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-05-06 16:20 . 2013-05-06 16:20 -------- d-----w- c:\program files (x86)\Microsoft XNA
2013-05-06 16:13 . 2013-05-06 16:13 -------- d-----w- c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 23:30 . 2012-08-10 00:10 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-14 18:09 . 2012-08-09 22:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 18:09 . 2012-08-09 22:19 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-20 23:05 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-20 23:05 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-20 23:05 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-20 23:05 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-20 23:05 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-20 23:05 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 16:47 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-05 20:24 . 2013-04-05 20:22 111960 ----a-w- c:\windows\dxsdkuninst.exe
2013-04-05 18:27 . 2013-04-05 18:27 564824 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-04-04 03:35 . 2013-03-24 19:39 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-24 19:39 . 2012-10-07 13:21 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-24 19:39 . 2012-10-07 13:21 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-19 06:04 . 2013-04-10 14:07 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 14:07 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 14:07 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 14:07 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 14:07 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 14:07 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-14 22:05 . 2013-03-14 22:05 2272320 ----a-w- c:\windows\SysWow64\VsGraphicsHelper.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
"NetLimiter"="c:\program files\NetLimiter 3\NLClientApp.exe" [2011-03-21 2910208]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-05-16 3830224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [x]
R3 L6GX;Service - Line 6 GX;c:\windows\system32\Drivers\L6GX64.sys;c:\windows\SYSNATIVE\Drivers\L6GX64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys;c:\program files\NetLimiter 3\nltdi.sys [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe;c:\program files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [x]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 18:09]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-13 13:00]
.
2013-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-13 13:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2012-05-27 19:50 522440 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2012-05-27 19:50 522440 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlaySymbolicLink]
@="{0A479751-02BC-11d3-A855-0004AC2568EE}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568EE}]
2012-05-27 19:50 522440 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:21320
uInternet Settings,ProxyOverride = *.local
Trusted Zone: line6.net
TCP: DhcpNameServer = 88.208.58.166 192.168.1.1
FF - ProfilePath - d:\users\Dani\AppData\Roaming\Mozilla\Firefox\Profiles\7qmo9taz.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2013-06-03 19:12; jid1-QpHD8URtZWJC2A@jetpack; d:\users\Dani\AppData\Roaming\Mozilla\Firefox\Profiles\7qmo9taz.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-jswtrayutil - c:\program files (x86)\NETGEAR\WNA1100\jswtrayutil.exe
Wow6432Node-HKLM-Run-StartCCC - c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-05 16:25:08 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-06-05 14:25
.
Vor Suchlauf: 8 Verzeichnis(se), 73.792.516.096 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 73.384.353.792 Bytes frei
.
- - End Of File - - EA812AF8F5B3A84A9C75DD4B719D6021
Code:
ATTFilter OTL logfile created on: 05.06.2013 16:30:03 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = d:\Users\Dani\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,25 Gb Available Physical Memory | 78,50% Memory free 15,96 Gb Paging File | 14,12 Gb Available in Paging File | 88,45% Paging File free Paging file location(s): d:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 68,49 Gb Free Space | 61,32% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 800,12 Gb Free Space | 85,90% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 600,58 Gb Free Space | 64,47% Space Free | Partition Type: NTFS Computer Name: DANI-PC | User Name: Dani | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.04 22:56:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\Dani\Desktop\OTL.exe PRC - [2013.05.23 18:35:24 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.01.15 01:00:00 | 002,578,312 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe PRC - [2012.06.28 17:41:58 | 002,206,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winamp.exe PRC - [2012.05.15 15:17:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.05.15 15:17:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.05.10 15:20:34 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.03.27 01:14:28 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.22 16:31:38 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe PRC - [2010.06.14 14:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe PRC - [2010.03.22 20:07:22 | 000,268,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ========== Modules (No Company Name) ========== MOD - [2013.06.05 16:27:36 | 001,175,040 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\wx._core_.pyd MOD - [2013.06.05 16:27:36 | 001,153,024 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\_ssl.pyd MOD - [2013.06.05 16:27:36 | 001,062,400 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\wx._controls_.pyd MOD - [2013.06.05 16:27:36 | 001,022,416 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\windows._cacheinvalidation.pyd MOD - [2013.06.05 16:27:36 | 000,811,008 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\wx._windows_.pyd MOD - [2013.06.05 16:27:36 | 000,805,888 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\wx._gdi_.pyd MOD - [2013.06.05 16:27:36 | 000,735,232 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\wx._misc_.pyd MOD - [2013.06.05 16:27:36 | 000,711,680 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\_hashlib.pyd MOD - [2013.06.05 16:27:36 | 000,686,080 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\unicodedata.pyd MOD - [2013.06.05 16:27:36 | 000,557,056 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\pysqlite2._sqlite.pyd MOD - [2013.06.05 16:27:36 | 000,364,544 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\pythoncom27.dll MOD - [2013.06.05 16:27:36 | 000,320,512 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\win32com.shell.shell.pyd MOD - [2013.06.05 16:27:36 | 000,128,512 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\_elementtree.pyd MOD - [2013.06.05 16:27:36 | 000,127,488 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\pyexpat.pyd MOD - [2013.06.05 16:27:36 | 000,122,368 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\wx._wizard.pyd MOD - [2013.06.05 16:27:36 | 000,119,808 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\win32file.pyd MOD - [2013.06.05 16:27:36 | 000,110,080 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\pywintypes27.dll MOD - [2013.06.05 16:27:36 | 000,108,544 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\win32security.pyd MOD - [2013.06.05 16:27:36 | 000,098,816 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\win32api.pyd MOD - [2013.06.05 16:27:36 | 000,087,040 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\_ctypes.pyd MOD - [2013.06.05 16:27:36 | 000,070,656 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\wx._html2.pyd MOD - [2013.06.05 16:27:36 | 000,044,032 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\_socket.pyd MOD - [2013.06.05 16:27:36 | 000,038,912 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\win32inet.pyd MOD - [2013.06.05 16:27:36 | 000,035,840 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\win32process.pyd MOD - [2013.06.05 16:27:36 | 000,026,624 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\_multiprocessing.pyd MOD - [2013.06.05 16:27:36 | 000,025,600 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\win32pdh.pyd MOD - [2013.06.05 16:27:36 | 000,022,528 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\win32ts.pyd MOD - [2013.06.05 16:27:36 | 000,018,432 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\win32event.pyd MOD - [2013.06.05 16:27:36 | 000,017,408 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\win32profile.pyd MOD - [2013.06.05 16:27:36 | 000,011,264 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\win32crypt.pyd MOD - [2013.06.05 16:27:36 | 000,010,240 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI33802\select.pyd MOD - [2013.05.23 18:35:10 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2013.03.02 20:38:20 | 000,623,616 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jnetlib.w5s MOD - [2013.03.02 20:38:20 | 000,154,624 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jpeg.w5s MOD - [2013.03.02 20:38:20 | 000,091,136 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\xml.w5s MOD - [2013.03.02 20:38:20 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\png.w5s MOD - [2013.03.02 20:38:20 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\playlist.w5s MOD - [2013.03.02 20:38:20 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\Winamp\tataki.dll MOD - [2013.03.02 20:38:20 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\Winamp\zlib.dll MOD - [2013.03.02 20:38:20 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\timer.w5s MOD - [2013.03.02 20:38:20 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\tagz.w5s MOD - [2013.03.02 20:38:20 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\primo.w5s MOD - [2013.03.02 20:38:19 | 001,737,728 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll MOD - [2013.03.02 20:38:19 | 000,417,280 | ---- | M] () -- C:\Program Files (x86)\Winamp\nsutil.dll MOD - [2013.03.02 20:38:19 | 000,340,992 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac MOD - [2013.03.02 20:38:19 | 000,318,976 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll MOD - [2013.03.02 20:38:19 | 000,313,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wm.dll MOD - [2013.03.02 20:38:19 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_local.dll MOD - [2013.03.02 20:38:19 | 000,290,816 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll MOD - [2013.03.02 20:38:19 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\libsndfile.dll MOD - [2013.03.02 20:38:19 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll MOD - [2013.03.02 20:38:19 | 000,249,856 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll MOD - [2013.03.02 20:38:19 | 000,240,640 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll MOD - [2013.03.02 20:38:19 | 000,201,728 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll MOD - [2013.03.02 20:38:19 | 000,185,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll MOD - [2013.03.02 20:38:19 | 000,174,080 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\auth.w5s MOD - [2013.03.02 20:38:19 | 000,164,864 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mod.dll MOD - [2013.03.02 20:38:19 | 000,124,928 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_online.dll MOD - [2013.03.02 20:38:19 | 000,118,272 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll MOD - [2013.03.02 20:38:19 | 000,113,664 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll MOD - [2013.03.02 20:38:19 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_midi.dll MOD - [2013.03.02 20:38:19 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll MOD - [2013.03.02 20:38:19 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll MOD - [2013.03.02 20:38:19 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll MOD - [2013.03.02 20:38:19 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Winamp\nde.dll MOD - [2013.03.02 20:38:19 | 000,075,264 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll MOD - [2013.03.02 20:38:19 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll MOD - [2013.03.02 20:38:19 | 000,068,608 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_avi.dll MOD - [2013.03.02 20:38:19 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flac.dll MOD - [2013.03.02 20:38:19 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll MOD - [2013.03.02 20:38:19 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll MOD - [2013.03.02 20:38:19 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll MOD - [2013.03.02 20:38:19 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll MOD - [2013.03.02 20:38:19 | 000,052,736 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll MOD - [2013.03.02 20:38:19 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_ds.dll MOD - [2013.03.02 20:38:19 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_history.dll MOD - [2013.03.02 20:38:19 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll MOD - [2013.03.02 20:38:19 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\devices.w5s MOD - [2013.03.02 20:38:19 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flv.dll MOD - [2013.03.02 20:38:19 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll MOD - [2013.03.02 20:38:19 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll MOD - [2013.03.02 20:38:19 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll MOD - [2013.03.02 20:38:19 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll MOD - [2013.03.02 20:38:19 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll MOD - [2013.03.02 20:38:19 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll MOD - [2013.03.02 20:38:19 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_swf.dll MOD - [2013.03.02 20:38:19 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\albumart.w5s MOD - [2013.03.02 20:38:19 | 000,022,528 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_disk.dll MOD - [2013.03.02 20:38:19 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll MOD - [2013.03.02 20:38:19 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gif.w5s MOD - [2013.03.02 20:38:19 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\bmp.w5s MOD - [2013.03.02 20:38:19 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_wave.dll MOD - [2013.03.02 20:38:19 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wave.dll MOD - [2013.03.02 20:38:19 | 000,016,896 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\dlmgr.w5s MOD - [2013.03.02 20:38:19 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gracenote.w5s MOD - [2013.03.02 20:38:19 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\filereader.w5s MOD - [2013.03.02 20:38:19 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_linein.dll MOD - [2013.01.15 01:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Trillian\libpng15.dll MOD - [2013.01.15 01:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll MOD - [2013.01.15 01:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll MOD - [2013.01.15 01:00:00 | 000,010,752 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\buddy.dll MOD - [2013.01.15 01:00:00 | 000,007,168 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\talk.dll MOD - [2013.01.15 01:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\trillian.dll MOD - [2013.01.15 01:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\events.dll MOD - [2013.01.15 01:00:00 | 000,003,584 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\toolkit.dll MOD - [2010.12.13 12:06:26 | 000,638,976 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_ipod.dll MOD - [2010.12.13 12:03:34 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Winamp\plugins\ml_ipod\ui.dll MOD - [2010.06.14 14:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe MOD - [2009.08.28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.23 18:35:23 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.19 17:09:43 | 000,053,248 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.05.14 20:09:31 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.01 09:45:15 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2013.03.01 09:43:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.29 12:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.07.25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service) SRV - [2012.07.25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.05.15 15:17:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.05.15 15:17:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.05.10 15:20:34 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.04.20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.02.11 08:55:04 | 000,129,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011.11.22 16:31:38 | 000,451,936 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe -- (RalinkRegistryWriter64) SRV - [2011.11.22 16:31:38 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2011.03.21 17:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Programme\NetLimiter 3\nlsvc.exe -- (nlsvc) SRV - [2010.03.22 20:07:22 | 000,268,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100) SRV - [2010.03.22 20:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.05 20:27:19 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 19:14:02 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6GX64.sys -- (L6GX) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.04.25 09:07:18 | 000,104,560 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012.03.27 01:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.03.27 01:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.03.27 01:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.16 21:17:40 | 001,675,840 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2011.03.21 17:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT) DRV:64bit: - [2011.03.21 17:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.03.09 16:33:10 | 001,849,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008.05.15 02:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF) DRV:64bit: - [2007.01.19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2012.07.13 16:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110) DRV - [2011.03.21 17:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Programme\NetLimiter 3\nltdi.sys -- (nltdi) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 7A D7 B7 BB B6 CD 01 [binary data] IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "eBay" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*'))%20%7B%20return%20'PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 80 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 80 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 80 FF - prefs.js..network.proxy.ftp: "127.0.0.1" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "127.0.0.1" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "127.0.0.1" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: d:\Users\Dani\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.23 18:35:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.23 18:35:07 | 000,000,000 | ---D | M] [2012.08.10 00:15:18 | 000,000,000 | ---D | M] (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\Extensions [2013.06.03 19:12:34 | 000,000,000 | ---D | M] (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\7qmo9taz.default\extensions [2013.04.05 22:25:02 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- d:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\7qmo9taz.default\extensions\ich@maltegoetz.de [2013.06.03 19:12:34 | 000,374,078 | ---- | M] () (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\7qmo9taz.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013.05.08 21:00:25 | 000,870,680 | ---- | M] () (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\7qmo9taz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.24 16:37:16 | 000,434,392 | ---- | M] () (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\7qmo9taz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013.05.23 18:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.23 18:35:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.06.05 16:23:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd) O4 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..Trusted Domains: line6.net ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.208.58.166 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35ABAE31-17B1-48E1-A4F7-A319F6F08AF3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9DE9B3B-D6F4-44C4-9ABA-AE230A8CDF98}: DhcpNameServer = 88.208.58.166 192.168.1.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.10 06:33:52 | 000,000,000 | R--D | M] - E:\autorun -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.05 16:23:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.06.05 16:22:31 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.05 16:18:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.05 16:18:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.05 16:18:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.05 16:18:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.05 16:18:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.04 22:56:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\Users\Dani\Desktop\OTL.exe [2013.06.04 21:49:28 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.06.04 17:59:25 | 000,000,000 | ---D | C] -- d:\ProgramData\Spybot - Search & Destroy [2013.06.04 17:59:00 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.06.04 17:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.05.23 18:42:22 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\Heroes of Umbra [2013.05.23 18:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.22 23:09:24 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\gdx-texturepacker-3.2.0 [2013.05.19 17:09:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye [2013.05.19 17:02:46 | 000,000,000 | ---D | C] -- d:\ProgramData\Bohemia Interactive Studio [2013.05.19 16:43:25 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Local\DayZCommander [2013.05.19 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios [2013.05.19 16:33:35 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Local\ArmA 2 OA [2013.05.19 16:32:22 | 000,000,000 | ---D | C] -- d:\Users\Dani\Documents\ArmA 2 [2013.05.19 16:32:22 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Local\ArmA 2 [2013.05.19 16:32:17 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2013.05.18 18:12:50 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\6px [2013.05.15 21:13:50 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Roaming\Malwarebytes [2013.05.15 21:13:39 | 000,000,000 | ---D | C] -- d:\ProgramData\Malwarebytes [2013.05.15 21:13:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.15 21:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.14 19:47:20 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\kryonet-2.20 [2013.05.10 18:59:51 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\jd-gui-0.3.5.windows [2013.05.06 18:21:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2013.05.06 18:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2013.05.06 18:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2013.05.06 18:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.05 16:27:37 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.05 16:27:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.05 16:26:22 | 000,022,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 16:26:22 | 000,022,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 16:23:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.06.05 16:17:47 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.05 16:17:47 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.05 16:17:47 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.05 16:17:47 | 000,149,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.05 16:17:47 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.05 16:17:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.05 16:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.04 22:56:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\Dani\Desktop\OTL.exe [2013.06.04 18:03:55 | 000,448,539 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130604-191031.backup [2013.05.23 18:44:01 | 000,005,906 | ---- | M] () -- d:\Users\Dani\Desktop\grasfield.png [2013.05.23 18:44:01 | 000,001,390 | ---- | M] () -- d:\Users\Dani\Desktop\grasfield.pack [2013.05.22 23:07:35 | 007,465,366 | ---- | M] () -- d:\Users\Dani\Desktop\gdx-texturepacker-3.2.0.zip [2013.05.22 17:55:02 | 007,810,128 | ---- | M] () -- d:\Users\Dani\Desktop\Silverstein - Smashed Into Pieces (2013).mp3 [2013.05.21 20:25:10 | 003,147,197 | ---- | M] () -- d:\Users\Dani\Desktop\Element Eighty - Broken Promises.mp3 [2013.05.21 15:26:46 | 000,000,219 | ---- | M] () -- d:\Users\Dani\Desktop\Dota 2.url [2013.05.21 01:09:04 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.21 01:09:03 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.21 01:06:16 | 001,593,956 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.20 14:14:10 | 000,047,198 | ---- | M] () -- d:\Users\Dani\Desktop\Kurzfassung.zip [2013.05.19 03:23:43 | 002,895,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.18 02:10:32 | 009,514,359 | ---- | M] () -- d:\Users\Dani\Desktop\hiero.jar [2013.05.16 20:58:49 | 017,698,934 | ---- | M] () -- d:\Users\Dani\Desktop\Medienprojekt_Backup.zip [2013.05.14 19:39:38 | 002,005,341 | ---- | M] () -- d:\Users\Dani\Desktop\kryonet-2.20.zip [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.05 16:18:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.05 16:18:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.05 16:18:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.05 16:18:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.05 16:18:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.23 18:44:01 | 000,005,906 | ---- | C] () -- d:\Users\Dani\Desktop\grasfield.png [2013.05.23 18:44:01 | 000,001,390 | ---- | C] () -- d:\Users\Dani\Desktop\grasfield.pack [2013.05.22 23:07:24 | 007,465,366 | ---- | C] () -- d:\Users\Dani\Desktop\gdx-texturepacker-3.2.0.zip [2013.05.22 17:54:57 | 007,810,128 | ---- | C] () -- d:\Users\Dani\Desktop\Silverstein - Smashed Into Pieces (2013).mp3 [2013.05.21 20:25:10 | 003,147,197 | ---- | C] () -- d:\Users\Dani\Desktop\Element Eighty - Broken Promises.mp3 [2013.05.21 15:26:46 | 000,000,219 | ---- | C] () -- d:\Users\Dani\Desktop\Dota 2.url [2013.05.21 01:09:04 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.21 01:09:03 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.20 14:14:01 | 000,047,198 | ---- | C] () -- d:\Users\Dani\Desktop\Kurzfassung.zip [2013.05.18 02:10:17 | 009,514,359 | ---- | C] () -- d:\Users\Dani\Desktop\hiero.jar [2013.05.14 19:39:36 | 002,005,341 | ---- | C] () -- d:\Users\Dani\Desktop\kryonet-2.20.zip [2013.05.11 22:43:25 | 017,698,934 | ---- | C] () -- d:\Users\Dani\Desktop\Medienprojekt_Backup.zip [2013.04.23 21:24:06 | 000,000,056 | ---- | C] () -- d:\Users\Dani\.gitconfig [2013.02.28 07:07:15 | 000,000,000 | ---- | C] () -- d:\Users\Dani\__ng3d.lock [2012.11.20 01:56:54 | 000,000,218 | ---- | C] () -- d:\Users\Dani\.recently-used.xbel [2012.11.03 01:13:59 | 000,007,604 | ---- | C] () -- d:\Users\Dani\AppData\Local\Resmon.ResmonCfg [2012.08.27 14:30:06 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012.08.12 03:08:58 | 000,003,072 | ---- | C] () -- d:\Users\Dani\AppData\Local\file__0.localstorage [2012.08.10 00:46:52 | 001,593,956 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.10 00:10:00 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.08.10 00:09:18 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2012.08.10 00:09:18 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.02 21:19:51 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Audacity [2013.04.09 18:30:45 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Bitcoin [2013.04.14 00:01:25 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\DAEMON Tools Lite [2013.04.05 19:31:17 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\e-academy Inc [2012.11.20 01:47:08 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\gtk-2.0 [2013.02.05 22:18:30 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Line 6 [2012.08.10 00:42:32 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\LolClient [2012.11.20 01:16:41 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\MonoDevelop-3.0 [2012.10.02 17:53:45 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\MonoDevelop-Unity-2.8 [2012.10.02 17:52:47 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\PACE Anti-Piracy [2013.04.04 16:04:35 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\raidcall [2012.11.20 00:57:18 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\stetic [2012.10.05 01:22:43 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\TeamViewer [2012.10.22 18:57:15 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Trillian [2013.05.24 00:32:30 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\TS3Client [2012.08.15 01:09:41 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\ts3overlay [2012.10.02 17:53:23 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Unity ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1133 bytes -> d:\Users\Dani\AppData\Local\MtU6VhvQJQn:cFhHSrafV9iwkp3kFEJXN < End of report > |
|
05.06.2013, 16:36
| #9 |
| /// TB-Ausbilder | Sporadische Adf.ly-Popups, Verdacht auf Rootkit Hi, wie läuft der Rechner jetzt? Schritt 1 Fixen mit OTL
Code:
ATTFilter :OTL
@Alternate Data Stream - 1133 bytes -> d:\Users\Dani\AppData\Local\MtU6VhvQJQn:cFhHSrafV9iwkp3kFEJXN
IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 2
:commands
[emptytemp]
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Schritt 4 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
05.06.2013, 19:07
| #10 |
| | Sporadische Adf.ly-Popups, Verdacht auf Rootkit Ich war ein wenig im Internet unterwegs und bisher scheint alles wieder sauber zu sein Allerdings wird sich das wohl erst im Laufe des Abends wirklich zeigen, da die Popups recht zufällig erschienen sind. Kannst du mich aufklären was genau das war? Komischerweise ist mir das ja gestern auch auf Android passiert, allerdings werde ich da in den nächsten Tagen sowieso ein neues ROM aufspielen. Das dürfte das Problem wohl beheben. Hier trotzdem noch die Logs: Fixlog von OTL: Code:
ATTFilter All processes killed
========== OTL ==========
ADS d:\Users\Dani\AppData\Local\MtU6VhvQJQn:cFhHSrafV9iwkp3kFEJXN deleted successfully.
HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.backup.ftp
Prefs.js: 80 removed from network.proxy.backup.ftp_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.socks
Prefs.js: 80 removed from network.proxy.backup.socks_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.ssl
Prefs.js: 80 removed from network.proxy.backup.ssl_port
Prefs.js: "127.0.0.1" removed from network.proxy.ftp
Prefs.js: 80 removed from network.proxy.ftp_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "127.0.0.1" removed from network.proxy.socks
Prefs.js: 80 removed from network.proxy.socks_port
Prefs.js: "127.0.0.1" removed from network.proxy.ssl
Prefs.js: 80 removed from network.proxy.ssl_port
Prefs.js: 2 removed from network.proxy.type
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Dani
->Temp folder emptied: 41292066 bytes
->Temporary Internet Files folder emptied: 8267381 bytes
->Java cache emptied: 3125023 bytes
->FireFox cache emptied: 110684134 bytes
->Flash cache emptied: 57175 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12616 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42286783 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 196,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 06052013_174948
Files\Folders moved on Reboot...
d:\Users\Dani\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
d:\Users\Dani\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=f87ad4412a502042a1cafc33b37fd273
# engine=14005
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-05 05:57:06
# local_time=2013-06-05 07:57:06 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 25903732 122084876 0 0
# scanned=352143
# found=0
# cleaned=0
# scan_time=7296
Code:
ATTFilter Results of screen317's Security Check version 0.99.64 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 Visual Studio Extensions for Windows Library for JavaScript Java 7 Update 21 JavaScript Tooling Adobe Flash Player 11.7.700.202 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox (21.0) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Spybot Teatimer.exe is disabled! `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter OTL logfile created on: 05.06.2013 20:01:35 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = d:\Users\Dani\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 5,57 Gb Available Physical Memory | 70,00% Memory free 15,96 Gb Paging File | 13,66 Gb Available in Paging File | 85,58% Paging File free Paging file location(s): d:\pagefile.sys 8192 8192 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 68,30 Gb Free Space | 61,15% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 800,22 Gb Free Space | 85,91% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 642,10 Gb Free Space | 68,93% Space Free | Partition Type: NTFS Computer Name: DANI-PC | User Name: Dani | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.04 22:56:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\Dani\Desktop\OTL.exe PRC - [2013.05.23 18:35:24 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013.05.16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2013.05.16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2013.05.16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2013.05.15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2013.05.14 20:09:31 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe PRC - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.01.15 01:00:00 | 002,578,312 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe PRC - [2012.05.15 15:17:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.05.15 15:17:22 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.05.10 15:20:34 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.03.27 01:14:28 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.11.22 16:31:38 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe PRC - [2010.06.14 14:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe PRC - [2010.03.22 20:07:22 | 000,268,768 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe ========== Modules (No Company Name) ========== MOD - [2013.06.05 17:51:39 | 001,175,040 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\wx._core_.pyd MOD - [2013.06.05 17:51:39 | 001,153,024 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\_ssl.pyd MOD - [2013.06.05 17:51:39 | 001,022,416 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\windows._cacheinvalidation.pyd MOD - [2013.06.05 17:51:39 | 000,805,888 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\wx._gdi_.pyd MOD - [2013.06.05 17:51:39 | 000,735,232 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\wx._misc_.pyd MOD - [2013.06.05 17:51:39 | 000,557,056 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\pysqlite2._sqlite.pyd MOD - [2013.06.05 17:51:39 | 000,364,544 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\pythoncom27.dll MOD - [2013.06.05 17:51:39 | 000,320,512 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\win32com.shell.shell.pyd MOD - [2013.06.05 17:51:39 | 000,128,512 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\_elementtree.pyd MOD - [2013.06.05 17:51:39 | 000,110,080 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\pywintypes27.dll MOD - [2013.06.05 17:51:39 | 000,108,544 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\win32security.pyd MOD - [2013.06.05 17:51:39 | 000,098,816 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\win32api.pyd MOD - [2013.06.05 17:51:39 | 000,087,040 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\_ctypes.pyd MOD - [2013.06.05 17:51:39 | 000,070,656 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\wx._html2.pyd MOD - [2013.06.05 17:51:39 | 000,044,032 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\_socket.pyd MOD - [2013.06.05 17:51:39 | 000,026,624 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\_multiprocessing.pyd MOD - [2013.06.05 17:51:39 | 000,025,600 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\win32pdh.pyd MOD - [2013.06.05 17:51:39 | 000,022,528 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\win32ts.pyd MOD - [2013.06.05 17:51:39 | 000,017,408 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\win32profile.pyd MOD - [2013.06.05 17:51:39 | 000,011,264 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\win32crypt.pyd MOD - [2013.06.05 17:51:38 | 001,062,400 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\wx._controls_.pyd MOD - [2013.06.05 17:51:38 | 000,811,008 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\wx._windows_.pyd MOD - [2013.06.05 17:51:38 | 000,711,680 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\_hashlib.pyd MOD - [2013.06.05 17:51:38 | 000,686,080 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\unicodedata.pyd MOD - [2013.06.05 17:51:38 | 000,127,488 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\pyexpat.pyd MOD - [2013.06.05 17:51:38 | 000,122,368 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\wx._wizard.pyd MOD - [2013.06.05 17:51:38 | 000,119,808 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\win32file.pyd MOD - [2013.06.05 17:51:38 | 000,038,912 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\win32inet.pyd MOD - [2013.06.05 17:51:38 | 000,035,840 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\win32process.pyd MOD - [2013.06.05 17:51:38 | 000,018,432 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\win32event.pyd MOD - [2013.06.05 17:51:38 | 000,010,240 | ---- | M] () -- d:\Users\Dani\AppData\Local\Temp\_MEI40002\select.pyd MOD - [2013.05.23 18:35:10 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013.05.16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2013.05.14 20:09:30 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll MOD - [2013.01.15 01:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Trillian\libpng15.dll MOD - [2013.01.15 01:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll MOD - [2013.01.15 01:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll MOD - [2013.01.15 01:00:00 | 000,010,752 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\buddy.dll MOD - [2013.01.15 01:00:00 | 000,007,168 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\talk.dll MOD - [2013.01.15 01:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\trillian.dll MOD - [2013.01.15 01:00:00 | 000,006,656 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\events.dll MOD - [2013.01.15 01:00:00 | 000,003,584 | ---- | M] () -- c:\program files (x86)\trillian\languages\en\toolkit.dll MOD - [2010.06.14 14:56:02 | 004,573,664 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe MOD - [2009.08.28 16:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.05.23 18:35:23 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.19 17:09:43 | 000,053,248 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService) SRV - [2013.05.14 20:09:31 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.01 09:45:15 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2013.03.01 09:43:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2013.01.18 09:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.12.29 12:34:47 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.07.25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service) SRV - [2012.07.25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc) SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.05.15 15:17:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.05.15 15:17:22 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.05.10 15:20:34 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.04.20 14:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.02.11 08:55:04 | 000,129,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2011.11.22 16:31:38 | 000,451,936 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry64.exe -- (RalinkRegistryWriter64) SRV - [2011.11.22 16:31:38 | 000,374,112 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Belkin\F9L1103\v1\Common\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2011.03.21 17:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Programme\NetLimiter 3\nlsvc.exe -- (nlsvc) SRV - [2010.03.22 20:07:22 | 000,268,768 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100) SRV - [2010.03.22 20:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.05 20:27:19 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 19:14:02 | 000,772,224 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6GX64.sys -- (L6GX) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.04.25 09:07:18 | 000,104,560 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2012.03.27 01:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.03.27 01:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.03.27 01:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.12.16 21:17:40 | 001,675,840 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux) DRV:64bit: - [2011.03.21 17:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT) DRV:64bit: - [2011.03.21 17:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.03.09 16:33:10 | 001,849,856 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV:64bit: - [2008.05.15 02:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF) DRV:64bit: - [2007.01.19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2012.07.13 16:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110) DRV - [2011.03.21 17:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Programme\NetLimiter 3\nltdi.sys -- (nltdi) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 7A D7 B7 BB B6 CD 01 [binary data] IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "eBay" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0 FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*'))%20%7B%20return%20'PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: "" FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: "" FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: "" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: d:\Users\Dani\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.23 18:35:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.05.23 18:35:07 | 000,000,000 | ---D | M] [2012.08.10 00:15:18 | 000,000,000 | ---D | M] (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\Extensions [2013.06.03 19:12:34 | 000,000,000 | ---D | M] (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\7qmo9taz.default\extensions [2013.04.05 22:25:02 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- d:\Users\Dani\AppData\Roaming\mozilla\Firefox\Profiles\7qmo9taz.default\extensions\ich@maltegoetz.de [2013.06.03 19:12:34 | 000,374,078 | ---- | M] () (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\7qmo9taz.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013.05.08 21:00:25 | 000,870,680 | ---- | M] () (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\7qmo9taz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.24 16:37:16 | 000,434,392 | ---- | M] () (No name found) -- d:\Users\Dani\AppData\Roaming\mozilla\firefox\profiles\7qmo9taz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2013.05.23 18:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2013.05.23 18:35:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013.06.05 16:23:30 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd) O4 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) O4 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-472337326-3317163276-3011696562-1000\..Trusted Domains: line6.net ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.208.58.166 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35ABAE31-17B1-48E1-A4F7-A319F6F08AF3}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9DE9B3B-D6F4-44C4-9ABA-AE230A8CDF98}: DhcpNameServer = 88.208.58.166 192.168.1.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.10 06:33:52 | 000,000,000 | R--D | M] - E:\autorun -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.05 16:23:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013.06.05 16:22:31 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.05 16:18:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.05 16:18:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.05 16:18:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.05 16:18:34 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.05 16:18:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.04 22:56:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- d:\Users\Dani\Desktop\OTL.exe [2013.06.04 21:49:28 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013.06.04 17:59:25 | 000,000,000 | ---D | C] -- d:\ProgramData\Spybot - Search & Destroy [2013.06.04 17:59:00 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.06.04 17:58:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.05.23 18:42:22 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\Heroes of Umbra [2013.05.23 18:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.05.22 23:09:24 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\gdx-texturepacker-3.2.0 [2013.05.19 17:09:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BattlEye [2013.05.19 17:02:46 | 000,000,000 | ---D | C] -- d:\ProgramData\Bohemia Interactive Studio [2013.05.19 16:43:25 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Local\DayZCommander [2013.05.19 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios [2013.05.19 16:33:35 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Local\ArmA 2 OA [2013.05.19 16:32:22 | 000,000,000 | ---D | C] -- d:\Users\Dani\Documents\ArmA 2 [2013.05.19 16:32:22 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Local\ArmA 2 [2013.05.19 16:32:17 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive [2013.05.18 18:12:50 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\6px [2013.05.15 21:13:50 | 000,000,000 | ---D | C] -- d:\Users\Dani\AppData\Roaming\Malwarebytes [2013.05.15 21:13:39 | 000,000,000 | ---D | C] -- d:\ProgramData\Malwarebytes [2013.05.15 21:13:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.15 21:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.14 19:47:20 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\kryonet-2.20 [2013.05.10 18:59:51 | 000,000,000 | ---D | C] -- d:\Users\Dani\Desktop\jd-gui-0.3.5.windows ========== Files - Modified Within 30 Days ========== [2013.06.05 19:17:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.05 19:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.05 17:57:56 | 000,022,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 17:57:56 | 000,022,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.05 17:57:40 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.05 17:57:40 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.05 17:57:40 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.05 17:57:40 | 000,149,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.05 17:57:40 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.05 17:51:02 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.05 17:50:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.05 16:23:30 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.06.04 22:56:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- d:\Users\Dani\Desktop\OTL.exe [2013.06.04 18:03:55 | 000,448,539 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130604-191031.backup [2013.05.23 18:44:01 | 000,005,906 | ---- | M] () -- d:\Users\Dani\Desktop\grasfield.png [2013.05.23 18:44:01 | 000,001,390 | ---- | M] () -- d:\Users\Dani\Desktop\grasfield.pack [2013.05.22 23:07:35 | 007,465,366 | ---- | M] () -- d:\Users\Dani\Desktop\gdx-texturepacker-3.2.0.zip [2013.05.22 17:55:02 | 007,810,128 | ---- | M] () -- d:\Users\Dani\Desktop\Silverstein - Smashed Into Pieces (2013).mp3 [2013.05.21 20:25:10 | 003,147,197 | ---- | M] () -- d:\Users\Dani\Desktop\Element Eighty - Broken Promises.mp3 [2013.05.21 15:26:46 | 000,000,219 | ---- | M] () -- d:\Users\Dani\Desktop\Dota 2.url [2013.05.21 01:09:04 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.21 01:09:03 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.21 01:06:16 | 001,593,956 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.05.20 14:14:10 | 000,047,198 | ---- | M] () -- d:\Users\Dani\Desktop\Kurzfassung.zip [2013.05.19 03:23:43 | 002,895,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.18 02:10:32 | 009,514,359 | ---- | M] () -- d:\Users\Dani\Desktop\hiero.jar [2013.05.16 20:58:49 | 017,698,934 | ---- | M] () -- d:\Users\Dani\Desktop\Medienprojekt_Backup.zip [2013.05.14 19:39:38 | 002,005,341 | ---- | M] () -- d:\Users\Dani\Desktop\kryonet-2.20.zip ========== Files Created - No Company Name ========== [2013.06.05 16:18:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.05 16:18:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.05 16:18:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.05 16:18:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.05 16:18:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.23 18:44:01 | 000,005,906 | ---- | C] () -- d:\Users\Dani\Desktop\grasfield.png [2013.05.23 18:44:01 | 000,001,390 | ---- | C] () -- d:\Users\Dani\Desktop\grasfield.pack [2013.05.22 23:07:24 | 007,465,366 | ---- | C] () -- d:\Users\Dani\Desktop\gdx-texturepacker-3.2.0.zip [2013.05.22 17:54:57 | 007,810,128 | ---- | C] () -- d:\Users\Dani\Desktop\Silverstein - Smashed Into Pieces (2013).mp3 [2013.05.21 20:25:10 | 003,147,197 | ---- | C] () -- d:\Users\Dani\Desktop\Element Eighty - Broken Promises.mp3 [2013.05.21 15:26:46 | 000,000,219 | ---- | C] () -- d:\Users\Dani\Desktop\Dota 2.url [2013.05.21 01:09:04 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.05.21 01:09:03 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.05.20 14:14:01 | 000,047,198 | ---- | C] () -- d:\Users\Dani\Desktop\Kurzfassung.zip [2013.05.18 02:10:17 | 009,514,359 | ---- | C] () -- d:\Users\Dani\Desktop\hiero.jar [2013.05.14 19:39:36 | 002,005,341 | ---- | C] () -- d:\Users\Dani\Desktop\kryonet-2.20.zip [2013.05.11 22:43:25 | 017,698,934 | ---- | C] () -- d:\Users\Dani\Desktop\Medienprojekt_Backup.zip [2013.04.23 21:24:06 | 000,000,056 | ---- | C] () -- d:\Users\Dani\.gitconfig [2013.02.28 07:07:15 | 000,000,000 | ---- | C] () -- d:\Users\Dani\__ng3d.lock [2012.11.20 01:56:54 | 000,000,218 | ---- | C] () -- d:\Users\Dani\.recently-used.xbel [2012.11.03 01:13:59 | 000,007,604 | ---- | C] () -- d:\Users\Dani\AppData\Local\Resmon.ResmonCfg [2012.08.27 14:30:06 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012.08.12 03:08:58 | 000,003,072 | ---- | C] () -- d:\Users\Dani\AppData\Local\file__0.localstorage [2012.08.10 00:46:52 | 001,593,956 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.08.10 00:10:00 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat [2012.08.10 00:09:18 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2012.08.10 00:09:18 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.03.02 21:19:51 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Audacity [2013.04.09 18:30:45 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Bitcoin [2013.04.14 00:01:25 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\DAEMON Tools Lite [2013.04.05 19:31:17 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\e-academy Inc [2012.11.20 01:47:08 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\gtk-2.0 [2013.02.05 22:18:30 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Line 6 [2012.08.10 00:42:32 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\LolClient [2012.11.20 01:16:41 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\MonoDevelop-3.0 [2012.10.02 17:53:45 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\MonoDevelop-Unity-2.8 [2012.10.02 17:52:47 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\PACE Anti-Piracy [2013.04.04 16:04:35 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\raidcall [2012.11.20 00:57:18 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\stetic [2012.10.05 01:22:43 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\TeamViewer [2012.10.22 18:57:15 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Trillian [2013.06.05 17:48:37 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\TS3Client [2012.08.15 01:09:41 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\ts3overlay [2012.10.02 17:53:23 | 000,000,000 | ---D | M] -- d:\Users\Dani\AppData\Roaming\Unity ========== Purity Check ========== < End of report > |
|
05.06.2013, 19:24
| #11 |
| /// TB-Ausbilder | Sporadische Adf.ly-Popups, Verdacht auf Rootkit Ja führe den Rechner noch ein bisschen im Internet spazieren und teile mir dann mit, ob das Zeugs nachhaltig verschwunden ist. Der Adobe-Reader muss noch geupdatet werden: Die Version deines Adobe PDF Readers ist veraltet, wir müssen ihn updaten:
Überprüfe dann mit diesem Plugin-Check (mit dem Firefox hier), ob nun alle deine verwendeten Versionen aktuell sind und update sie anderenfalls.
__________________ cheers, Leo |
|
05.06.2013, 22:12
| #12 |
| | Sporadische Adf.ly-Popups, Verdacht auf Rootkit Danke für den Hinweis, hab ich sofort erledigt. Bisher kein einziger Popup. |
|
05.06.2013, 22:27
| #13 |
| /// TB-Ausbilder | Sporadische Adf.ly-Popups, Verdacht auf Rootkit Ok, dann räumen wir hier mal auf. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
05.06.2013, 22:46
| #14 |
| | Sporadische Adf.ly-Popups, Verdacht auf Rootkit So. Der Cleanup wäre auch ausgeführt. Dachte schon "Na toll, jetzt muss ich das ganze Zeug wieder einzeln entfernen". Aber sogar dafür ist ja gesorgt.Ich danke dir! Ein großes Lob an dich und das ganze Forum. Habe euch eine kleine Spende zukommen lassen. Eine Frage hätte ich noch. Was war das nun genau was das ausgelöst hat? Wurde da an Firefox etwas geändert? Ein Prozess im Hintergrund war es ja anscheinend nicht, oder? //Edit: Zu früh gefreut. Gerade kam wieder ein Popup. Dieses mal Adlock.in. Ich werde noch verrückt. :| Geändert von Deeee (05.06.2013 um 23:25 Uhr) |
|
06.06.2013, 11:46
| #15 |
| /// TB-Ausbilder | Sporadische Adf.ly-Popups, Verdacht auf Rootkit Ach wie mühsam. Teste bitte auch andere Browser als den Firefox, ob es dort auch auftritt. Und gibt es ein Muster, wann diese Popus erscheinen? Immer auf denselben Seiten, oder komplett zufällig?
__________________ cheers, Leo |
|
| Themen zu Sporadische Adf.ly-Popups, Verdacht auf Rootkit |
| .com, adf.ly, aswmbr, blockiert, bonjour, browser, classpnp.sys, computer, device driver, explorer, fontcache, frage, galaxy, google, hal.dll, langsam, malware, netgear, nicht möglich, nvidia, object, performance, policyagent, popups, problem, registry, rootkit, scan, security, server, sicherheit, system, temp, trotz adblocker, trustedinstaller, usbport.sys, visual studio, wlansvc, wsearch |
Textbox. 
Linear-Darstellung
