avast! meldet potenzielles Rootkit "SVC:SystemStoreService"

Spaßvogel · 29.06.2013, 00:49

Hab mit Schrecken eine Nachricht von avast! aufpoppen sehen.

SVC:SystemStoreService C:\Program (mögliches Rootkit gefunden)

Recherche im Netz hat nur wage Hinweise ergeben aber keine konkreten Aussagen.
Das Wort "Freemium" tauchte unter den Suchergebnissen mehrmals auf.
Hatte kurz vor der Meldung Freemium Free Driver Scout probeweise installiert und da gab es eine Funktion für einen Wiederherstellungsmodus vor der Suche nach neuen Treibern.
Der Download war von Chip.de, sprich keine ominöse Seite.
Allerdings hat das Programm trotzdem eine Toolbar und zwei weitere Adware Programme frech mit installiert.

Bitte helft mir weiter. Was könnte das zu bedeuten haben und sollte ich meinen Rechner lieber neu aufsetzen?

aharonov · 29.06.2013, 01:17

Hallo,

ich denk nicht, dass das ein Rootkit ist, sondern eher was aus der Kategorie "lästige Adware".
Aber lass uns mal reinschauen:

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

Spaßvogel · 29.06.2013, 10:22

Hier die Ergebnisse:

Da die Log Dateien eure maximal hochladbare Größe überschreiten, musste ich sie mit 7-Zip packen

aharonov · 29.06.2013, 10:44

Kannst du die Logfiles bitte nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].
Dann sollte es auch mit der Grösse klappen. Danke.

Spaßvogel · 29.06.2013, 10:57

Neuer Versuch:

Code:

ATTFilter

OTL logfile created on: 29.06.2013 02:23:26 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,44 Gb Available Physical Memory | 68,86% Memory free
15,79 Gb Paging File | 13,03 Gb Available in Paging File | 82,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 31,46 Gb Free Space | 31,49% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 74,60 Gb Free Space | 74,60% Space Free | Partition Type: NTFS
Drive E: | 98,09 Gb Total Space | 6,57 Gb Free Space | 6,69% Space Free | Partition Type: NTFS
Drive F: | 465,75 Gb Total Space | 59,24 Gb Free Space | 12,72% Space Free | Partition Type: NTFS
Drive G: | 465,75 Gb Total Space | 159,70 Gb Free Space | 34,29% Space Free | Partition Type: NTFS
Drive H: | 465,75 Gb Total Space | 80,35 Gb Free Space | 17,25% Space Free | Partition Type: NTFS
Drive I: | 465,75 Gb Total Space | 30,04 Gb Free Space | 6,45% Space Free | Partition Type: NTFS
Drive J: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: SILENTBOB-PC | User Name: Silent Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.06.29 02:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2013.06.25 22:22:27 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.06.25 22:20:47 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.06.07 23:21:30 | 000,124,416 | ---- | M] (VideoLAN) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.02.22 08:56:58 | 000,364,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013.02.22 08:56:36 | 000,167,736 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.09.27 16:23:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.09.13 01:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012.09.13 01:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.25 22:22:27 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.06.25 22:20:48 | 002,244,504 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013.06.25 22:20:48 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2013.06.25 22:20:48 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2013.06.07 23:22:22 | 002,376,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MOD - [2013.06.07 23:22:20 | 011,387,904 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
MOD - [2013.06.07 23:22:14 | 000,221,696 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
MOD - [2013.06.07 23:22:14 | 000,086,528 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
MOD - [2013.06.07 23:22:14 | 000,084,992 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2013.06.07 23:22:14 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
MOD - [2013.06.07 23:22:14 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
MOD - [2013.06.07 23:22:12 | 000,968,704 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
MOD - [2013.06.07 23:22:12 | 000,387,584 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
MOD - [2013.06.07 23:22:12 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
MOD - [2013.06.07 23:22:12 | 000,074,752 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
MOD - [2013.06.07 23:22:12 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
MOD - [2013.06.07 23:22:10 | 001,759,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
MOD - [2013.06.07 23:22:10 | 001,338,880 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
MOD - [2013.06.07 23:22:10 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
MOD - [2013.06.07 23:22:10 | 000,279,552 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
MOD - [2013.06.07 23:22:10 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
MOD - [2013.06.07 23:22:10 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
MOD - [2013.06.07 23:22:08 | 008,026,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
MOD - [2013.06.07 23:22:08 | 000,393,728 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
MOD - [2013.06.07 23:22:04 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll
MOD - [2013.06.07 23:22:04 | 000,181,248 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
MOD - [2013.06.07 23:22:04 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
MOD - [2013.06.07 23:22:04 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
MOD - [2013.06.07 23:22:04 | 000,072,704 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
MOD - [2013.06.07 23:22:02 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
MOD - [2013.06.07 23:22:02 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat32_mixer_plugin.dll
MOD - [2013.06.07 23:22:00 | 000,403,968 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
MOD - [2013.06.07 23:21:58 | 000,335,872 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
MOD - [2013.06.07 23:21:58 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
MOD - [2013.06.07 23:21:58 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
MOD - [2013.06.07 23:21:56 | 000,107,520 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
MOD - [2013.06.07 23:21:56 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
MOD - [2013.06.07 23:21:56 | 000,072,192 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libconverter_fixed_plugin.dll
MOD - [2013.06.07 23:21:56 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
MOD - [2013.06.07 23:21:54 | 001,551,872 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
MOD - [2013.06.07 23:21:54 | 001,405,440 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
MOD - [2013.06.07 23:21:54 | 000,164,864 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
MOD - [2013.06.07 23:21:54 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
MOD - [2013.06.07 23:21:54 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
MOD - [2013.06.07 23:21:54 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
MOD - [2013.06.07 23:21:54 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
MOD - [2013.06.07 23:21:54 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
MOD - [2013.06.07 23:21:54 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
MOD - [2013.06.07 23:21:48 | 001,285,120 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
MOD - [2013.06.07 23:21:48 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
MOD - [2013.06.07 23:21:48 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll
MOD - [2013.06.07 23:21:46 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
MOD - [2013.06.07 23:21:46 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
MOD - [2013.06.07 23:21:44 | 000,740,352 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
MOD - [2013.06.07 23:21:44 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
MOD - [2013.06.07 23:21:44 | 000,091,136 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
MOD - [2013.06.07 23:21:44 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
MOD - [2013.06.07 23:21:44 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
MOD - [2013.06.07 23:21:44 | 000,076,800 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
MOD - [2013.06.07 23:21:44 | 000,075,264 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
MOD - [2013.06.07 23:21:44 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
MOD - [2013.06.07 23:21:44 | 000,073,216 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
MOD - [2013.06.07 23:21:44 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
MOD - [2013.06.07 23:21:44 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
MOD - [2013.06.07 23:21:42 | 000,115,712 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
MOD - [2013.06.07 23:21:42 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll
MOD - [2013.06.07 23:21:40 | 000,293,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
MOD - [2013.06.07 23:21:40 | 000,282,112 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
MOD - [2013.06.07 23:21:40 | 000,081,408 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
MOD - [2013.06.07 23:21:38 | 000,224,768 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
MOD - [2013.06.07 23:21:38 | 000,134,656 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
MOD - [2013.06.07 23:21:38 | 000,120,320 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
MOD - [2013.06.07 23:21:38 | 000,079,360 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
MOD - [2013.06.07 23:21:38 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
MOD - [2013.06.07 23:21:34 | 000,229,888 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
MOD - [2013.06.07 23:21:34 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
MOD - [2013.06.07 23:21:34 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
MOD - [2013.06.07 23:21:34 | 000,108,032 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
MOD - [2013.06.07 23:21:32 | 000,693,760 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_dash_plugin.dll
MOD - [2013.06.07 23:21:32 | 000,469,504 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_httplive_plugin.dll
MOD - [2013.06.07 23:21:30 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MOD - [2013.06.07 23:21:30 | 000,071,168 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libstream_filter_record_plugin.dll
MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.10.10 22:22:54 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2012.09.13 01:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012.09.13 01:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2012.09.13 01:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2012.09.13 01:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2012.09.13 01:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2012.09.13 01:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2012.09.13 01:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.26 21:42:25 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.12.30 07:39:40 | 004,889,032 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2013.06.19 20:04:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.06.03 16:54:06 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.04.16 22:06:49 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.03.22 10:14:30 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013.02.22 08:56:58 | 000,364,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013.02.22 08:56:36 | 000,167,736 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013.02.08 20:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012.12.10 14:31:44 | 000,803,872 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV - [2012.12.10 14:31:28 | 000,732,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.09.27 16:23:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011.11.20 20:47:49 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.27 22:55:28 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.06.27 22:55:28 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.06.27 22:55:28 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.06.12 15:21:28 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.04.10 11:09:24 | 000,849,992 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013.03.12 15:10:52 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013.03.08 19:10:18 | 005,358,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.02.15 16:17:02 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013.01.03 10:17:48 | 000,043,400 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2013.01.03 10:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013.01.03 10:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.11.15 03:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012.09.21 21:04:24 | 000,024,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012.09.21 21:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012.09.21 21:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.16 16:08:36 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.08.16 16:08:34 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.08.13 22:07:13 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.08.13 22:07:13 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.07.20 12:12:34 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012.07.20 12:12:00 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012.06.29 15:04:40 | 000,046,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012.04.26 21:43:08 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.04.26 21:42:52 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.26 21:42:52 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.26 21:42:28 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.22 14:14:54 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2011.11.22 14:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011.10.31 23:13:27 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.10.31 23:13:27 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.09.28 15:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.08.18 01:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.25 17:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2009.03.25 17:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic)
DRV:64bit: - [2009.03.25 17:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV:64bit: - [2009.03.25 17:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2009.03.25 17:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus)
DRV:64bit: - [2009.03.25 17:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5)
DRV:64bit: - [2009.03.25 17:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2008.07.26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008.07.26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008.07.26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 18 98 20 88 9A CD 01  [binary data]
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 18 98 20 88 9A CD 01  [binary data]
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.chip.de"
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.10
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2:  File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0:  File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0:  File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72:  File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Silent Bob\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.03.02 03:16:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.19 20:07:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.06 20:52:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.10.15 19:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\Extensions
[2013.06.29 01:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\Firefox\Profiles\csmmtx5f.default\extensions
[2013.06.20 21:16:03 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\Firefox\Profiles\csmmtx5f.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013.06.17 18:21:32 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\Firefox\Profiles\csmmtx5f.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.05.16 23:35:05 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\Firefox\Profiles\csmmtx5f.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.10.13 10:34:44 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\Firefox\Profiles\csmmtx5f.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.06.29 01:36:51 | 000,321,549 | ---- | M] () (No name found) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\firefox\profiles\csmmtx5f.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
[2013.06.24 16:48:43 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\firefox\profiles\csmmtx5f.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.08 18:53:20 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\firefox\profiles\csmmtx5f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.05 01:57:58 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\firefox\profiles\csmmtx5f.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.06.28 14:08:13 | 000,010,530 | ---- | M] () -- C:\Users\Silent Bob\AppData\Roaming\mozilla\firefox\profiles\csmmtx5f.default\searchplugins\duckduckgo.xml
[2013.05.14 23:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.25 22:22:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.03.02 03:16:16 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT
 
O1 HOSTS File: ([2013.06.29 01:02:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001..\Run: [Spotify Web Helper] C:\Users\Silent Bob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013..\Run: [Spotify Web Helper] C:\Users\Silent Bob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Silent Bob\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Silent Bob\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.5.0.cab (SysInfo Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{102350CD-F54E-4F65-B873-DC1AA80D2AEB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.29 01:20:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.29 00:54:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.29 00:54:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.29 00:54:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.29 00:54:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.29 00:54:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.29 00:54:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.28 14:27:10 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.06.28 14:27:08 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\IrfanView
[2013.06.28 14:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2013.06.28 14:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2013.06.25 16:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.06.25 16:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.06.23 21:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaInfo Lite
[2013.06.23 21:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaInfo Lite
[2013.06.23 13:53:07 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\Arrowhead
[2013.06.23 12:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2013.06.23 12:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2013.06.22 16:06:05 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\Sierra
[2013.06.22 00:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2013.06.19 21:11:41 | 000,144,896 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\IntelOpenCL64.dll
[2013.06.19 21:11:37 | 000,104,448 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\IntelOpenCL32.dll
[2013.06.19 20:57:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.06.19 20:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.06.19 20:57:28 | 002,102,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.06.19 20:57:27 | 002,797,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.06.19 20:57:27 | 001,659,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.06.19 20:57:27 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.06.19 20:57:27 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.06.19 20:57:27 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.06.19 20:57:27 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.06.19 20:57:27 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.06.19 20:57:26 | 003,693,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.06.19 20:57:26 | 001,284,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.06.19 20:57:26 | 000,991,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.06.19 20:57:26 | 000,613,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2013.06.19 20:57:26 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.06.19 20:57:26 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.06.19 20:57:26 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.06.19 20:57:26 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.06.19 20:57:26 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.06.19 20:57:26 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.06.19 20:57:26 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.06.19 20:57:26 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013.06.19 20:57:25 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll
[2013.06.19 20:57:25 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll
[2013.06.19 20:57:25 | 000,628,504 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBTHX64.dll
[2013.06.19 20:57:25 | 000,563,992 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBTHX32.dll
[2013.06.19 20:57:25 | 000,135,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013.06.19 20:57:25 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll
[2013.06.19 20:57:25 | 000,032,344 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\MBfilt64.sys
[2013.06.19 20:57:24 | 002,032,408 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013.06.19 20:57:24 | 000,910,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.06.19 20:57:23 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.06.19 20:57:21 | 002,734,624 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.06.19 20:57:21 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013.06.19 20:57:20 | 000,208,072 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.06.19 20:57:20 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.06.19 20:55:46 | 000,108,104 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2013.06.19 20:55:46 | 000,073,800 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2013.06.19 20:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2013.06.19 20:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0
[2013.06.19 20:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4.0
[2013.06.19 20:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.06.19 20:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
[2013.06.19 20:03:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDA
[2013.06.19 19:44:26 | 000,312,232 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.06.19 19:44:20 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.06.19 19:44:20 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.06.19 19:44:20 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.06.19 19:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.06.19 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.06.19 19:43:25 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.19 19:43:21 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.19 19:43:21 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.19 19:43:21 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.19 19:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.06.19 19:41:04 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\foobar2000
[2013.06.19 19:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
[2013.06.19 19:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013.06.19 17:43:10 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\SystemRequirementsLab
[2013.06.18 21:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013.06.18 21:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013.06.16 12:15:34 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.16 12:15:34 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.14 15:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickSFV
[2013.06.13 12:55:01 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.13 12:55:01 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.13 12:55:01 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.13 12:55:01 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.13 12:55:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.13 12:55:01 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.13 12:55:01 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.13 12:55:01 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.13 12:55:01 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.13 12:55:00 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.13 12:54:59 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.13 12:54:59 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.13 12:54:59 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.12 20:02:47 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\Warner Bros. Interactive Entertainment
[2013.06.12 15:21:28 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013.06.12 15:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.06.12 15:21:27 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\DAEMON Tools Lite
[2013.06.12 15:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013.06.12 15:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.06.12 14:39:38 | 000,016,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2013.06.12 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.06.12 14:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.06.12 14:39:08 | 000,064,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys
[2013.06.12 14:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftwareUpdater
[2013.06.12 13:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater
[2013.06.12 13:58:37 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Local\DownloadGuide
[2013.06.12 13:02:41 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.12 13:02:41 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.12 13:02:37 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.12 13:02:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.12 13:02:34 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.12 13:02:32 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.12 13:02:32 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.12 13:02:31 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.12 13:02:31 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.12 13:02:31 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.12 13:02:31 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.12 13:02:27 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.12 13:02:27 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.11 21:35:16 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\vlc
[2013.06.11 21:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.06 14:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.06 14:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.06 14:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.06.06 14:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.06 14:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.06.04 23:27:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.06.04 23:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2013.06.04 23:25:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013.06.04 23:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.06.03 21:34:46 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\Kalypso Media
[2013.06.03 19:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM
[2013.06.03 19:27:17 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\ScummVM
[2013.06.03 19:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScummVM
[2013.06.03 08:51:23 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\Documents\Remedy
[2013.05.31 12:15:09 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\Rovio
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[11 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.29 01:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.29 01:02:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.29 00:43:07 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.29 00:43:07 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.29 00:35:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.29 00:35:14 | 2064,003,071 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.28 14:23:56 | 000,001,105 | ---- | M] () -- C:\Users\Silent Bob\Desktop\KeePass 2.lnk
[2013.06.27 22:55:28 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.06.27 22:55:28 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.06.27 22:55:28 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.06.27 22:55:28 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.27 22:55:28 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.27 22:55:28 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.26 23:27:33 | 000,000,620 | ---- | M] () -- C:\Windows\wiso.ini
[2013.06.25 22:00:41 | 000,026,183 | ---- | M] () -- C:\Users\Silent Bob\Documents\Protokoll_25.06.13.odt
[2013.06.25 16:33:02 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.24 22:55:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.23 12:27:40 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2013.06.22 00:20:27 | 000,001,186 | ---- | M] () -- C:\Users\Silent Bob\Desktop\CrystalDiskInfo.lnk
[2013.06.21 19:26:15 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.21 19:26:15 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.21 19:26:15 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.21 19:26:15 | 000,149,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.21 19:26:15 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.19 21:15:07 | 000,018,680 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013.06.19 20:13:38 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk
[2013.06.19 20:04:44 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.19 20:04:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.19 20:03:52 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2013.06.19 19:44:18 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.06.19 19:44:17 | 001,093,032 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2013.06.19 19:44:17 | 000,972,712 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.06.19 19:44:17 | 000,312,232 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.06.19 19:44:17 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.06.19 19:44:17 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.06.19 19:43:15 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.06.19 19:43:14 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.06.19 19:43:14 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.06.19 19:43:14 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.06.19 19:43:14 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.06.19 19:43:14 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.06.19 19:41:01 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2013.06.18 21:14:02 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013.06.14 15:00:19 | 000,000,963 | ---- | M] () -- C:\Users\Silent Bob\Desktop\QuickSFV.lnk
[2013.06.12 15:21:28 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013.06.12 15:21:28 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.06.12 14:36:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 15:13:53 | 000,001,025 | ---- | M] () -- C:\Users\Silent Bob\Desktop\ScummVM.lnk
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.06 14:48:39 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.05 00:32:45 | 000,006,144 | ---- | M] () -- C:\Users\Silent Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.03 19:52:59 | 000,001,308 | ---- | M] () -- C:\Users\Silent Bob\Desktop\Miranda x64.lnk
[2013.06.02 20:22:33 | 000,001,190 | ---- | M] () -- C:\Users\Silent Bob\Desktop\GeekUninstaller.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[11 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.29 00:54:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.29 00:54:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.29 00:54:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.29 00:54:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.29 00:54:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.28 14:23:56 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2013.06.28 14:23:56 | 000,001,105 | ---- | C] () -- C:\Users\Silent Bob\Desktop\KeePass 2.lnk
[2013.06.27 22:55:28 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.26 22:17:45 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.26 22:17:43 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.25 20:53:29 | 000,026,183 | ---- | C] () -- C:\Users\Silent Bob\Documents\Protokoll_25.06.13.odt
[2013.06.25 16:33:02 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.23 12:27:40 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2013.06.22 00:20:27 | 000,001,186 | ---- | C] () -- C:\Users\Silent Bob\Desktop\CrystalDiskInfo.lnk
[2013.06.19 21:15:07 | 000,018,680 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013.06.19 20:57:27 | 003,180,264 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2013.06.19 20:57:26 | 000,449,481 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.06.19 20:07:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.06.19 20:03:52 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2013.06.19 19:41:01 | 000,001,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2013.06.19 19:41:01 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2013.06.18 21:14:02 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013.06.14 15:00:19 | 000,000,963 | ---- | C] () -- C:\Users\Silent Bob\Desktop\QuickSFV.lnk
[2013.06.12 15:21:28 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.06.12 14:36:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf
[2013.06.08 15:13:53 | 000,001,025 | ---- | C] () -- C:\Users\Silent Bob\Desktop\ScummVM.lnk
[2013.06.03 19:52:59 | 000,001,308 | ---- | C] () -- C:\Users\Silent Bob\Desktop\Miranda x64.lnk
[2013.06.02 20:22:33 | 000,001,190 | ---- | C] () -- C:\Users\Silent Bob\Desktop\GeekUninstaller.lnk
[2013.05.09 15:54:47 | 000,001,972 | ---- | C] () -- C:\Users\Silent Bob\AppData\Local\recently-used.xbel
[2013.04.01 11:50:49 | 000,004,507 | ---- | C] () -- C:\Users\Silent Bob\AppData\Roaming\CamStudio.cfg
[2013.04.01 11:50:49 | 000,000,408 | ---- | C] () -- C:\Users\Silent Bob\AppData\Roaming\CamShapes.ini
[2013.04.01 11:50:49 | 000,000,408 | ---- | C] () -- C:\Users\Silent Bob\AppData\Roaming\CamLayout.ini
[2013.04.01 11:50:49 | 000,000,096 | ---- | C] () -- C:\Users\Silent Bob\AppData\Roaming\Camdata.ini
[2013.03.21 23:02:55 | 000,000,620 | ---- | C] () -- C:\Windows\wiso.ini
[2013.03.08 19:10:10 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013.02.08 00:23:30 | 000,012,918 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2012.12.12 15:47:04 | 000,200,704 | ---- | C] () -- C:\Users\Silent Bob\37_Grad-Abgestürzt-121211_abgestuerzt_37g_1596k_p13v9.mp4.flv
[2012.12.10 14:12:50 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012.11.30 00:36:35 | 000,112,724 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.11.07 14:33:46 | 000,003,507 | ---- | C] () -- C:\Users\Silent Bob\ESt2009_Simmler_Carsten.elfo
[2012.11.07 14:32:32 | 000,003,507 | ---- | C] () -- C:\Users\Silent Bob\ESt2010_Simmler_Carsten.elfo
[2012.11.07 14:29:40 | 000,003,507 | ---- | C] () -- C:\Users\Silent Bob\ESt2011.elfo
[2012.10.10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.10.09 20:41:01 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2012.09.21 21:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.09.21 21:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.09.21 21:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.08.06 09:58:34 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.08.06 09:58:34 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.07.17 18:04:19 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.07.07 07:51:24 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.07.05 14:05:04 | 000,017,408 | ---- | C] () -- C:\Users\Silent Bob\AppData\Local\WebpageIcons.db
[2012.06.26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.06.26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.06.26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.06.26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.03 19:21:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.05.16 18:53:43 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\libmySQL.dll
[2012.05.16 18:53:43 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\TrackerNET.dll
[2012.05.16 18:26:49 | 000,000,057 | ---- | C] () -- C:\Windows\sierra.ini
[2012.04.26 21:43:46 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.26 21:43:00 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.26 21:42:41 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.19 23:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.14 19:27:45 | 038,878,994 | ---- | C] () -- C:\Users\Silent Bob\AppData\Local\Tempmusic.ogg
[2012.02.23 18:09:51 | 000,070,911 | ---- | C] () -- C:\Users\Silent Bob\AppData\Roaming\icarus-dxdiag.xml
[2011.12.23 23:31:13 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.12.13 23:34:00 | 001,593,956 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.28 18:16:08 | 000,006,144 | ---- | C] () -- C:\Users\Silent Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.19 20:37:48 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.19 20:37:47 | 002,506,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_new_5-9-08.exe
[2011.10.19 20:37:47 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.15 15:03:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:A02025CE

< End of report >

aharonov · 29.06.2013, 11:02

Warum wurde Combofix ausgeführt? Poste bitte das Log dazu (C:\Combofix.txt).

Spaßvogel · 29.06.2013, 11:02

Keine Chance bei der "Extras.txt" über 150000 Zeichen

aharonov · 29.06.2013, 11:02

Ok, dann packe die Extras in ein *.zip-File und hänge es an.

Spaßvogel · 29.06.2013, 11:04

Combofix hab ich in einem Anflug von Panik ausgeführt

Code:

ATTFilter

ComboFix 13-06-28.02 - Silent Bob 29.06.2013   0:57.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8086.5558 [GMT 2:00]
ausgeführt von:: e:\downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-28 bis 2013-06-28  ))))))))))))))))))))))))))))))
.
.
2013-06-28 12:27 . 2013-06-28 12:27	--------	d-----w-	c:\users\Silent Bob\AppData\Roaming\IrfanView
2013-06-28 12:27 . 2013-06-28 12:27	--------	d-----w-	c:\program files (x86)\IrfanView
2013-06-28 12:23 . 2013-06-28 12:25	--------	d-----w-	c:\program files (x86)\KeePass Password Safe 2
2013-06-28 10:59 . 2013-06-12 03:08	9552976	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DFC562DD-69D5-435F-8E98-4A83B416102B}\mpengine.dll
2013-06-25 15:34 . 2013-06-25 15:34	--------	d-----w-	c:\program files\GIMP 2
2013-06-25 14:33 . 2013-06-25 14:33	--------	d-----w-	c:\program files\CCleaner
2013-06-23 19:40 . 2013-06-23 19:40	--------	d-----w-	c:\program files (x86)\MediaInfo Lite
2013-06-23 11:53 . 2013-06-23 11:53	--------	d-----w-	c:\users\Silent Bob\AppData\Roaming\Arrowhead
2013-06-23 11:53 . 2013-06-23 11:53	--------	d-----w-	c:\windows\9530AE42DAE146199594B23487285D17.TMP
2013-06-23 10:27 . 2013-06-23 10:27	--------	d-----w-	c:\program files (x86)\Mp3tag
2013-06-22 14:06 . 2013-06-22 14:06	--------	d-----w-	c:\users\Silent Bob\AppData\Roaming\Sierra
2013-06-19 19:11 . 2012-05-15 05:13	144896	----a-w-	c:\windows\system32\IntelOpenCL64.dll
2013-06-19 19:11 . 2012-05-15 04:20	104448	----a-w-	c:\windows\SysWow64\IntelOpenCL32.dll
2013-06-19 18:55 . 2013-04-10 03:09	73800	----a-w-	c:\windows\system32\RtNicProp64.dll
2013-06-19 18:55 . 2013-04-10 03:09	108104	----a-w-	c:\windows\system32\RTNUninst64.dll
2013-06-19 18:34 . 2013-06-19 18:34	--------	d-----w-	c:\program files (x86)\SystemRequirementsLab
2013-06-19 18:13 . 2013-06-19 18:13	--------	d-----w-	c:\program files (x86)\LibreOffice 4.0
2013-06-19 18:07 . 2013-06-19 18:07	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2013-06-19 18:03 . 2013-06-19 18:03	--------	d-----w-	c:\program files (x86)\SDA
2013-06-19 17:44 . 2013-06-19 17:44	312232	----a-w-	c:\windows\system32\javaws.exe
2013-06-19 17:44 . 2013-06-19 17:44	108968	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2013-06-19 17:44 . 2013-06-19 17:44	189352	----a-w-	c:\windows\system32\javaw.exe
2013-06-19 17:44 . 2013-06-19 17:44	188840	----a-w-	c:\windows\system32\java.exe
2013-06-19 17:44 . 2013-06-19 17:44	--------	d-----w-	c:\program files\Java
2013-06-19 17:43 . 2013-06-19 17:43	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-06-19 17:43 . 2013-06-19 17:43	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-19 17:43 . 2013-06-19 17:43	--------	d-----w-	c:\program files (x86)\Java
2013-06-19 17:41 . 2013-06-27 21:08	--------	d-----w-	c:\users\Silent Bob\AppData\Roaming\foobar2000
2013-06-19 17:41 . 2013-06-19 17:41	--------	d-----w-	c:\program files (x86)\foobar2000
2013-06-19 17:36 . 2013-06-19 17:36	--------	d-----w-	c:\programdata\IObit
2013-06-19 15:43 . 2013-06-19 15:43	--------	d-----w-	c:\users\Silent Bob\SystemRequirementsLab
2013-06-18 19:14 . 2013-06-18 19:14	--------	d-----w-	c:\program files\Speccy
2013-06-14 13:00 . 2013-06-14 13:00	--------	d-----w-	c:\program files\QuickSFV
2013-06-13 10:54 . 2013-05-17 00:58	855552	----a-w-	c:\windows\system32\jscript.dll
2013-06-13 10:54 . 2013-05-17 00:58	3958784	----a-w-	c:\windows\system32\jscript9.dll
2013-06-13 10:54 . 2013-05-17 01:25	2877440	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-06-13 10:54 . 2013-05-17 00:58	148992	----a-w-	c:\program files\Internet Explorer\jsdebuggeride.dll
2013-06-13 10:54 . 2013-05-17 01:25	817664	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-13 10:54 . 2013-05-17 01:25	108032	----a-w-	c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-06-13 10:54 . 2013-05-17 00:58	1084928	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-06-13 10:54 . 2013-05-17 01:25	1767936	----a-w-	c:\windows\SysWow64\wininet.dll
2013-06-13 10:54 . 2013-05-17 00:58	53248	----a-w-	c:\windows\system32\jsproxy.dll
2013-06-13 10:54 . 2013-05-17 00:59	2241024	----a-w-	c:\windows\system32\wininet.dll
2013-06-12 18:02 . 2013-06-12 18:02	--------	d-----w-	c:\users\Silent Bob\AppData\Roaming\Warner Bros. Interactive Entertainment
2013-06-12 13:21 . 2013-06-12 13:21	564824	----a-w-	c:\windows\system32\drivers\sptd.sys
2013-06-12 13:21 . 2013-06-14 13:08	--------	d-----w-	c:\users\Silent Bob\AppData\Roaming\DAEMON Tools Lite
2013-06-12 13:21 . 2013-06-12 13:21	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2013-06-12 13:20 . 2013-06-13 13:54	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2013-06-12 12:39 . 2013-02-15 14:17	16344	----a-w-	c:\windows\system32\drivers\IntelMEFWVer.dll
2013-06-12 12:39 . 2013-06-12 12:39	--------	d-----w-	c:\program files\Intel
2013-06-12 12:39 . 2013-06-12 12:39	--------	d-----w-	c:\program files (x86)\Common Files\postureAgent
2013-06-12 12:39 . 2013-02-15 14:17	64624	----a-w-	c:\windows\system32\drivers\HECIx64.sys
2013-06-12 12:01 . 2013-06-12 12:01	--------	d-----w-	c:\program files (x86)\SoftwareUpdater
2013-06-12 11:59 . 2013-06-28 22:44	--------	d-----w-	c:\program files\SoftwareUpdater
2013-06-12 11:58 . 2013-06-12 11:59	--------	d-----w-	c:\users\Silent Bob\AppData\Local\DownloadGuide
2013-06-11 19:35 . 2013-06-28 16:00	--------	d-----w-	c:\users\Silent Bob\AppData\Roaming\vlc
2013-06-06 12:48 . 2013-06-06 12:48	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-06 12:48 . 2013-06-06 12:48	--------	d-----w-	c:\program files\iTunes
2013-06-06 12:48 . 2013-06-06 12:48	--------	d-----w-	c:\program files (x86)\iTunes
2013-06-06 12:48 . 2013-06-06 12:48	--------	d-----w-	c:\program files\iPod
2013-06-04 21:25 . 2013-06-04 21:25	--------	d-----w-	c:\windows\SysWow64\xlive
2013-06-04 21:25 . 2013-06-04 21:25	--------	d-----w-	c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-06-03 19:34 . 2013-06-03 19:34	--------	d-----w-	c:\users\Silent Bob\AppData\Roaming\Kalypso Media
2013-06-03 17:27 . 2013-06-03 17:27	--------	d-----w-	c:\users\Silent Bob\AppData\Roaming\ScummVM
2013-06-03 17:27 . 2013-06-03 17:27	--------	d-----w-	c:\program files (x86)\ScummVM
2013-05-31 10:15 . 2013-05-31 10:15	--------	d-----w-	c:\users\Silent Bob\AppData\Roaming\Rovio
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-27 20:55 . 2013-02-28 12:17	189936	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-27 20:55 . 2012-08-09 20:07	378944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-27 20:55 . 2012-08-09 20:07	1030952	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-19 18:04 . 2012-10-08 23:36	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-19 18:04 . 2012-10-08 23:36	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-19 17:44 . 2012-01-13 11:54	972712	----a-w-	c:\windows\system32\deployJava1.dll
2013-06-19 17:44 . 2012-01-13 11:54	1093032	----a-w-	c:\windows\system32\npdeployJava1.dll
2013-06-19 17:43 . 2012-08-21 16:08	867240	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-06-19 17:43 . 2011-10-15 20:11	789416	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-06-13 10:55 . 2011-10-15 14:35	75825640	----a-w-	c:\windows\system32\MRT.exe
2013-05-24 12:21 . 2013-05-24 12:21	0	----a-w-	c:\windows\SysWow64\FAPFE41.tmp
2013-05-24 12:18 . 2013-05-24 12:18	0	----a-w-	c:\windows\SysWow64\FAPBCBD.tmp
2013-05-12 21:42 . 2013-05-23 22:06	925648	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-05-12 21:42 . 2013-05-23 22:06	7641832	----a-w-	c:\windows\system32\nvopencl.dll
2013-05-12 21:42 . 2013-05-23 22:06	6324360	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-05-12 21:42 . 2013-05-23 22:06	27775776	----a-w-	c:\windows\system32\nvoglv64.dll
2013-05-12 21:42 . 2013-05-23 22:06	218592	----a-w-	c:\windows\system32\nvoglshim64.dll
2013-05-12 21:42 . 2013-05-23 22:06	21096736	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-05-12 21:42 . 2013-05-23 22:06	181488	----a-w-	c:\windows\SysWow64\nvoglshim32.dll
2013-05-12 21:42 . 2013-05-23 22:06	13403168	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-05-12 21:42 . 2013-05-23 22:06	9233688	----a-w-	c:\windows\system32\nvcuda.dll
2013-05-12 21:42 . 2013-05-23 22:06	7682960	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-05-12 21:42 . 2013-05-23 22:06	550176	----a-w-	c:\windows\system32\NvFBC64.dll
2013-05-12 21:42 . 2013-05-23 22:06	518944	----a-w-	c:\windows\system32\NvIFR64.dll
2013-05-12 21:42 . 2013-05-23 22:06	443168	----a-w-	c:\windows\SysWow64\NvFBC.dll
2013-05-12 21:42 . 2013-05-23 22:06	421152	----a-w-	c:\windows\SysWow64\NvIFR.dll
2013-05-12 21:42 . 2013-05-23 22:06	2942240	----a-w-	c:\windows\system32\nvcuvid.dll
2013-05-12 21:42 . 2013-05-23 22:06	2754336	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-05-12 21:42 . 2013-05-23 22:06	2597344	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-05-12 21:42 . 2013-05-23 22:06	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-05-12 21:42 . 2013-05-23 22:06	2363680	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-05-12 21:42 . 2013-05-23 22:06	2002720	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-05-12 21:42 . 2013-05-23 22:06	1832224	----a-w-	c:\windows\system32\nvdispco6432018.dll
2013-05-12 21:42 . 2013-05-23 22:06	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-05-12 21:42 . 2013-05-23 22:06	1511712	----a-w-	c:\windows\system32\nvdispgenco6432018.dll
2013-05-12 21:42 . 2013-05-23 22:06	12426216	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-05-12 21:42 . 2013-05-23 22:06	11216160	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-05-12 21:42 . 2012-12-21 13:18	266448	----a-w-	c:\windows\system32\nvinitx.dll
2013-05-12 21:42 . 2012-12-21 13:18	214448	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-05-12 21:42 . 2012-10-10 20:23	15143904	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-05-12 21:42 . 2012-10-10 20:23	2935696	----a-w-	c:\windows\system32\nvapi64.dll
2013-05-12 21:42 . 2012-10-10 20:23	1059560	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-05-12 21:42 . 2012-10-10 20:23	15910736	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-05-12 20:34 . 2012-12-21 13:11	6491936	----a-w-	c:\windows\system32\nvcpl.dll
2013-05-12 20:34 . 2012-12-21 13:11	3514656	----a-w-	c:\windows\system32\nvsvc64.dll
2013-05-12 20:34 . 2012-12-21 13:11	884512	----a-w-	c:\windows\system32\nvvsvc.exe
2013-05-12 20:34 . 2012-12-21 13:11	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-05-12 20:34 . 2012-12-21 13:11	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-05-12 20:34 . 2012-12-21 13:11	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-05-12 13:43 . 2013-05-12 13:43	566048	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-05-09 08:59 . 2013-02-28 12:17	65336	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-08-09 20:07	72016	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-08-09 20:07	64288	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-08-09 20:07	33400	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-08-09 20:07	80816	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-08-09 20:06	41664	----a-w-	c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-10-15 17:47	287840	----a-w-	c:\windows\system32\aswBoot.exe
2013-05-08 14:13 . 2012-12-21 13:11	3165737	----a-w-	c:\windows\system32\nvcoproc.bin
2013-05-02 00:06 . 2011-10-15 13:39	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-20 12:38 . 2013-04-20 12:38	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-16 10:58	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 10:58	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 10:58	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 10:58	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 10:58	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 10:58	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 11:04	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-10 09:09 . 2013-04-10 09:09	849992	----a-w-	c:\windows\system32\drivers\Rt64win7.sys
2013-04-10 06:01 . 2013-05-16 10:58	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-16 10:58	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-16 10:58	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-04-01 06:06 . 2013-04-10 15:51	2079816	----a-w-	c:\windows\RtlExUpd.dll
2013-03-31 20:32 . 2011-10-27 21:32	291088	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-03-31 20:32 . 2011-10-19 18:37	291088	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-03-31 20:32 . 2011-10-19 18:37	280904	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\Silent Bob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-16 1104384]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2013-04-05 1960448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2013\mshaktuell.exe [2013-3-21 1397840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 X6va005;X6va005;c:\users\SILENT~1\AppData\Local\Temp\005AE7F.tmp;c:\users\SILENT~1\AppData\Local\Temp\005AE7F.tmp [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys;c:\windows\SYSNATIVE\drivers\acedrv11.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 18:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-02-21 2991856]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2012-05-22 980920]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-03-29 13513288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-03-22 442352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\Silent Bob\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Silent Bob\AppData\Roaming\Mozilla\Firefox\Profiles\csmmtx5f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.chip.de
FF - ExtSQL: 2013-05-31 17:37; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Silent Bob\AppData\Roaming\Mozilla\Firefox\Profiles\csmmtx5f.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-06-20 21:16; {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}; c:\users\Silent Bob\AppData\Roaming\Mozilla\Firefox\Profiles\csmmtx5f.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - ExtSQL: 2013-06-28 14:08; jid1-ZAdIEUB7XOzOJw@jetpack; c:\users\Silent Bob\AppData\Roaming\Mozilla\Firefox\Profiles\csmmtx5f.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
.
.
------- Dateityp-Verknüpfung -------
.
.txt=Notepad++_file
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-Desura - c:\program files (x86)\Common Files\Desura\\Desura_Uninstaller.exe
AddRemove-Desura_1211180777504 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_58579058950176 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_62350040236064 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_63857573756960 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_64390149701664 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_65884798320672 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_67993627263008 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_68156836020256 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_71721658875936 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_71730248810528 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_72597832204320 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_72898479915040 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_75557064671264 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_76003741270048 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_76222784602144 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_80066780332064 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_81295140978720 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_82265803587616 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_83644488089632 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_84683870175264 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_87836376170528 - c:\program files (x86)\Common Files\Desura\\desura.exe
AddRemove-Desura_89730456748064 - c:\program files (x86)\Common Files\Desura\\desura.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\SILENT~1\AppData\Local\Temp\005AE7F.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-705698695-2889268177-3949787590-1001\Software\SecuROM\License information*]
"datasecu"=hex:8e,60,ca,5c,82,ce,4e,fe,82,53,9a,1f,6a,77,16,03,fb,f3,e7,1c,56,
   51,0d,8f,87,94,b6,f8,03,41,17,bd,4d,53,27,29,44,26,a2,c6,f1,29,92,4a,8c,7f,\
"rkeysecu"=hex:c1,62,63,26,3b,d0,c2,4d,3d,a9,de,43,b6,6c,48,2c
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-29  01:04:28
ComboFix-quarantined-files.txt  2013-06-28 23:04
.
Vor Suchlauf: 8 Verzeichnis(se), 32.614.182.912 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 32.332.148.736 Bytes frei
.
- - End Of File - - 84F5C434FA00C7D5E622D4773A231421
5FB38429D5D77768867C76DCBDB35194

aharonov · 29.06.2013, 11:09

Ok, dann mach mal so weiter:

Schritt 1

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von AdwCleaner
Log von JRT
Log von OTL

Spaßvogel · 29.06.2013, 11:12

JRT.txt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Silent Bob on 29.06.2013 at 10:52:08,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Silent Bob\AppData\Roaming\big fish games"
Successfully deleted: [Empty Folder] C:\Users\Silent Bob\appdata\local\{C7F65E1E-85EA-420F-997F-ACAB35775C75}
Successfully deleted: [Empty Folder] C:\Users\Silent Bob\appdata\local\{D6514AA0-5BB4-43D4-922D-211F50869128}
Successfully deleted: [Empty Folder] C:\Users\Silent Bob\appdata\local\{F59DCAFC-1C84-4308-BC64-DF18DECB5991}



~~~ FireFox

Successfully deleted: [File] "C:\Users\Silent Bob\AppData\Roaming\mozilla\firefox\profiles\csmmtx5f.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi" 
Successfully deleted: [Folder] C:\Users\Silent Bob\AppData\Roaming\mozilla\firefox\profiles\csmmtx5f.default\jetpack
Successfully deleted the following from C:\Users\Silent Bob\AppData\Roaming\mozilla\firefox\profiles\csmmtx5f.default\prefs.js

user_pref("extensions.jid1-ZAdIEUB7XOzOJw@jetpack.ddg_default", true);
Emptied folder: C:\Users\Silent Bob\AppData\Roaming\mozilla\firefox\profiles\csmmtx5f.default\minidumps [197 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.06.2013 at 10:55:57,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner.txt

Code:

ATTFilter

# AdwCleaner v2.302 - Datei am 29/06/2013 um 12:12:05 erstellt
# Aktualisiert am 06/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Silent Bob - SILENTBOB-PC
# Bootmodus : Normal
# Ausgeführt unter : E:\Downloads\Programme\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v22.0 (de)

Datei : C:\Users\Silent Bob\AppData\Roaming\Mozilla\Firefox\Profiles\csmmtx5f.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R18].txt - [736 octets] - [29/06/2013 12:12:05]

########## EOF - C:\AdwCleaner[R18].txt - [796 octets] ##########

OTL.txt Quickscan

Code:

ATTFilter

OTL logfile created on: 29.06.2013 12:14:40 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = E:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,23 Gb Available Physical Memory | 66,29% Memory free
15,79 Gb Paging File | 12,93 Gb Available in Paging File | 81,90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 99,90 Gb Total Space | 31,13 Gb Free Space | 31,16% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 74,60 Gb Free Space | 74,60% Space Free | Partition Type: NTFS
Drive E: | 98,09 Gb Total Space | 6,21 Gb Free Space | 6,33% Space Free | Partition Type: NTFS
Drive F: | 465,75 Gb Total Space | 59,24 Gb Free Space | 12,72% Space Free | Partition Type: NTFS
Drive G: | 465,75 Gb Total Space | 159,70 Gb Free Space | 34,29% Space Free | Partition Type: NTFS
Drive H: | 465,75 Gb Total Space | 80,35 Gb Free Space | 17,25% Space Free | Partition Type: NTFS
Drive I: | 465,75 Gb Total Space | 30,04 Gb Free Space | 6,45% Space Free | Partition Type: NTFS
Drive J: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive M: | 7,46 Gb Total Space | 0,59 Gb Free Space | 7,93% Space Free | Partition Type: FAT32
 
Computer Name: SILENTBOB-PC | User Name: Silent Bob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.06.29 02:22:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2013.06.25 22:22:27 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.06.16 17:24:05 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Silent Bob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.06.13 11:26:40 | 001,799,120 | ---- | M] (Piotr Pawlowski) -- C:\Program Files (x86)\foobar2000\foobar2000.exe
PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.05.05 19:59:06 | 001,716,224 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2013.02.22 08:56:58 | 000,364,856 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013.02.22 08:56:36 | 000,167,736 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2013.02.09 17:24:07 | 000,384,640 | ---- | M] (AppWork GmbH) -- C:\Users\Silent Bob\AppData\Local\JDownloader 2.0\JDownloader2.exe
PRC - [2012.09.27 16:23:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.09.13 01:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2012.09.13 01:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.29 11:24:32 | 002,342,624 | ---- | M] () -- C:\Users\Silent Bob\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-2731925\lib7-Zip-JBinding.dll
MOD - [2013.06.29 11:24:32 | 000,879,630 | ---- | M] () -- C:\Users\Silent Bob\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-2731925\libstdc++-6.dll
MOD - [2013.06.29 11:24:32 | 000,879,630 | ---- | M] () -- C:\Users\Silent Bob\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-2558261\libstdc++-6.dll
MOD - [2013.06.29 11:24:32 | 000,047,972 | ---- | M] () -- C:\Users\Silent Bob\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-2731925\mingwm10.dll
MOD - [2013.06.29 11:24:32 | 000,047,972 | ---- | M] () -- C:\Users\Silent Bob\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-2558261\mingwm10.dll
MOD - [2013.06.29 11:24:32 | 000,043,008 | ---- | M] () -- C:\Users\Silent Bob\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-2731925\libgcc_s_dw2-1.dll
MOD - [2013.06.29 11:24:32 | 000,043,008 | ---- | M] () -- C:\Users\Silent Bob\AppData\Local\JDownloader 2.0\tmp\7zip\SevenZipJBinding-2558261\libgcc_s_dw2-1.dll
MOD - [2013.06.25 22:22:27 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.06.13 11:26:40 | 001,598,944 | ---- | M] () -- C:\Program Files (x86)\foobar2000\avcodec-fb2k-54.dll
MOD - [2013.06.13 11:26:40 | 001,491,944 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
MOD - [2013.06.13 11:26:40 | 000,942,056 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
MOD - [2013.06.13 11:26:40 | 000,198,112 | ---- | M] () -- C:\Program Files (x86)\foobar2000\avutil-fb2k-52.dll
MOD - [2013.06.13 11:26:40 | 000,156,112 | ---- | M] () -- C:\Program Files (x86)\foobar2000\shared.dll
MOD - [2013.06.13 11:12:10 | 000,199,680 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
MOD - [2013.06.13 11:11:54 | 000,290,816 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
MOD - [2013.06.13 11:11:50 | 000,500,224 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_converter.dll
MOD - [2013.05.06 01:15:12 | 001,392,640 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\DSpellCheck.dll
MOD - [2013.05.04 13:57:08 | 000,095,712 | ---- | M] () -- C:\Program Files (x86)\foobar2000\zlib1.dll
MOD - [2013.03.07 11:48:32 | 000,303,104 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
MOD - [2013.02.11 13:28:58 | 000,358,912 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
MOD - [2013.02.11 13:28:58 | 000,198,656 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_dsp_eq.dll
MOD - [2013.02.11 13:28:10 | 000,281,600 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_fileops.dll
MOD - [2013.02.11 13:28:10 | 000,173,056 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_unpack.dll
MOD - [2013.02.11 13:27:56 | 000,298,496 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_freedb2.dll
MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.10.10 22:22:54 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
MOD - [2012.09.13 01:39:18 | 000,336,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2012.09.13 01:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2012.09.13 01:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2012.09.13 01:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2012.09.13 01:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2012.09.13 01:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2012.09.13 01:38:20 | 000,264,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011.09.21 22:46:28 | 001,673,728 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
MOD - [2011.07.18 23:07:28 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.26 21:42:25 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.12.30 07:39:40 | 004,889,032 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2013.06.19 20:04:44 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.06.03 16:54:06 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.05.12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.04.16 22:06:49 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.03.22 10:14:30 | 000,279,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013.02.22 08:56:58 | 000,364,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013.02.22 08:56:36 | 000,167,736 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013.02.08 20:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012.12.10 14:31:44 | 000,803,872 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV - [2012.12.10 14:31:28 | 000,732,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.09.27 16:23:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.04.24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011.11.20 20:47:49 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.27 22:55:28 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.06.27 22:55:28 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.06.27 22:55:28 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.06.12 15:21:28 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.04.10 11:09:24 | 000,849,992 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013.03.12 15:10:52 | 000,342,528 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2013.03.08 19:10:18 | 005,358,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013.02.25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.02.15 16:17:02 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013.01.03 10:17:48 | 000,043,400 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2013.01.03 10:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013.01.03 10:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.11.15 03:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012.09.21 21:04:24 | 000,024,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012.09.21 21:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012.09.21 21:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.16 16:08:36 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.08.16 16:08:34 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.08.13 22:07:13 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.08.13 22:07:13 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.07.20 12:12:34 | 000,029,696 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012.07.20 12:12:00 | 000,044,928 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2012.06.29 15:04:40 | 000,046,016 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012.04.26 21:43:08 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.04.26 21:42:52 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.26 21:42:52 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.26 21:42:28 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.22 14:14:54 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2011.11.22 14:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011.10.31 23:13:27 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.10.31 23:13:27 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.09.28 15:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.08.18 01:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.25 17:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2009.03.25 17:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic)
DRV:64bit: - [2009.03.25 17:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt)
DRV:64bit: - [2009.03.25 17:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2009.03.25 17:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus)
DRV:64bit: - [2009.03.25 17:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5)
DRV:64bit: - [2009.03.25 17:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2008.07.26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008.07.26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008.07.26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 18 98 20 88 9A CD 01  [binary data]
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 18 98 20 88 9A CD 01  [binary data]
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.chip.de"
FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130515
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.10
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2:  File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0:  File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0:  File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72:  File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Silent Bob\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.03.02 03:16:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.06.19 20:07:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.06 20:52:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.10.15 19:33:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\Extensions
[2013.06.29 10:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\Firefox\Profiles\csmmtx5f.default\extensions
[2013.06.20 21:16:03 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\Firefox\Profiles\csmmtx5f.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013.06.17 18:21:32 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\Firefox\Profiles\csmmtx5f.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.05.16 23:35:05 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\Firefox\Profiles\csmmtx5f.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.10.13 10:34:44 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\Firefox\Profiles\csmmtx5f.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.06.24 16:48:43 | 000,534,298 | ---- | M] () (No name found) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\firefox\profiles\csmmtx5f.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.08 18:53:20 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\firefox\profiles\csmmtx5f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.05 01:57:58 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Silent Bob\AppData\Roaming\mozilla\firefox\profiles\csmmtx5f.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.06.28 14:08:13 | 000,010,530 | ---- | M] () -- C:\Users\Silent Bob\AppData\Roaming\mozilla\firefox\profiles\csmmtx5f.default\searchplugins\duckduckgo.xml
[2013.05.14 23:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.06.25 22:22:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.03.02 03:16:16 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT
 
O1 HOSTS File: ([2013.06.29 01:02:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001..\Run: [Spotify Web Helper] C:\Users\Silent Bob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013..\Run: [Spotify Web Helper] C:\Users\Silent Bob\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Silent Bob\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Silent Bob\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1001\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-705698695-2889268177-3949787590-1013\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.5.0.cab (SysInfo Class)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.5.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{102350CD-F54E-4F65-B873-DC1AA80D2AEB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.29 10:52:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.29 10:51:58 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.29 01:20:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.29 00:54:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.29 00:54:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.29 00:54:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.29 00:54:50 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.06.29 00:54:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.29 00:54:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.28 14:27:10 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.06.28 14:27:08 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\IrfanView
[2013.06.28 14:27:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2013.06.28 14:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2013.06.25 16:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.06.25 16:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.06.23 21:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaInfo Lite
[2013.06.23 21:40:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaInfo Lite
[2013.06.23 13:53:07 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\Arrowhead
[2013.06.23 12:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2013.06.23 12:27:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2013.06.22 16:06:05 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\Sierra
[2013.06.22 00:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2013.06.19 20:57:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.06.19 20:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.06.19 20:57:28 | 002,102,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.06.19 20:57:27 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.06.19 20:57:27 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.06.19 20:57:27 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.06.19 20:57:27 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.06.19 20:57:26 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.06.19 20:57:26 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.06.19 20:57:26 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.06.19 20:57:26 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.06.19 20:57:26 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.06.19 20:57:26 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.06.19 20:57:24 | 002,032,408 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013.06.19 20:57:24 | 000,910,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.06.19 20:57:23 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.06.19 20:57:21 | 002,734,624 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.06.19 20:57:21 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013.06.19 20:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2013.06.19 20:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0
[2013.06.19 20:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4.0
[2013.06.19 20:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.06.19 20:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
[2013.06.19 20:03:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDA
[2013.06.19 19:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.06.19 19:43:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.06.19 19:43:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.06.19 19:41:04 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\foobar2000
[2013.06.19 19:41:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\foobar2000
[2013.06.19 19:36:27 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013.06.19 17:43:10 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\SystemRequirementsLab
[2013.06.18 21:14:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2013.06.18 21:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013.06.14 15:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickSFV
[2013.06.12 20:02:47 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\Warner Bros. Interactive Entertainment
[2013.06.12 15:21:28 | 000,564,824 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013.06.12 15:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2013.06.12 15:21:27 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\DAEMON Tools Lite
[2013.06.12 15:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2013.06.12 15:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2013.06.12 14:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.06.12 14:39:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013.06.12 14:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftwareUpdater
[2013.06.12 13:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater
[2013.06.12 13:58:37 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Local\DownloadGuide
[2013.06.11 21:35:16 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\vlc
[2013.06.11 21:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.06 14:48:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.06.06 14:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.06.06 14:48:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013.06.06 14:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.06.06 14:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013.06.04 23:27:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.06.04 23:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2013.06.04 23:25:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013.06.04 23:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.06.03 21:34:46 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\Kalypso Media
[2013.06.03 19:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM
[2013.06.03 19:27:17 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\ScummVM
[2013.06.03 19:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScummVM
[2013.06.03 08:51:23 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\Documents\Remedy
[2013.05.31 12:15:09 | 000,000,000 | ---D | C] -- C:\Users\Silent Bob\AppData\Roaming\Rovio
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[11 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.29 11:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.29 11:44:50 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.29 11:44:50 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.29 11:44:50 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.29 11:44:50 | 000,149,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.29 11:44:50 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.29 09:56:10 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.29 09:56:10 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.29 09:48:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.29 09:48:12 | 2064,003,071 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.29 01:02:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.28 14:23:56 | 000,001,105 | ---- | M] () -- C:\Users\Silent Bob\Desktop\KeePass 2.lnk
[2013.06.27 22:55:28 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.06.27 22:55:28 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.06.27 22:55:28 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.06.27 22:55:28 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.27 22:55:28 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.27 22:55:28 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.26 23:27:33 | 000,000,620 | ---- | M] () -- C:\Windows\wiso.ini
[2013.06.25 22:00:41 | 000,026,183 | ---- | M] () -- C:\Users\Silent Bob\Documents\Protokoll_25.06.13.odt
[2013.06.25 16:33:02 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.24 22:55:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.23 12:27:40 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2013.06.22 00:20:27 | 000,001,186 | ---- | M] () -- C:\Users\Silent Bob\Desktop\CrystalDiskInfo.lnk
[2013.06.19 21:15:07 | 000,018,680 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013.06.19 20:13:38 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk
[2013.06.19 20:03:52 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2013.06.19 19:41:01 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2013.06.18 21:14:02 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013.06.14 15:00:19 | 000,000,963 | ---- | M] () -- C:\Users\Silent Bob\Desktop\QuickSFV.lnk
[2013.06.12 15:21:28 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys
[2013.06.12 15:21:28 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.06.12 14:36:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf
[2013.06.08 15:13:53 | 000,001,025 | ---- | M] () -- C:\Users\Silent Bob\Desktop\ScummVM.lnk
[2013.06.06 14:48:39 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.06.05 00:32:45 | 000,006,144 | ---- | M] () -- C:\Users\Silent Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.03 19:52:59 | 000,001,308 | ---- | M] () -- C:\Users\Silent Bob\Desktop\Miranda x64.lnk
[2013.06.02 20:22:33 | 000,001,190 | ---- | M] () -- C:\Users\Silent Bob\Desktop\GeekUninstaller.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[11 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.29 00:54:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.29 00:54:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.29 00:54:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.29 00:54:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.29 00:54:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.28 14:23:56 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2013.06.28 14:23:56 | 000,001,105 | ---- | C] () -- C:\Users\Silent Bob\Desktop\KeePass 2.lnk
[2013.06.27 22:55:28 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.26 22:17:45 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.26 22:17:43 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.25 20:53:29 | 000,026,183 | ---- | C] () -- C:\Users\Silent Bob\Documents\Protokoll_25.06.13.odt
[2013.06.25 16:33:02 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.23 12:27:40 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2013.06.22 00:20:27 | 000,001,186 | ---- | C] () -- C:\Users\Silent Bob\Desktop\CrystalDiskInfo.lnk
[2013.06.19 21:15:07 | 000,018,680 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013.06.19 20:57:27 | 003,180,264 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2013.06.19 20:57:26 | 000,449,481 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.06.19 20:07:18 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.06.19 20:03:52 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2013.06.19 19:41:01 | 000,001,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2013.06.19 19:41:01 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2013.06.18 21:14:02 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2013.06.14 15:00:19 | 000,000,963 | ---- | C] () -- C:\Users\Silent Bob\Desktop\QuickSFV.lnk
[2013.06.12 15:21:28 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2013.06.12 14:36:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ICCWDT_01009.Wdf
[2013.06.08 15:13:53 | 000,001,025 | ---- | C] () -- C:\Users\Silent Bob\Desktop\ScummVM.lnk
[2013.06.03 19:52:59 | 000,001,308 | ---- | C] () -- C:\Users\Silent Bob\Desktop\Miranda x64.lnk
[2013.06.02 20:22:33 | 000,001,190 | ---- | C] () -- C:\Users\Silent Bob\Desktop\GeekUninstaller.lnk
[2013.05.09 15:54:47 | 000,001,972 | ---- | C] () -- C:\Users\Silent Bob\AppData\Local\recently-used.xbel
[2013.04.01 11:50:49 | 000,004,507 | ---- | C] () -- C:\Users\Silent Bob\AppData\Roaming\CamStudio.cfg
[2013.04.01 11:50:49 | 000,000,408 | ---- | C] () -- C:\Users\Silent Bob\AppData\Roaming\CamShapes.ini
[2013.04.01 11:50:49 | 000,000,408 | ---- | C] () -- C:\Users\Silent Bob\AppData\Roaming\CamLayout.ini
[2013.04.01 11:50:49 | 000,000,096 | ---- | C] () -- C:\Users\Silent Bob\AppData\Roaming\Camdata.ini
[2013.03.21 23:02:55 | 000,000,620 | ---- | C] () -- C:\Windows\wiso.ini
[2013.03.08 19:10:10 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013.02.08 00:23:30 | 000,012,918 | ---- | C] () -- C:\Windows\Q-Dir.ini
[2012.12.12 15:47:04 | 000,200,704 | ---- | C] () -- C:\Users\Silent Bob\37_Grad-Abgestürzt-121211_abgestuerzt_37g_1596k_p13v9.mp4.flv
[2012.12.10 14:12:50 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012.11.30 00:36:35 | 000,112,724 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.11.07 14:33:46 | 000,003,507 | ---- | C] () -- C:\Users\Silent Bob\ESt2009_Simmler_Carsten.elfo
[2012.11.07 14:32:32 | 000,003,507 | ---- | C] () -- C:\Users\Silent Bob\ESt2010_Simmler_Carsten.elfo
[2012.11.07 14:29:40 | 000,003,507 | ---- | C] () -- C:\Users\Silent Bob\ESt2011.elfo
[2012.10.10 03:22:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012.10.10 03:22:20 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012.10.09 20:41:01 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2012.09.21 21:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.09.21 21:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.09.21 21:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.08.06 09:58:34 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.08.06 09:58:34 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.07.17 18:04:19 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.07.07 07:51:24 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.07.05 14:05:04 | 000,017,408 | ---- | C] () -- C:\Users\Silent Bob\AppData\Local\WebpageIcons.db
[2012.06.26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.06.26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.06.26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.06.26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.06.03 19:21:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.05.16 18:53:43 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\libmySQL.dll
[2012.05.16 18:53:43 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\TrackerNET.dll
[2012.05.16 18:26:49 | 000,000,057 | ---- | C] () -- C:\Windows\sierra.ini
[2012.04.26 21:43:46 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.26 21:43:00 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.04.26 21:42:41 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.19 23:31:16 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.14 19:27:45 | 038,878,994 | ---- | C] () -- C:\Users\Silent Bob\AppData\Local\Tempmusic.ogg
[2012.02.23 18:09:51 | 000,070,911 | ---- | C] () -- C:\Users\Silent Bob\AppData\Roaming\icarus-dxdiag.xml
[2011.12.23 23:31:13 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.12.13 23:34:00 | 001,593,956 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.11.28 18:16:08 | 000,006,144 | ---- | C] () -- C:\Users\Silent Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.19 20:37:48 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.10.19 20:37:47 | 002,506,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_new_5-9-08.exe
[2011.10.19 20:37:47 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.15 15:03:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.06.19 20:15:23 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\.minecraft
[2011.10.16 20:09:04 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Acronico
[2012.04.05 13:56:56 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Amazon
[2012.12.04 21:44:46 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\APP_NAME_NON_STRING
[2013.06.23 13:53:07 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Arrowhead
[2013.01.19 23:37:25 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Auslogics
[2011.12.17 12:08:41 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Beat Hazard
[2012.05.10 14:45:46 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Braid
[2011.12.24 23:17:18 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Broken Rules
[2012.07.03 20:47:07 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\bsnes
[2013.03.21 23:03:18 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Buhl Data Service
[2012.02.05 20:04:42 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Bullet Train
[2011.10.15 22:28:33 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Canneverbe Limited
[2012.10.09 20:41:24 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Capcom
[2012.05.30 23:41:16 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Carbon
[2011.11.28 22:51:23 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Colibri Games
[2012.10.09 19:59:03 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\com.cipherprime.auditorium
[2013.04.04 22:29:06 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\com.shirogames.evoland
[2013.03.01 18:41:50 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\com.stoicstudio.TheBannerSagaFactions
[2013.06.14 15:08:18 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\DAEMON Tools Lite
[2012.04.01 11:20:47 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\digipen
[2013.04.27 16:31:57 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Doublefine
[2012.05.08 18:21:17 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\DVDVideoSoft
[2012.05.25 19:45:23 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\EAC
[2012.07.18 01:35:21 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Easeware
[2013.01.04 14:52:00 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Empty Clip Studios
[2013.05.16 20:42:43 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Exif Viewer
[2011.12.02 20:09:00 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\FatShark
[2012.11.08 15:08:12 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\FileBot
[2013.05.28 21:46:01 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\FileZilla
[2011.11.10 20:27:31 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\fltk.org
[2013.06.29 11:38:27 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\foobar2000
[2013.03.22 22:57:12 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Frogwares
[2011.10.31 23:15:39 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Games
[2012.05.17 11:24:33 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Geek Uninstaller
[2012.04.27 15:29:35 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\gnupg
[2012.04.06 09:02:18 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\HackSlashLoot
[2012.06.05 22:44:40 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\HD
[2013.02.24 20:08:38 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\higan
[2012.02.25 02:45:33 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Hothead Games
[2012.12.28 21:25:18 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\ICQ-Profile
[2012.08.19 15:26:25 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\ImgBurn
[2013.01.31 01:13:00 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\iMobie
[2013.06.17 19:59:56 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\IObit
[2013.03.10 00:26:06 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\IonFx
[2013.06.28 14:27:08 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\IrfanView
[2012.08.02 22:48:09 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Joymasher
[2013.06.03 21:34:46 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Kalypso Media
[2013.06.28 14:26:11 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\KeePass
[2011.10.15 22:33:09 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Leadertech
[2013.02.07 16:17:59 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\LibreOffice
[2012.04.24 20:35:09 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\LoneSurvivor
[2012.05.10 17:35:07 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\LucasArts
[2013.03.28 23:09:48 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\MAGIX
[2012.03.19 23:18:00 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\MinMaxGames
[2011.10.15 22:42:33 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Miranda
[2012.08.21 19:57:56 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\MMFApplications
[2011.10.19 20:30:03 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Mount&Blade Warband
[2012.05.31 17:02:34 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\naev
[2013.06.29 12:18:53 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\NetSpeedMonitor
[2013.05.09 14:37:11 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Notepad++
[2011.10.28 23:28:04 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Nucleosys
[2013.06.07 19:29:08 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Origin
[2012.12.04 21:45:17 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\PDF Architect
[2012.06.24 20:36:20 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Pixlromatic
[2012.10.28 00:08:03 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\ProtectDISC
[2013.05.10 11:24:39 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\qBittorrent
[2012.05.31 17:00:55 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\RenPy
[2012.02.20 22:59:12 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\RotMG.Production
[2013.05.31 12:15:09 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Rovio
[2012.05.11 22:16:12 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\runic games
[2012.09.20 16:35:20 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Samsung
[2013.06.03 19:27:21 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\ScummVM
[2013.06.22 16:06:05 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Sierra
[2012.06.30 18:22:55 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\SkyGoblin
[2012.08.13 22:24:04 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Sony
[2012.08.13 22:19:08 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Sony Setup
[2013.06.27 23:57:10 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Spotify
[2012.08.13 20:05:47 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Squids
[2013.01.19 23:35:44 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\StealthBastard[Steam]
[2012.07.19 19:16:48 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\The Longest Journey
[2012.07.06 20:52:33 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Thunderbird
[2012.09.10 10:15:43 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\To the Moon - Freebird Games
[2013.01.24 17:58:08 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Trillian
[2012.03.29 21:54:30 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Trine2
[2013.06.25 00:02:38 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\TS3Client
[2011.10.24 22:39:41 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\ts3overlay
[2012.10.22 17:29:55 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Visionaire Editor
[2013.06.12 20:02:47 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\Warner Bros. Interactive Entertainment
[2013.05.26 18:43:44 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\XnRetro
[2013.05.26 18:43:57 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\XnSketch
[2012.07.26 01:19:55 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\XRay Engine
[2012.05.11 22:08:08 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\ZombieDriver
[2012.09.23 19:51:52 | 000,000,000 | ---D | M] -- C:\Users\Silent Bob\AppData\Roaming\ZombieGrinder
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:A02025CE

< End of report >

aharonov · 29.06.2013, 13:46

Hi,

wie läuft der Rechner jetzt?

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:A02025CE
[2013.06.12 14:01:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SoftwareUpdater
[2013.06.12 13:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareUpdater

:commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAM
Log von ESET
Log von SecurityCheck

Spaßvogel · 29.06.2013, 14:04

Da ich mich gerade maßlos schwarz ärgere, dass ich mir so ein Mist trotz Avast!, Adwcleaner, Adblock Plus, Noscript und HijackThis eingefangen habe, werde ich wohl Win7 doch neu aufsetzen.
Anscheinend kann man noch so vorsichtig sein und alles nur aus vertrauenswürdigen Quellen und offiziellen Seiten herunter laden und trotzdem der Angeschmierte sein.
Bye, Bye Windows Installation. Du hast sehr lange fehlerfrei gehalten

Was ist denn SoftwareUpdater.Bootstrapper genau?

Wollt ihr Freemium Free Driver Scout mal unter die Lupe nehmen, damit niemand sonst auf so einen miesen Schund hereinfällt?

aharonov · 29.06.2013, 14:31

Dieses SoftwareUpdater-Zeugs ist keine wirkliche Malware. Das ist einfach so ein Mist, der bei solchen Freeware-Downloads mitkommt, aus der Kategorie Adware. Genau wie irgendwelche sinnlosen Toolbars und geänderte Startseiten etc.
Auch bei chip.de ist solches Zeugs mit drin. Damit muss man halt leben oder auf solche Downloads verzichten.

In meinen Augen ist ein Neu-Aufsetzen nicht nötig, da der Rechner bis jetzt sauber aussieht. Die nächsten Schritte wären noch Kontrollscans zum Abschluss gewesen, ob die beiden Scanner noch etwas sehen.

Spaßvogel · 29.06.2013, 15:01

Ich habe den Befehl von OTR ausführen lassen...hier die Log File

Code:

ATTFilter

All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:A02025CE deleted successfully.
C:\Program Files (x86)\SoftwareUpdater folder moved successfully.
C:\Program Files\SoftwareUpdater folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: hedev
->Temp folder emptied: 0 bytes
 
User: matt
->Temp folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Silent Bob
->Temp folder emptied: 6878513 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 510400 bytes
->FireFox cache emptied: 311957797 bytes
->Flash cache emptied: 58008 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2072576 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8407531 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95672 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 556 bytes
RecycleBin emptied: 388608 bytes
 
Total Files Cleaned = 315,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06292013_155622

Files\Folders moved on Reboot...
C:\Users\Silent Bob\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Silent Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Und hier der von SecurityCheck

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 25  
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox (22.0) 
 Mozilla Thunderbird (17.0.7) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Kannst du mir noch ein paar Tipps geben, welche Programme sich deiner Erfahrung nach wirklich lohnen und sicher sind, wenn man seinen Pc gut vor Angriffen schützen will?
Ich gebe mal einen kleinen Abriss über die Tools, die ich seit längerem nutze. Vorschläge bzw. bessere Alternativen wären gern gesehen.

Bin gerade etwas verunsichert, da ich auch oft Einkäufe über Paypal etc. über den Rechner abwickle.

GeekUninstaller, CCleaner, Adwcleaner, Avast!, Eraser, Keepass,

Malwarebyte und eset folgen später

29.06.2013, 10:44	#4
aharonov /// TB-Ausbilder	avast! meldet potenzielles Rootkit "SVC:SystemStoreService" Kannst du die Logfiles bitte nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code]. Dann sollte es auch mit der Grösse klappen. Danke. __________________ cheers, Leo

29.06.2013, 11:02	#6
aharonov /// TB-Ausbilder	avast! meldet potenzielles Rootkit "SVC:SystemStoreService" Warum wurde Combofix ausgeführt? Poste bitte das Log dazu (C:\Combofix.txt). __________________ --> avast! meldet potenzielles Rootkit "SVC:SystemStoreService"

29.06.2013, 11:02	#8
aharonov /// TB-Ausbilder	avast! meldet potenzielles Rootkit "SVC:SystemStoreService" Ok, dann packe die Extras in ein *.zip-File und hänge es an. __________________ cheers, Leo

avast! meldet potenzielles Rootkit "SVC:SystemStoreService"

Plagegeister aller Art und deren Bekämpfung: avast! meldet potenzielles Rootkit "SVC:SystemStoreService"