| |
| |||||||
Log-Analyse und Auswertung: PC wird langsam, Leistung nicht mehr wie früher. Logs angehängtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.05.2014, 18:47
| #1 |
| |  PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt Hallo Zusammen, ich habe das Gefühl, dass mein PC momentan sehr langsam läuft. Programme öffnen sich langsamer, der PC freezt bei Spielen häufiger. Ich nutze Kaspersky Internet Security 2014. Zur Sicherheit wollte ich mal die Experten um Rat bitten. Ich hoffe, alle benötigten Log Datein angehängt zu haben. Habe mich an die 8 Goldenen Regeln gehalten. Ich kann hier nur die FRST und defogger Logs posten, es sind leider über 250k Zeichen, alle Datein sind in einer .zip angehängt. Danke ! defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:20 on 28/05/2014 (ciipresshilll)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by ciipresshilll (administrator) on R280 on 28-05-2014 16:34:57
Running from C:\Users\ciipresshilll\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Drakonia Black\hid.exe
() C:\Program Files (x86)\Drakonia Black\trayicon.exe
(Advanced Micro Devices Inc.) D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\MOM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(ATI Technologies Inc.) D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\CCC.exe
(Nullsoft, Inc.) D:\P R O G R A M M E\Winamp\winamp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Black\hid.exe [247296 2013-06-26] ()
HKLM-x32\...\Run: [StartCCC] => D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-10] (Microsoft Corporation)
HKU\S-1-5-21-1425884379-3831331695-1035041748-1000\...\MountPoints2: {539912cd-787e-11e3-b536-806e6f6e6963} - E:\ASRSetup.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x28AFC960B10CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default
FF Homepage: https://www.google.de/?gfe_rd=ctrl&ei=me0SU57UHMGK8QfmgoD4Dw&gws_rd=cr
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 - D:\P R O G R A M M E\vlc\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-04-03]
FF Extension: The Fox, Only Better - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\thefoxonlybetter@quicksaver.xpi [2014-05-24]
FF Extension: Adblock Plus - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-02]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-16]
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-01-11] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-07] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-16] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-16] (Kaspersky Lab ZAO)
S3 RTCore64; D:\P R O G R A M M E\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 cpuz136; \??\C:\Users\CIIPRE~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 cpuz137; \??\C:\Users\CIIPRE~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-28 16:34 - 2014-05-28 16:35 - 00012389 _____ () C:\Users\ciipresshilll\Desktop\FRST.txt
2014-05-28 16:23 - 2014-05-28 16:34 - 00000000 ____D () C:\FRST
2014-05-28 16:20 - 2014-05-28 16:20 - 00000488 _____ () C:\Users\ciipresshilll\Desktop\defogger_disable.log
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 _____ () C:\Users\ciipresshilll\defogger_reenable
2014-05-28 16:19 - 2014-05-28 16:19 - 02066944 _____ (Farbar) C:\Users\ciipresshilll\Desktop\FRST64.exe
2014-05-28 16:19 - 2014-05-28 16:19 - 00380416 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.exe
2014-05-28 16:18 - 2014-05-28 16:19 - 00050477 _____ () C:\Users\ciipresshilll\Desktop\Defogger.exe
2014-05-27 21:11 - 2014-05-27 21:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-27 17:32 - 2014-05-27 17:32 - 00018587 _____ () C:\Windows\DirectX.log
2014-05-27 17:32 - 2014-05-27 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-27 17:15 - 2014-05-27 17:15 - 00018284 _____ () C:\Users\ciipresshilll\Documents\cc_20140527_171556.reg
2014-05-27 17:11 - 2014-05-27 17:11 - 00003180 _____ () C:\Windows\System32\Tasks\{1E84FC35-EA3D-4E38-A62A-EE1D78C3AF59}
2014-05-27 17:11 - 2014-05-27 17:11 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieUserList
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieSiteList
2014-05-26 08:32 - 2014-05-26 08:32 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Nero
2014-05-26 08:31 - 2014-05-26 18:04 - 00000000 ____D () C:\ProgramData\Nero
2014-05-26 07:43 - 2014-05-26 07:43 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\TEST
2014-05-26 07:36 - 2014-05-26 07:36 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\GermaniXSoft
2014-05-25 18:50 - 2014-05-25 18:50 - 00000087 _____ () C:\Users\ciipresshilll\Documents\xbox zugang.txt
2014-05-24 21:20 - 2014-05-28 08:26 - 00002668 _____ () C:\Windows\PFRO.log
2014-05-24 09:44 - 2014-05-24 09:44 - 00051062 _____ () C:\Users\ciipresshilll\Documents\cc_20140524_094401.reg
2014-05-24 08:59 - 2014-05-24 08:59 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-05-20 21:32 - 2014-05-20 21:32 - 00971830 ____N () C:\Windows\Minidump\052014-7176-01.dmp
2014-05-19 19:08 - 2014-05-28 16:02 - 00002119 _____ () C:\Windows\setupact.log
2014-05-19 19:08 - 2014-05-19 19:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-15 22:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 22:28 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 22:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 22:28 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 22:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 22:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 09:51 - 2014-05-15 09:51 - 00020010 _____ () C:\Users\ciipresshilll\Documents\Leserbrief Vegesack.odt
2014-05-15 08:53 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 08:53 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 08:53 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 08:53 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 08:53 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 08:53 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 08:53 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 08:53 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 08:53 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 08:53 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 08:53 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 08:53 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 08:53 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 08:53 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 08:53 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 08:53 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 08:53 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 23:15 - 2014-05-14 23:15 - 00002980 _____ () C:\Windows\System32\Tasks\{769110BA-A2BF-410E-BDA0-416551886AF4}
2014-05-10 10:39 - 2014-05-10 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 22:34 - 2014-05-25 14:10 - 00527700 _____ () C:\Users\ciipresshilll\Documents\report.txt
2014-05-07 11:17 - 2014-05-07 11:17 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-04 21:07 - 2014-05-04 21:07 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\HandBrake
2014-05-04 21:00 - 2014-05-04 21:00 - 00001312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Windows\de
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-01 13:28 - 2014-05-01 13:28 - 00058129 _____ () C:\Windows\SysWOW64\CCCInstall_201405011328019478.log
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\ProgramData\ATI
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-01 13:27 - 2014-05-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-01 13:25 - 2014-05-01 13:25 - 00060544 _____ () C:\Windows\SysWOW64\CCCInstall_201405011325001151.log
2014-04-30 07:46 - 2014-05-16 07:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-05-28 16:35 - 2014-05-28 16:34 - 00012389 _____ () C:\Users\ciipresshilll\Desktop\FRST.txt
2014-05-28 16:35 - 2014-01-08 20:30 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\NetSpeedMonitor
2014-05-28 16:34 - 2014-05-28 16:23 - 00000000 ____D () C:\FRST
2014-05-28 16:20 - 2014-05-28 16:20 - 00000488 _____ () C:\Users\ciipresshilll\Desktop\defogger_disable.log
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 _____ () C:\Users\ciipresshilll\defogger_reenable
2014-05-28 16:20 - 2014-01-08 18:06 - 00000000 ____D () C:\Users\ciipresshilll
2014-05-28 16:19 - 2014-05-28 16:19 - 02066944 _____ (Farbar) C:\Users\ciipresshilll\Desktop\FRST64.exe
2014-05-28 16:19 - 2014-05-28 16:19 - 00380416 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.exe
2014-05-28 16:19 - 2014-05-28 16:18 - 00050477 _____ () C:\Users\ciipresshilll\Desktop\Defogger.exe
2014-05-28 16:19 - 2014-01-16 21:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-28 16:09 - 2009-07-14 06:45 - 00018592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 16:09 - 2009-07-14 06:45 - 00018592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 16:07 - 2014-01-09 03:02 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-05-28 16:07 - 2014-01-09 03:02 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-05-28 16:07 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 16:06 - 2014-02-15 16:55 - 01739198 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 16:04 - 2014-03-17 08:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 16:02 - 2014-05-19 19:08 - 00002119 _____ () C:\Windows\setupact.log
2014-05-28 16:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 08:27 - 2014-04-22 00:42 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Awesomium
2014-05-28 08:26 - 2014-05-24 21:20 - 00002668 _____ () C:\Windows\PFRO.log
2014-05-28 08:26 - 2014-01-08 22:32 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-05-27 21:42 - 2014-01-10 17:53 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\Edelarsch
2014-05-27 21:11 - 2014-05-27 21:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-27 17:49 - 2014-01-13 22:00 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-27 17:49 - 2014-01-08 22:31 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-27 17:49 - 2014-01-08 22:31 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-27 17:32 - 2014-05-27 17:32 - 00018587 _____ () C:\Windows\DirectX.log
2014-05-27 17:32 - 2014-05-27 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-27 17:32 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-27 17:31 - 2014-01-08 18:34 - 00000000 ____D () C:\ProgramData\Origin
2014-05-27 17:30 - 2014-01-08 18:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-27 17:15 - 2014-05-27 17:15 - 00018284 _____ () C:\Users\ciipresshilll\Documents\cc_20140527_171556.reg
2014-05-27 17:11 - 2014-05-27 17:11 - 00003180 _____ () C:\Windows\System32\Tasks\{1E84FC35-EA3D-4E38-A62A-EE1D78C3AF59}
2014-05-27 17:11 - 2014-05-27 17:11 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-27 17:10 - 2014-01-08 18:06 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\VirtualStore
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieUserList
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieSiteList
2014-05-26 18:04 - 2014-05-26 08:31 - 00000000 ____D () C:\ProgramData\Nero
2014-05-26 08:32 - 2014-05-26 08:32 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Nero
2014-05-26 07:43 - 2014-05-26 07:43 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\TEST
2014-05-26 07:36 - 2014-05-26 07:36 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\GermaniXSoft
2014-05-25 18:50 - 2014-05-25 18:50 - 00000087 _____ () C:\Users\ciipresshilll\Documents\xbox zugang.txt
2014-05-25 14:10 - 2014-05-08 22:34 - 00527700 _____ () C:\Users\ciipresshilll\Documents\report.txt
2014-05-24 09:44 - 2014-05-24 09:44 - 00051062 _____ () C:\Users\ciipresshilll\Documents\cc_20140524_094401.reg
2014-05-24 08:59 - 2014-05-24 08:59 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-05-22 20:56 - 2014-03-29 22:40 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Audacity
2014-05-21 20:25 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 21:33 - 2014-01-09 21:35 - 00000000 ____D () C:\Windows\Minidump
2014-05-20 21:32 - 2014-05-20 21:32 - 00971830 ____N () C:\Windows\Minidump\052014-7176-01.dmp
2014-05-19 19:08 - 2014-05-19 19:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 08:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 07:46 - 2014-04-30 07:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 07:46 - 2014-01-08 18:06 - 00000000 ___RD () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 07:46 - 2014-01-08 18:06 - 00000000 ___RD () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 22:28 - 2014-01-08 18:55 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 22:28 - 2014-01-08 18:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 09:51 - 2014-05-15 09:51 - 00020010 _____ () C:\Users\ciipresshilll\Documents\Leserbrief Vegesack.odt
2014-05-14 23:15 - 2014-05-14 23:15 - 00002980 _____ () C:\Windows\System32\Tasks\{769110BA-A2BF-410E-BDA0-416551886AF4}
2014-05-14 17:23 - 2014-03-17 08:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 17:23 - 2014-01-08 22:27 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 17:23 - 2014-01-08 22:27 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 08:49 - 2014-01-10 17:49 - 00007607 _____ () C:\Users\ciipresshilll\AppData\Local\Resmon.ResmonCfg
2014-05-13 08:34 - 2014-04-22 00:19 - 00000000 ____D () C:\Users\ciipresshilll\Documents\Elder Scrolls Online
2014-05-13 08:34 - 2014-04-22 00:19 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-05-13 08:33 - 2014-02-02 23:10 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-11 19:07 - 2014-03-02 10:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 10:39 - 2014-05-10 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-15 08:53 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 08:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 11:17 - 2014-05-07 11:17 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-06 06:40 - 2014-05-15 22:28 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 22:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 22:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 22:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 21:07 - 2014-05-04 21:07 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\HandBrake
2014-05-04 21:00 - 2014-05-04 21:00 - 00001312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Windows\de
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-04 21:00 - 2014-03-24 15:56 - 00001381 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-04 21:00 - 2014-01-08 23:09 - 00001497 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-04 21:00 - 2014-01-08 23:09 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-01 13:28 - 2014-05-01 13:28 - 00058129 _____ () C:\Windows\SysWOW64\CCCInstall_201405011328019478.log
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\ProgramData\ATI
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-01 13:28 - 2014-01-08 18:39 - 00000000 ____D () C:\ProgramData\AMD
2014-05-01 13:27 - 2014-05-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-01 13:27 - 2014-02-07 08:49 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-05-01 13:25 - 2014-05-01 13:25 - 00060544 _____ () C:\Windows\SysWOW64\CCCInstall_201405011325001151.log
2014-04-29 21:02 - 2014-04-20 22:22 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\Battle.net
2014-04-29 20:07 - 2014-04-20 22:18 - 00000000 ____D () C:\ProgramData\Battle.net
Some content of TEMP:
====================
C:\Users\ciipresshilll\AppData\Local\Temp\fileutil.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-21 20:07
==================== End Of Log ============================
|
|
28.05.2014, 18:56
| #2 |
| /// the machine /// TB-Ausbilder    | PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
28.05.2014, 20:47
| #3 |
| | PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt Hey,
__________________alles klar, das wusste ich nicht. dann mache ich mehrere Posts. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:20 on 28/05/2014 (ciipresshilll)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-28 19:18:08
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 OCZ-AGIL rev.2.15 55,90GB
Running: Gmer-19357.exe; Driver: C:\Users\CIIPRE~1\AppData\Local\Temp\pgldrpog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007789faa8 5 bytes JMP 0000000173db18dd
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe[1780] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000778a0038 5 bytes JMP 0000000173db1ed6
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073bf1a22 2 bytes [BF, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073bf1ad0 2 bytes [BF, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073bf1b08 2 bytes [BF, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073bf1bba 2 bytes [BF, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073bf1bda 2 bytes [BF, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075461465 2 bytes [46, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754614bb 2 bytes [46, 75]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1980] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075461465 2 bytes [46, 75]
.text C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1980] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000754614bb 2 bytes [46, 75]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe[3088] C:\Windows\syswow64\USER32.dll!UserClientDllInitialize + 779 000000007716b9f8 4 bytes [0B, 26, DB, 73]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776a11f5 8 bytes {JMP 0xd}
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776a1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776a143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776a158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776a191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776a1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776a1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776a1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776a1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776a1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776a1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776a1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776a1fd7 8 bytes {JMP 0xb}
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776a2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776a2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776a2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776a27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776a27d2 8 bytes {JMP 0x10}
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776a282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776a2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776a2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776a2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776a3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776a323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776a33c0 16 bytes {JMP 0x4e}
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776a3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776a3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776a3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776a3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776a4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776f1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776f1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776f1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776f1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776f1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776f1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776f27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073e813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073e8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073e816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073e816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073e819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073e819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073e81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073e81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073e81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073e81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075461465 2 bytes [46, 75]
.text C:\Users\ciipresshilll\Desktop\avz4\avz4\avz.exe[3732] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754614bb 2 bytes [46, 75]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776a11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776a1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776a143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776a158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776a191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776a1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776a1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776a1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776a1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776a1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776a1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776a1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776a1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776a2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776a2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776a2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776a27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776a27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776a282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776a2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776a2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776a2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776a3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776a323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776a33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776a3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776a3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776a3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776a3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776a4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776f1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776f1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776f1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776f1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776f1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776f1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776f27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073e813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073e8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073e816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073e816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073e819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073e819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073e81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073e81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073e81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4860] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073e81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776a11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776a1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776a143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776a158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776a191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776a1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776a1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776a1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776a1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776a1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776a1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776a1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776a1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776a2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776a2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776a2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776a27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776a27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776a282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776a2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776a2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776a2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776a3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776a323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776a33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776a3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776a3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776a3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776a3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776a4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776f1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776f1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776f1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776f1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776f1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776f1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776f27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073e813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073e8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073e816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073e816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073e819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073e819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073e81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073e81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073e81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073e81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776a11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776a1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776a143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776a158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776a191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776a1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776a1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776a1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776a1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776a1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776a1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776a1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776a1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776a2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776a2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776a2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776a27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776a27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776a282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776a2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776a2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776a2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776a3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776a323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776a33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776a3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776a3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776a3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776a3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776a4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776f1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776f1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776f1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776f1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776f1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776f1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776f27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073e813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073e8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073e816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073e816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073e819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073e819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073e81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073e81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073e81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073e81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776a11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776a1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776a143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776a158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776a191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776a1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776a1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776a1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776a1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776a1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776a1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776a1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776a1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776a2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776a2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776a2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776a27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776a27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776a282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776a2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776a2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776a2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776a3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776a323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776a33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776a3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776a3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776a3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776a3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776a4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776f1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776f1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776f1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776f1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776f1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776f1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776f27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073e813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073e8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073e816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073e816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073e819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073e819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073e81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073e81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073e81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4916] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073e81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776a11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776a1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776a143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776a158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776a191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776a1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776a1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776a1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776a1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776a1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776a1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776a1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776a1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776a2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776a2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776a2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776a27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776a27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776a282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776a2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776a2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776a2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776a3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776a323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776a33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776a3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776a3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776a3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776a3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776a4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776f1380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776f1500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776f1530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776f1650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776f1700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776f1f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776f27e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073e813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073e8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073e816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073e816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073e819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073e819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073e81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073e81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073e81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073e81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776a11f5 8 bytes {JMP 0xd}
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776a1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776a143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776a158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776a191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776a1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776a1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776a1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776a1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776a1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776a1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776a1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776a1fd7 8 bytes {JMP 0xb}
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776a2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776a2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776a2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776a27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776a27d2 8 bytes {JMP 0x10}
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776a282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776a2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776a2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776a2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776a3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776a323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776a33c0 16 bytes {JMP 0x4e}
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776a3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776a3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776a3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776a3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776a4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000776f1380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 00000000776f1500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000776f1530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000776f1650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 00000000776f1700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000776f1d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 00000000776f1f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000776f27e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073e813cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073e8146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073e816d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000073e816e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073e819db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073e819fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000073e81a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000073e81a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073e81a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\ciipresshilll\Desktop\Gmer-19357.exe[3532] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000073e81a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [3976:4752] 000007fee5339688
---- EOF - GMER 2.1 ----
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by ciipresshilll (administrator) on R280 on 28-05-2014 16:34:57
Running from C:\Users\ciipresshilll\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Drakonia Black\hid.exe
() C:\Program Files (x86)\Drakonia Black\trayicon.exe
(Advanced Micro Devices Inc.) D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\MOM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(ATI Technologies Inc.) D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\CCC.exe
(Nullsoft, Inc.) D:\P R O G R A M M E\Winamp\winamp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Black\hid.exe [247296 2013-06-26] ()
HKLM-x32\...\Run: [StartCCC] => D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-10] (Microsoft Corporation)
HKU\S-1-5-21-1425884379-3831331695-1035041748-1000\...\MountPoints2: {539912cd-787e-11e3-b536-806e6f6e6963} - E:\ASRSetup.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x28AFC960B10CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default
FF Homepage: https://www.google.de/?gfe_rd=ctrl&ei=me0SU57UHMGK8QfmgoD4Dw&gws_rd=cr
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 - D:\P R O G R A M M E\vlc\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-04-03]
FF Extension: The Fox, Only Better - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\thefoxonlybetter@quicksaver.xpi [2014-05-24]
FF Extension: Adblock Plus - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-02]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-16]
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-01-11] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-07] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-16] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-16] (Kaspersky Lab ZAO)
S3 RTCore64; D:\P R O G R A M M E\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 cpuz136; \??\C:\Users\CIIPRE~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 cpuz137; \??\C:\Users\CIIPRE~1\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-28 16:34 - 2014-05-28 16:35 - 00012389 _____ () C:\Users\ciipresshilll\Desktop\FRST.txt
2014-05-28 16:23 - 2014-05-28 16:34 - 00000000 ____D () C:\FRST
2014-05-28 16:20 - 2014-05-28 16:20 - 00000488 _____ () C:\Users\ciipresshilll\Desktop\defogger_disable.log
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 _____ () C:\Users\ciipresshilll\defogger_reenable
2014-05-28 16:19 - 2014-05-28 16:19 - 02066944 _____ (Farbar) C:\Users\ciipresshilll\Desktop\FRST64.exe
2014-05-28 16:19 - 2014-05-28 16:19 - 00380416 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.exe
2014-05-28 16:18 - 2014-05-28 16:19 - 00050477 _____ () C:\Users\ciipresshilll\Desktop\Defogger.exe
2014-05-27 21:11 - 2014-05-27 21:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-27 17:32 - 2014-05-27 17:32 - 00018587 _____ () C:\Windows\DirectX.log
2014-05-27 17:32 - 2014-05-27 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-27 17:15 - 2014-05-27 17:15 - 00018284 _____ () C:\Users\ciipresshilll\Documents\cc_20140527_171556.reg
2014-05-27 17:11 - 2014-05-27 17:11 - 00003180 _____ () C:\Windows\System32\Tasks\{1E84FC35-EA3D-4E38-A62A-EE1D78C3AF59}
2014-05-27 17:11 - 2014-05-27 17:11 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieUserList
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieSiteList
2014-05-26 08:32 - 2014-05-26 08:32 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Nero
2014-05-26 08:31 - 2014-05-26 18:04 - 00000000 ____D () C:\ProgramData\Nero
2014-05-26 07:43 - 2014-05-26 07:43 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\TEST
2014-05-26 07:36 - 2014-05-26 07:36 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\GermaniXSoft
2014-05-25 18:50 - 2014-05-25 18:50 - 00000087 _____ () C:\Users\ciipresshilll\Documents\xbox zugang.txt
2014-05-24 21:20 - 2014-05-28 08:26 - 00002668 _____ () C:\Windows\PFRO.log
2014-05-24 09:44 - 2014-05-24 09:44 - 00051062 _____ () C:\Users\ciipresshilll\Documents\cc_20140524_094401.reg
2014-05-24 08:59 - 2014-05-24 08:59 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-05-20 21:32 - 2014-05-20 21:32 - 00971830 ____N () C:\Windows\Minidump\052014-7176-01.dmp
2014-05-19 19:08 - 2014-05-28 16:02 - 00002119 _____ () C:\Windows\setupact.log
2014-05-19 19:08 - 2014-05-19 19:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-15 22:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 22:28 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 22:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 22:28 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 22:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 22:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 09:51 - 2014-05-15 09:51 - 00020010 _____ () C:\Users\ciipresshilll\Documents\Leserbrief Vegesack.odt
2014-05-15 08:53 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 08:53 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 08:53 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 08:53 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 08:53 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 08:53 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 08:53 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 08:53 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 08:53 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 08:53 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 08:53 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 08:53 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 08:53 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 08:53 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 08:53 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 08:53 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 08:53 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 23:15 - 2014-05-14 23:15 - 00002980 _____ () C:\Windows\System32\Tasks\{769110BA-A2BF-410E-BDA0-416551886AF4}
2014-05-10 10:39 - 2014-05-10 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 22:34 - 2014-05-25 14:10 - 00527700 _____ () C:\Users\ciipresshilll\Documents\report.txt
2014-05-07 11:17 - 2014-05-07 11:17 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-04 21:07 - 2014-05-04 21:07 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\HandBrake
2014-05-04 21:00 - 2014-05-04 21:00 - 00001312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Windows\de
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-01 13:28 - 2014-05-01 13:28 - 00058129 _____ () C:\Windows\SysWOW64\CCCInstall_201405011328019478.log
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\ProgramData\ATI
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-01 13:27 - 2014-05-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-01 13:25 - 2014-05-01 13:25 - 00060544 _____ () C:\Windows\SysWOW64\CCCInstall_201405011325001151.log
2014-04-30 07:46 - 2014-05-16 07:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-05-28 16:35 - 2014-05-28 16:34 - 00012389 _____ () C:\Users\ciipresshilll\Desktop\FRST.txt
2014-05-28 16:35 - 2014-01-08 20:30 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\NetSpeedMonitor
2014-05-28 16:34 - 2014-05-28 16:23 - 00000000 ____D () C:\FRST
2014-05-28 16:20 - 2014-05-28 16:20 - 00000488 _____ () C:\Users\ciipresshilll\Desktop\defogger_disable.log
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 _____ () C:\Users\ciipresshilll\defogger_reenable
2014-05-28 16:20 - 2014-01-08 18:06 - 00000000 ____D () C:\Users\ciipresshilll
2014-05-28 16:19 - 2014-05-28 16:19 - 02066944 _____ (Farbar) C:\Users\ciipresshilll\Desktop\FRST64.exe
2014-05-28 16:19 - 2014-05-28 16:19 - 00380416 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.exe
2014-05-28 16:19 - 2014-05-28 16:18 - 00050477 _____ () C:\Users\ciipresshilll\Desktop\Defogger.exe
2014-05-28 16:19 - 2014-01-16 21:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-28 16:09 - 2009-07-14 06:45 - 00018592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-28 16:09 - 2009-07-14 06:45 - 00018592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-28 16:07 - 2014-01-09 03:02 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-05-28 16:07 - 2014-01-09 03:02 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-05-28 16:07 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 16:06 - 2014-02-15 16:55 - 01739198 _____ () C:\Windows\WindowsUpdate.log
2014-05-28 16:04 - 2014-03-17 08:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 16:02 - 2014-05-19 19:08 - 00002119 _____ () C:\Windows\setupact.log
2014-05-28 16:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 08:27 - 2014-04-22 00:42 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Awesomium
2014-05-28 08:26 - 2014-05-24 21:20 - 00002668 _____ () C:\Windows\PFRO.log
2014-05-28 08:26 - 2014-01-08 22:32 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-05-27 21:42 - 2014-01-10 17:53 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\Edelarsch
2014-05-27 21:11 - 2014-05-27 21:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-27 17:49 - 2014-01-13 22:00 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-27 17:49 - 2014-01-08 22:31 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-27 17:49 - 2014-01-08 22:31 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-27 17:32 - 2014-05-27 17:32 - 00018587 _____ () C:\Windows\DirectX.log
2014-05-27 17:32 - 2014-05-27 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-27 17:32 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-27 17:31 - 2014-01-08 18:34 - 00000000 ____D () C:\ProgramData\Origin
2014-05-27 17:30 - 2014-01-08 18:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-27 17:15 - 2014-05-27 17:15 - 00018284 _____ () C:\Users\ciipresshilll\Documents\cc_20140527_171556.reg
2014-05-27 17:11 - 2014-05-27 17:11 - 00003180 _____ () C:\Windows\System32\Tasks\{1E84FC35-EA3D-4E38-A62A-EE1D78C3AF59}
2014-05-27 17:11 - 2014-05-27 17:11 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-27 17:10 - 2014-01-08 18:06 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\VirtualStore
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieUserList
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieSiteList
2014-05-26 18:04 - 2014-05-26 08:31 - 00000000 ____D () C:\ProgramData\Nero
2014-05-26 08:32 - 2014-05-26 08:32 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Nero
2014-05-26 07:43 - 2014-05-26 07:43 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\TEST
2014-05-26 07:36 - 2014-05-26 07:36 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\GermaniXSoft
2014-05-25 18:50 - 2014-05-25 18:50 - 00000087 _____ () C:\Users\ciipresshilll\Documents\xbox zugang.txt
2014-05-25 14:10 - 2014-05-08 22:34 - 00527700 _____ () C:\Users\ciipresshilll\Documents\report.txt
2014-05-24 09:44 - 2014-05-24 09:44 - 00051062 _____ () C:\Users\ciipresshilll\Documents\cc_20140524_094401.reg
2014-05-24 08:59 - 2014-05-24 08:59 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-05-22 20:56 - 2014-03-29 22:40 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Audacity
2014-05-21 20:25 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-20 21:33 - 2014-01-09 21:35 - 00000000 ____D () C:\Windows\Minidump
2014-05-20 21:32 - 2014-05-20 21:32 - 00971830 ____N () C:\Windows\Minidump\052014-7176-01.dmp
2014-05-19 19:08 - 2014-05-19 19:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 08:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 07:46 - 2014-04-30 07:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 07:46 - 2014-01-08 18:06 - 00000000 ___RD () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 07:46 - 2014-01-08 18:06 - 00000000 ___RD () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 22:28 - 2014-01-08 18:55 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 22:28 - 2014-01-08 18:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 09:51 - 2014-05-15 09:51 - 00020010 _____ () C:\Users\ciipresshilll\Documents\Leserbrief Vegesack.odt
2014-05-14 23:15 - 2014-05-14 23:15 - 00002980 _____ () C:\Windows\System32\Tasks\{769110BA-A2BF-410E-BDA0-416551886AF4}
2014-05-14 17:23 - 2014-03-17 08:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 17:23 - 2014-01-08 22:27 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 17:23 - 2014-01-08 22:27 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 08:49 - 2014-01-10 17:49 - 00007607 _____ () C:\Users\ciipresshilll\AppData\Local\Resmon.ResmonCfg
2014-05-13 08:34 - 2014-04-22 00:19 - 00000000 ____D () C:\Users\ciipresshilll\Documents\Elder Scrolls Online
2014-05-13 08:34 - 2014-04-22 00:19 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-05-13 08:33 - 2014-02-02 23:10 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-11 19:07 - 2014-03-02 10:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 10:39 - 2014-05-10 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-15 08:53 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 08:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 11:17 - 2014-05-07 11:17 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-06 06:40 - 2014-05-15 22:28 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 22:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 22:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 22:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 21:07 - 2014-05-04 21:07 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\HandBrake
2014-05-04 21:00 - 2014-05-04 21:00 - 00001312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Windows\de
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-04 21:00 - 2014-03-24 15:56 - 00001381 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-04 21:00 - 2014-01-08 23:09 - 00001497 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-04 21:00 - 2014-01-08 23:09 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-01 13:28 - 2014-05-01 13:28 - 00058129 _____ () C:\Windows\SysWOW64\CCCInstall_201405011328019478.log
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\ProgramData\ATI
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-01 13:28 - 2014-01-08 18:39 - 00000000 ____D () C:\ProgramData\AMD
2014-05-01 13:27 - 2014-05-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-01 13:27 - 2014-02-07 08:49 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-05-01 13:25 - 2014-05-01 13:25 - 00060544 _____ () C:\Windows\SysWOW64\CCCInstall_201405011325001151.log
2014-04-29 21:02 - 2014-04-20 22:22 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\Battle.net
2014-04-29 20:07 - 2014-04-20 22:18 - 00000000 ____D () C:\ProgramData\Battle.net
Some content of TEMP:
====================
C:\Users\ciipresshilll\AppData\Local\Temp\fileutil.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-21 20:07
==================== End Of Log ============================
--- --- --- |
|
28.05.2014, 20:50
| #4 |
| | PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt FRST Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by ciipresshilll at 2014-05-28 16:35:37
Running from C:\Users\ciipresshilll\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
Ableton Live 9 Trial (HKLM\...\{0F84EFB0-4B18-40A2-8240-04C1DD7CBF6C}) (Version: 9.0.0.0 - Ableton)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
American McGee's Grimm: A Boy Learns What Fear Is (HKLM-x32\...\{6E52D3C0-AC2E-4ABE-9239-162DB62B8F07}) (Version: 1 - American McGee's Grimm)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AwesomiumSetup (HKLM-x32\...\{19EF99D1-7EE6-4B5E-ABEE-0B3825F703B0}) (Version: 1.00.0000 - SIX Networks GmbH)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0131.1535.27922 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDBurnerXP (HKLM-x32\...\{909A791A-DBB0-432F-BC0E-D0C81925E340}) (Version: 4.5.3.4746 - Canneverbe Limited)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Cry of Fear (HKLM-x32\...\Steam App 223710) (Version: - Team Psykskallar)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
Drakonia Black (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version: - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Geeks3D FurMark 1.12.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
Half-Life (HKLM-x32\...\Half-Life_is1) (Version: Half-Life - Non Steam - KingSOFT DVD)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft1.7.4 (HKLM-x32\...\Minecraft1.7.4) (Version: - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Studio Platinum 12.0 (64-bit) (HKLM\...\{5375FD61-C0E9-11E1-9297-F04DA23A5C58}) (Version: 12.0.334 - Sony)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PhotoFiltre 7 (HKCU\...\PhotoFiltre 7) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
South Park - The Stick of Truth (HKLM-x32\...\South Park - The Stick of Truth_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 1.0.0.0 - Zenimax Online Studios)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Restore Points =========================
27-05-2014 15:32:31 DirectX wurde installiert
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-05-13 09:38 - 00450709 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {056CAAF8-3A85-4860-AED4-C1E67D6B4EAF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {20B3AF38-9364-4882-808E-F7D126CC9A3D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {92877BCB-272E-4421-83F5-4CAE6E012748} - System32\Tasks\{769110BA-A2BF-410E-BDA0-416551886AF4} => D:\S P I E L E\ESO\Launcher\Bethesda.net_Launcher.exe [2014-04-05] (ZeniMax Online Studios)
Task: {BA5E7113-F77C-4E0E-BF08-515D2FE95898} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {E909273A-C13C-4EBA-9F5D-3587EC2C30AF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1425884379-3831331695-1035041748-1000
Task: {FB18FC1B-8FBE-4054-AA29-F54747CE1023} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {FB7C1595-9612-4C37-BAAD-B0E2FFB63E40} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-01-08 22:31 - 2014-02-07 09:20 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-06 18:00 - 2013-06-26 18:01 - 00247296 _____ () C:\Program Files (x86)\Drakonia Black\hid.exe
2014-03-06 18:00 - 2013-06-26 18:01 - 00240640 _____ () C:\Program Files (x86)\Drakonia Black\trayicon.exe
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-03-11 13:44 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-11 13:44 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-03-11 13:44 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-03-11 13:44 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-03-11 13:44 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-06 18:00 - 2013-06-26 18:01 - 00061952 _____ () C:\Program Files (x86)\Drakonia Black\HidDevice.dll
2014-03-06 18:00 - 2013-06-26 18:01 - 00249856 _____ () C:\Program Files (x86)\Drakonia Black\language.dll
2014-05-28 16:04 - 2014-05-28 16:04 - 00014336 _____ () C:\Users\ciipresshilll\AppData\Local\Temp\WDE5B0A.tmp\ml_online.lng
2014-05-28 16:04 - 2014-05-28 16:04 - 00036352 _____ () C:\Users\ciipresshilll\AppData\Local\Temp\WDE5B0A.tmp\ombrowser.lng
2013-12-13 04:47 - 2013-12-13 04:47 - 00333824 _____ () D:\P R O G R A M M E\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2014-02-13 08:42 - 2014-02-13 08:42 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\367540c92c2004ff2c6695778fed5dd6\IsdiInterop.ni.dll
2014-01-08 18:13 - 2011-05-20 11:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-05-10 10:39 - 2014-05-10 10:39 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: Wlansvc => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
Name: Intel(R) HD Graphics 3000
Description: Intel(R) HD Graphics 3000
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (05/19/2014 07:08:47 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3508) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00042.log.
System errors:
=============
Error: (05/25/2014 04:41:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/25/2014 04:41:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (05/25/2014 04:33:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/25/2014 04:33:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (05/25/2014 10:39:06 AM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (05/24/2014 11:02:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 24.05.2014 um 23:00:56 unerwartet heruntergefahren.
Error: (05/22/2014 06:44:20 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 22.05.2014 um 18:42:38 unerwartet heruntergefahren.
Error: (05/20/2014 09:33:08 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000117 (0xfffffa800bb2f010, 0xfffff88004cf0dac, 0x0000000000000000, 0x0000000000000000)C:\Windows\Minidump\052014-7176-01.dmp052014-7176-01
Error: (05/20/2014 09:33:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 20.05.2014 um 21:31:48 unerwartet heruntergefahren.
Error: (05/19/2014 07:09:17 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Microsoft Office Sessions:
=========================
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700
Error: (05/19/2014 07:08:47 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (05/19/2014 07:08:47 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows3508Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00042.log-1811
CodeIntegrity Errors:
===================================
Date: 2014-05-26 08:03:43.617
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-26 08:03:43.617
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-26 08:03:43.617
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-26 08:03:43.601
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-26 08:03:43.601
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-26 08:03:43.601
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-24 09:40:23.537
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-24 09:40:23.536
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-24 09:40:23.535
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-05-24 09:40:23.532
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 24%
Total physical RAM: 8104.66 MB
Available physical RAM: 6113.4 MB
Total Pagefile: 9126.84 MB
Available Pagefile: 6718 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:55.8 GB) (Free:11.41 GB) NTFS
Drive d: (Multimedia) (Fixed) (Total:698.63 GB) (Free:365.04 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: FBA09897)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=56 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 699 GB) (Disk ID: 01833306)
Partition 1: (Active) - (Size=699 GB) - (Type=07 NTFS)
==================== End Of Log ============================
1. ) Was sind unter Host Content diese komischen Links? Letzter Log: AVZ Code:
ATTFilter AVZ Antiviral Toolkit log; AVZ version is 4.43 Scanning started at 28.05.2014 19:00:52 Database loaded: signatures - 297612, NN profile(s) - 2, malware removal microprograms - 56, signature database released 28.05.2014 04:00 Heuristic microprograms loaded: 405 PVS microprograms loaded: 9 Digital signatures of system files loaded: 663640 Heuristic analyzer mode: Medium heuristics mode Malware removal mode: enabled Windows version is: 6.1.7601, Service Pack 1 "Windows 7 Home Premium" ; AVZ is run with administrator rights System Restore: enabled 1. Searching for Rootkits and other software intercepting API functions 1.1 Searching for user-mode API hooks Analysis: kernel32.dll, export table found in section .text Analysis: ntdll.dll, export table found in section .text Analysis: user32.dll, export table found in section .text Analysis: advapi32.dll, export table found in section .text Analysis: ws2_32.dll, export table found in section .text Analysis: wininet.dll, export table found in section .text Analysis: rasapi32.dll, export table found in section .text Analysis: urlmon.dll, export table found in section .text Analysis: netapi32.dll, export table found in section .text 1.2 Searching for kernel-mode API hooks Error loading driver - operation interrupted [C000036B] 1.4 Searching for masking processes and drivers Checking not performed: extended monitoring driver (AVZPM) is not installed 1.5 Checking IRP handlers Error loading driver - operation interrupted [C000036B] 2. Scanning RAM Number of processes found: 13 Number of modules loaded: 386 Scanning RAM - complete 3. Scanning disks Direct reading: C:\ProgramData\Microsoft\RAC\Temp\sqlE021.tmp Direct reading: C:\ProgramData\Microsoft\RAC\Temp\sqlE031.tmp Direct reading: C:\Users\ciipresshilll\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.tmp 4. Checking Winsock Layered Service Provider (SPI/LSP) LSP settings checked. No errors detected 5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs) 6. Searching for opened TCP/UDP ports used by malicious software Checking - disabled by user 7. Heuristic system check Checking - complete 8. Searching for vulnerabilities >> Services: potentially dangerous service allowed: TermService (Remotedesktopdienste) >> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suche) >> Services: potentially dangerous service allowed: Schedule (Aufgabenplanung) > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)! >> Security: disk drives' autorun is enabled >> Security: administrative shares (C$, D$ ...) are enabled >> Security: anonymous user access is enabled Checking - complete 9. Troubleshooting wizard >> HDD autorun is allowed >> Network drives autorun is allowed >> Removable media autorun is allowed Checking - complete Files scanned: 109180, extracted from archives: 49725, malicious software found 0, suspicions - 0 Scanning finished at 28.05.2014 19:07:08 Time of scanning: 00:06:16 If you have a suspicion on presence of viruses or questions on the suspected objects, you can address hxxp://forum.kaspersky.com/index.php?showforum=19 For automatic scanning of files from the AVZ quarantine you can use the service hxxp://virusdetector.ru/ Vielen Dank! Geändert von cobolo (28.05.2014 um 20:55 Uhr) Grund: Eingefügt |
|
29.05.2014, 16:48
| #5 |
| /// the machine /// TB-Ausbilder | PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt Das ist normal. Sicherheitssoftware trägt dort alle bekanten Malware-Seiten ein, damit du sie nicht ansurfen kannst. Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.05.2014, 17:19
| #6 |
| | PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt Hey danke, erst mal, der Log von Combo wird 12-14 Post's in Anspruch nehmen, soll ich das alles Posten oder lieber anhängen? was ist Ihnen lieber ? teil1 Code:
ATTFilter ComboFix 14-05-29.01 - ciipresshilll 29.05.2014 17:53:51.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8105.6257 [GMT 2:00]
ausgeführt von:: c:\users\ciipresshilll\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-28 bis 2014-05-29 ))))))))))))))))))))))))))))))
.
.
2014-05-29 15:56 . 2014-05-29 15:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-29 10:38 . 2014-05-29 10:38 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-29 10:38 . 2014-05-29 10:38 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-05-29 10:38 . 2014-05-29 10:38 -------- d-----w- c:\programdata\Malwarebytes
2014-05-29 10:38 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-29 10:38 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-29 10:38 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-28 21:05 . 2014-05-28 21:05 -------- d-----w- c:\users\ciipresshilll\AppData\Local\Ubisoft Game Launcher
2014-05-28 14:23 . 2014-05-28 14:36 -------- d-----w- C:\FRST
2014-05-27 19:11 . 2014-05-27 19:11 -------- d-----w- c:\programdata\PopCap Games
2014-05-27 15:11 . 2014-05-27 15:11 -------- d-----w- c:\program files (x86)\Winamp
2014-05-27 15:05 . 2014-05-27 15:05 -------- d-sh--w- c:\users\ciipresshilll\AppData\Local\EmieUserList
2014-05-27 15:05 . 2014-05-27 15:05 -------- d-sh--w- c:\users\ciipresshilll\AppData\Local\EmieSiteList
2014-05-26 06:32 . 2014-05-26 06:32 -------- d-----w- c:\users\ciipresshilll\AppData\Roaming\Nero
2014-05-26 06:31 . 2014-05-26 16:04 -------- d-----w- c:\programdata\Nero
2014-05-26 05:36 . 2014-05-26 05:36 -------- d-----w- c:\users\ciipresshilll\AppData\Local\GermaniXSoft
2014-05-24 06:59 . 2014-05-24 06:59 -------- d-----w- c:\users\ciipresshilll\AppData\Roaming\Canneverbe Limited
2014-05-24 06:56 . 2014-05-24 06:56 -------- d-----w- c:\program files (x86)\CDBurnerXP
2014-05-24 06:56 . 2014-05-24 06:56 -------- d-----w- c:\programdata\Canneverbe Limited
2014-05-23 19:16 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{79C5370B-AE36-4769-9421-D354DA33DE07}\mpengine.dll
2014-05-15 20:28 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 20:28 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 20:28 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-15 20:28 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-14 21:15 . 2014-05-14 21:15 -------- d-----w- c:\users\ciipresshilll\AppData\Local\Diagnostics
2014-05-07 09:17 . 2014-05-07 09:17 -------- d-----w- c:\program files\CCleaner
2014-05-04 19:07 . 2014-05-04 19:07 -------- d-----w- c:\users\ciipresshilll\AppData\Roaming\HandBrake
2014-05-04 19:00 . 2014-05-04 19:00 -------- d-----w- c:\windows\de
2014-05-04 19:00 . 2014-05-04 19:00 -------- d-----w- c:\program files\Windows Live
2014-05-01 11:28 . 2014-05-01 11:28 -------- d-----w- c:\programdata\ATI
2014-05-01 11:28 . 2014-05-01 11:28 -------- d-----w- c:\program files (x86)\AMD AVT
2014-05-01 11:28 . 2014-05-01 11:28 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2014-04-30 05:46 . 2014-05-16 05:46 -------- d-s---w- c:\windows\system32\CompatTel
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-29 08:17 . 2014-01-08 20:31 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-28 21:29 . 2014-01-08 20:31 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-05-27 15:49 . 2014-01-13 20:00 290184 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-05-15 20:28 . 2014-01-08 16:55 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 15:23 . 2014-01-08 20:27 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 15:23 . 2014-01-08 20:27 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-18 02:43 . 2014-04-18 02:43 127872 ----a-w- c:\windows\system32\amdhcp64.dll
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-04-18 02:43 . 2014-04-18 02:43 117560 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-04-18 02:43 . 2014-01-31 21:07 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-04-18 02:42 . 2014-04-18 02:42 117584 ----a-w- c:\windows\system32\atiu9p64.dll
2014-04-18 02:42 . 2013-12-06 22:03 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-04-18 02:42 . 2014-04-18 02:42 99520 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-04-18 02:42 . 2014-01-31 21:07 1343272 ----a-w- c:\windows\system32\aticfx64.dll
2014-04-18 02:42 . 2014-01-31 21:07 1117184 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-04-18 02:42 . 2014-01-31 21:07 10335208 ----a-w- c:\windows\system32\atidxx64.dll
2014-04-18 02:42 . 2013-12-06 21:59 8866928 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-04-18 02:42 . 2014-04-18 02:42 6796592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-04-18 02:42 . 2014-04-18 02:42 6799688 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-04-18 02:42 . 2014-04-18 02:42 7520200 ----a-w- c:\windows\system32\atiumd6a.dll
2014-04-18 02:42 . 2014-04-18 02:42 8010968 ----a-w- c:\windows\system32\atiumd64.dll
2014-04-18 02:39 . 2014-04-18 02:39 274656 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-04-18 02:36 . 2014-04-18 02:36 15376384 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-04-18 02:23 . 2014-04-18 02:23 231424 ----a-w- c:\windows\system32\clinfo.exe
2014-04-18 02:22 . 2014-04-18 02:22 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-04-18 02:22 . 2014-04-18 02:22 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-04-18 02:22 . 2014-04-18 02:22 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-04-18 02:22 . 2014-04-18 02:22 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-04-18 02:22 . 2014-04-18 02:22 28685824 ----a-w- c:\windows\system32\amdocl64.dll
2014-04-18 02:19 . 2014-04-18 02:19 24107520 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-04-18 02:17 . 2014-04-18 02:17 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-04-18 02:17 . 2014-04-18 02:17 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-04-18 02:13 . 2014-04-18 02:13 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-04-18 02:13 . 2014-04-18 02:13 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-04-18 02:12 . 2014-04-18 02:12 27907584 ----a-w- c:\windows\system32\atio6axx.dll
2014-04-18 02:12 . 2014-04-18 02:12 5442048 ----a-w- c:\windows\system32\amdmantle64.dll
2014-04-18 01:58 . 2014-04-18 01:58 4358656 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-04-18 01:51 . 2014-04-18 01:51 23409152 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-04-18 01:46 . 2014-04-18 01:46 368128 ----a-w- c:\windows\system32\atiapfxx.exe
2014-04-18 01:46 . 2014-04-18 01:46 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-04-18 01:46 . 2014-04-18 01:46 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-04-18 01:46 . 2014-04-18 01:46 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-04-18 01:46 . 2014-04-18 01:46 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-04-18 01:46 . 2014-04-18 01:46 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-04-18 01:45 . 2014-04-18 01:45 91136 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-04-18 01:45 . 2014-04-18 01:45 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-04-18 01:42 . 2014-04-18 01:42 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-04-18 01:33 . 2014-04-18 01:33 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-04-18 01:33 . 2014-04-18 01:33 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-04-18 01:30 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-04-18 01:30 . 2014-04-18 01:30 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-04-18 01:29 . 2014-04-18 01:29 586240 ----a-w- c:\windows\system32\atieclxx.exe
2014-04-18 01:29 . 2014-04-18 01:29 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-04-18 01:28 . 2014-04-18 01:28 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-04-18 01:21 . 2014-04-18 01:21 806912 ----a-w- c:\windows\system32\coinst_14.100.dll
2014-04-18 01:09 . 2014-04-18 01:09 1177600 ----a-w- c:\windows\system32\atiadlxx.dll
2014-04-18 01:09 . 2014-04-18 01:09 848896 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-04-18 01:08 . 2014-04-18 01:08 95744 ----a-w- c:\windows\system32\amdave64.dll
2014-04-18 01:08 . 2014-04-18 01:08 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
2014-04-18 01:08 . 2014-04-18 01:08 89088 ----a-w- c:\windows\system32\atisamu64.dll
2014-04-18 01:08 . 2014-04-18 01:08 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2014-04-18 01:07 . 2014-04-18 01:07 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-04-18 01:07 . 2014-04-18 01:07 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 638976 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-04-18 01:04 . 2014-04-18 01:04 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-04-17 20:33 . 2014-04-17 20:33 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-04-17 20:28 . 2014-04-17 20:28 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-03-31 19:34 . 2014-03-31 19:34 322248 ----a-w- c:\windows\WLXPGSS.SCR
2014-03-31 07:35 . 2014-01-08 16:35 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-24 14:10 . 2014-01-16 19:04 625248 ----a-w- c:\windows\system32\drivers\klif.sys
2014-03-24 14:10 . 2014-01-16 19:04 115296 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-03-17 07:23 . 2014-03-17 07:23 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-06 16:00 . 2014-03-06 16:00 1192545 ----a-w- c:\windows\unins000.exe
2014-03-06 09:31 . 2014-04-20 20:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-20 20:11 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-20 20:11 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-20 20:11 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-20 20:11 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-20 20:11 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-20 20:11 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-20 20:11 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-20 20:11 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-20 20:11 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-20 20:11 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-20 20:11 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-20 20:11 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-20 20:11 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-20 20:11 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-20 20:11 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-20 20:11 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-20 20:11 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-20 20:11 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-20 20:11 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-20 20:11 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GamingMouse"="c:\program files (x86)\Drakonia Black\hid.exe" [2013-06-26 247296]
"StartCCC"="d:\p r o g r a m m e\ati\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AsrCDDrv;AsrCDDrv;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys;c:\windows\SysWOW64\Drivers\AsrCDDrv.sys [x]
R3 cpuz136;cpuz136;c:\users\CIIPRE~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\CIIPRE~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTCore64;RTCore64;d:\p r o g r a m m e\MSI Afterburner\RTCore64.sys;d:\p r o g r a m m e\MSI Afterburner\RTCore64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - CPUZ137
*Deregistered* - cpuz137
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-08 15:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Zu Anti-Banner hinzufügen - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/?gfe_rd=ctrl&ei=me0SU57UHMGK8QfmgoD4Dw&gws_rd=cr
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1425884379-3831331695-1035041748-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1425884379-3831331695-1035041748-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123topsearch.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.co.uk]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\125sms.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12w.net]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\132.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337-crew.to]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1337crew.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\136136.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\150freesms.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\163ns.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17-plus.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\171203.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17concepts.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1800searchonline.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180searchassistant.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1987324.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1gb.ru]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1ghporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1importantiamreal.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1mybigdreamnowreal.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1sexparty.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1sms.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1spybot.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stantivirus.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stpagehere.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stsearchportal.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2-2005-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2006ooo.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2007-download.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2008-search-destroy.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2008-viewer.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2008firefox.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2008search-destroy.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009--access.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009-box.com]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009-edition.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009-phone.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009-version.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009antivirpro.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009fr.com]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2009search-destroy.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2011-kilos-verlieren.eu]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2020search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\20x2p.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\21dice.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2211.net]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\24-7pharmacy.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\24-7searching-and-more.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\247fxxx.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\24teen.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\25u.com]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2ndpower.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2rfsex.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2search.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2squared.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2vgporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3-2005-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\30horasdesexoonline.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\31columns.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\321-gratis-sms.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3322.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\365fporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\365sites.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\365soft.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\36site.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3721.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\39-93.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3bay.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3dgsex.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3mates.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3wgporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3x-festival.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3x-galls.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3xclipsonline.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3xcurves.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3xfestival.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3xmiracle.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\3xmoviesblog.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4-2005-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4-open-davinci.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\404dns.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4199.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4corn.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4ebay.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4klm.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4mpg.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\4thsex.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\5-2005-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\500sex.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\555royalclub.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\59cn.cn]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\5okporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\5starsblog.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\5zgmu7o20kt5d8yq.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\6000vornamen.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\6700.cn]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\680180.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\69loadz.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\6hporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\6plosex.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\6sek.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\70-music.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\7322.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\745970.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\75tz.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777bestcasino7.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777casinoroyal.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777casinozbest.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777gamecard.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777jackpotgame.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777luxcasino.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777playeuro.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777starsgame.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777top.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777web-casinoz.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\777webgamez.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\77zip.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\7939.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\7dailynews.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\7jksex.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\8-download.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\80-music.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\82211.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\8866.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\888-lucky.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\888best-games.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\888gamegold.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\888gamevip.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\888globalplay.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\88sms.ch]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\88vcd.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\8ad.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\90-music.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\9505.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\971searchbox.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\99downloads.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\9mmporn.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\a-d-w-a-r-e.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaabesthomepage.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaasexypics.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaawebfinder.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aantivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaqada-rsztriv.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaqada-ueorn.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaqada-ygco.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaqada-ymct.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaqadarsztriv.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaqadaueorn.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aartemis.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aaszxy.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aav2008.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavc.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aavira.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abc-find.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abccodec.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abcdperformance.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abcload.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abcsearch.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abcways.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abetterinternet.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abiword-download.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abnetsoft.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abntivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\about-adult.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aboutclicker.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aboutkimpossible.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aboveredirect.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abrp.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\absolutee.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\abvira.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ac66.cn]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acaiporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\access-dvd.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\accessactivexvideo.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\accessclips.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\accesskeygenerator.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\accessthefuture.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\accessvid.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ace-webmaster.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acemedic.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\achatappartement.ch]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acjp.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acne-stop.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acrobat-2007.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acrobat-8.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acrobat-center.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acrobat-hq.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acrobat-reader-8.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acrobat-stop.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acrobatreader-8.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\actionbreastcancer.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activesearcher.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activesecurityscaner.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexaccessobject.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexaccessvideo.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexemedia.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexmediaobject.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexmediapro.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexmediasite.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexmediasoftware.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexmediasource.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexmediatool.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexmediatour.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexsoftwares.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexsource.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexupdate.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexvideo.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\activexvideotool.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\acvira.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ad-w-a-r-e.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ad-ware.cc]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ad-warealert.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ad25.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ad45.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ad77.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ad86.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adamsupportgroup.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adarmor.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adasearch.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adatoms.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adaware.cc]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adawarenow.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\add-hhh.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\add-manager.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addetect.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addictivetechnologies.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addioerrori.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addresswebsearch.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\addstand.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adgate.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adintelligence.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adioserrores.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adipics.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adlogix.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\admin2cash.biz]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adnet-plus.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adnetserver.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe-9.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe-download-now.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe-downloads.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adobe-reader-8.fr]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adprotect.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ads183.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adscontex.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adservs.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adsextend.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adshttp.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adsniffer.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adsonwww.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adspics.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adsrevenue.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adtrak.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adtrgt.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult-engine-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult-erotic-guide.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult-friends-finder.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult-host.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult-mpg.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult-personal.us]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult18codec.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adult777search.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultan.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultcodec-2008.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultcodecstars.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultfilmsite.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultgambling.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulthyperlinks.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultmovieplus.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultsgames.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultsonlyvids.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultsper.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adulttds.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adultzoneworld.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advancedcleaner.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advancedetective.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advancedpccleaner.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advancedxpfixer.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advancesoftpc.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advcash.biz]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advert-network.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advertisemoney.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\advertising-money.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adware-download.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adware.pro]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarealert.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarearrest.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarebazooka.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarebot.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarecommander.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwaredeluxe.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarefinder.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwaregold.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepatrol.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwareplatinum.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepro.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwareprofessional.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwareprotectionsite.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarepunisher.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwareremover.ws]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwaresafety.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwarexp.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\adwareye.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aflgate.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\afporn7.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\africaspromise.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agadoo.biz]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\againstate.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agejoyful.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agentstudio.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ageofconans.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agiloo.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aginegialle.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aglowcopy.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agmoky.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\agporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ahnenforschung.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ahtivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aifind.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aircolumn.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\airjordans.cc]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\airtleworld.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aitalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aivira.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\akibamaniacs.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aklitalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\akril.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alawwal.ae]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alblogspot.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alcatel.ws]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alertspy.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alfa-search.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alfacleaner.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alialia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alimentiveness.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aliotalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alirtalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaklia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitala.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitali.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaliaq.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitalias.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaliaz.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitalioa.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitalisa.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaliua.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitalkia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaloia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaluia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitaslia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitlia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitralia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alitsalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aliutalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-bittorrent.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-downloads-now.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-edonkey.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-inet.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all-limewire.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all1count.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\all4internet.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allabtcars.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allabtjeeps.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alladwareremover.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allavers.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allcollisions.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allcybersearch.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alldiskscheck300.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alldnserrors.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allertaminacce.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allew.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allforadult.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allhyperlinks.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alliesecurity.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allinternetbusiness.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allmegabucks.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allprotections.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allresultz.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allrssfeeds.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allsearch.us]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allsecuritynotes.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allsecuritysite.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allstarsvideos.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allthingsshining.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alltiettantivirus.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alltruesoftware.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\allvideoactivex.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\almanah.biz]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\almarvideos.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aloitalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alphawipe.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alr3ady.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\altuporns.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\aluitalia.it]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alwayslive.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\alwayswonder.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amaena.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amandamountains.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amateurliveshow.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazingglorious.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazinghilarious.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazingmedicalspot.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amazingpuzzled.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amediasoftware.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amediasource.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\americamp3network.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\american-teens.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\americanautobargains.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\americancarbargains.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\americanprepperspatriot.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amigeek.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amigobore.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amisbusiness.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ammersmicht.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amntivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amoninst.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amonitiser.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ampmsearch.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\amydphoto.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\analcord.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\analmovi.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anarchylolita.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anarchyporn.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anatociskm.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anbtivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andlucid.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\andseeker.ru]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anfivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\angelfire.com]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\animadverter.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\animepornmag.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anin.org]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anjpn-avxiz.biz]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anjpn-zqav.biz]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anjpnzqav.biz]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anmtivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\annaromeo.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anntivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anomalistical.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anporn.info]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anrtivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antevir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anti-vermins.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anti-virus-pro.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anti-virus-solution.net]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anti-virus.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiaid.com]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antibvir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anticir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\anticvir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiddos.us]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiespiadorado.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiespionspack.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antigusanos2008.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiivir.de]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antimalwareguard.com]
@DACL=(02 0000)
"*"=dword:00000004
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antiovir.de]
@DACL=(02 0000)
"*"=dword:00000004
Geändert von cobolo (29.05.2014 um 17:23 Uhr) Grund: Nachtrag |
|
30.05.2014, 15:45
| #7 |
| /// the machine /// TB-Ausbilder | PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.05.2014, 16:52
| #8 |
| | PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt ADW Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 30/05/2014 um 17:07:45
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ciipresshilll - R280
# Gestartet von : C:\Users\ciipresshilll\Desktop\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1163 octets] - [30/05/2014 17:04:09]
AdwCleaner[R1].txt - [951 octets] - [30/05/2014 17:07:16]
AdwCleaner[S0].txt - [1178 octets] - [30/05/2014 17:06:11]
AdwCleaner[S1].txt - [873 octets] - [30/05/2014 17:07:45]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [932 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by ciipresshilll on 30.05.2014 at 17:12:42,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\ciipresshilll\AppData\Roaming\mozilla\firefox\profiles\uy01leyb.default\minidumps [30 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.05.2014 at 17:19:10,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by ciipresshilll (administrator) on R280 on 30-05-2014 17:31:26
Running from C:\Users\ciipresshilll\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Drakonia Black\hid.exe
() C:\Program Files (x86)\Drakonia Black\trayicon.exe
(Advanced Micro Devices Inc.) D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\MOM.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(ATI Technologies Inc.) D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11660904 2010-11-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Black\hid.exe [247296 2013-06-26] ()
HKLM-x32\...\Run: [StartCCC] => D:\P R O G R A M M E\ati\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x28AFC960B10CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default
FF Homepage: https://www.google.de/?gfe_rd=ctrl&ei=me0SU57UHMGK8QfmgoD4Dw&gws_rd=cr
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 - D:\P R O G R A M M E\vlc\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: German Dictionary - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-04-03]
FF Extension: Adblock Plus - C:\Users\ciipresshilll\AppData\Roaming\Mozilla\Firefox\Profiles\uy01leyb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-02]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-16]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-16]
==================== Services (Whitelisted) =================
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2014-01-11] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-07] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-16] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-16] (Kaspersky Lab ZAO)
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 cpuz136; \??\C:\Users\CIIPRE~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
========================== Drivers MD5 =======================
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 342156AF1FED5ED3A5D3FBB3D87F48E8
C:\Windows\System32\DRIVERS\atikmpag.sys 9DCA2AFEABF1D109FB2C229491C9F293
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys C22D4905DDDF73EB0349D3B0604234A2
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\EtronHub3.sys DF2F6C1E55F6E81CFC7F688380D85816
C:\Windows\System32\Drivers\EtronXHCI.sys E093ABFB67A4B9D94F80611A7D0A8BB9
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 8C44E6B688790E2AD3846C97661C54F1
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys A0C2C3D4C03C4FB896CFC53873784178
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys 795EC29BA21F1D948FD6FD740C00B599
C:\Windows\System32\DRIVERS\klflt.sys D0C3AEF67932D2A80736FBCB956C017D
C:\Windows\System32\DRIVERS\klif.sys 41DF293A7F0418F5DDED9F0297DC68F3
C:\Windows\System32\DRIVERS\klim6.sys 31B69BFF28348503E4BD10C2A4F66D05
C:\Windows\System32\DRIVERS\klkbdflt.sys 8DA5BC75C3E8A995335642F26CAEA54B
C:\Windows\System32\DRIVERS\klmouflt.sys 72CF64FBF38CD681FA7F37176047E967
C:\Windows\System32\DRIVERS\klpd.sys 8C0EC95AD65A0DE3D6C040591D02BF02
C:\Windows\System32\DRIVERS\kltdi.sys 4828B3D2BC89B05E07101C6E60CE0A6A
C:\Windows\System32\DRIVERS\kneps.sys 91BC1C5B00275A4D7FD669EFF0DDEB2A
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys F4C374B1C46DE294B573BB43723AC3F6
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-30 17:30 - 2014-05-30 17:30 - 00001054 _____ () C:\Users\ciipresshilll\Desktop\mwb.txt
2014-05-30 17:19 - 2014-05-30 17:19 - 00000773 _____ () C:\Users\ciipresshilll\Desktop\JRT.txt
2014-05-30 17:09 - 2014-05-30 17:09 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 17:04 - 2014-05-30 17:07 - 00000000 ____D () C:\AdwCleaner
2014-05-30 17:02 - 2014-05-30 17:02 - 01327971 _____ () C:\Users\ciipresshilll\Desktop\adwcleaner_3.211.exe
2014-05-30 17:01 - 2014-05-30 17:01 - 01016261 _____ (Thisisu) C:\Users\ciipresshilll\Desktop\JRT.exe
2014-05-30 01:56 - 2014-05-30 01:56 - 00001958 _____ () C:\Users\ciipresshilll\Documents\55.aup
2014-05-30 01:56 - 2014-05-30 01:56 - 00000000 ____D () C:\Users\ciipresshilll\Documents\55_data
2014-05-30 01:33 - 2014-05-30 01:33 - 00000221 _____ () C:\Users\ciipresshilll\Desktop\Watch_Dogs.url
2014-05-29 17:57 - 2014-05-29 17:57 - 01324841 _____ () C:\ComboFix.txt
2014-05-29 17:53 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-29 17:53 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-29 17:53 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-29 17:53 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-29 17:53 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-29 17:53 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-29 17:53 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-29 17:53 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-29 17:52 - 2014-05-29 17:57 - 00000000 ____D () C:\Qoobox
2014-05-29 17:52 - 2014-05-29 17:56 - 00000000 ____D () C:\Windows\erdnt
2014-05-29 17:51 - 2014-05-29 17:52 - 05203398 ____R (Swearware) C:\Users\ciipresshilll\Desktop\ComboFix.exe
2014-05-29 12:38 - 2014-05-30 17:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 12:38 - 2014-05-29 12:38 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-29 12:38 - 2014-05-29 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-29 12:38 - 2014-05-29 12:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 12:38 - 2014-05-29 12:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-29 12:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-29 12:38 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-29 12:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-29 12:37 - 2014-05-29 12:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ciipresshilll\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-28 23:05 - 2014-05-30 07:40 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\Ubisoft Game Launcher
2014-05-28 23:05 - 2014-05-28 23:05 - 00000828 _____ () C:\Users\ciipresshilll\Desktop\Uplay.lnk
2014-05-28 23:05 - 2014-05-28 23:05 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-05-28 22:02 - 2014-05-28 22:02 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\Tor Browser
2014-05-28 19:44 - 2014-05-28 19:44 - 00022159 _____ () C:\Users\ciipresshilll\Desktop\trojaner Board logs.zip
2014-05-28 19:18 - 2014-05-28 19:18 - 00085873 _____ () C:\Users\ciipresshilll\Desktop\quikscan gmer.txt
2014-05-28 18:59 - 2014-05-28 18:59 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\avz4
2014-05-28 18:52 - 2014-05-28 18:52 - 00049491 _____ () C:\Users\ciipresshilll\Documents\gmerbericht.txt
2014-05-28 18:51 - 2014-05-28 18:51 - 00000000 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.bat
2014-05-28 16:35 - 2014-05-28 16:36 - 00033523 _____ () C:\Users\ciipresshilll\Desktop\Addition.txt
2014-05-28 16:34 - 2014-05-30 17:31 - 00027383 _____ () C:\Users\ciipresshilll\Desktop\FRST.txt
2014-05-28 16:23 - 2014-05-30 17:31 - 00000000 ____D () C:\FRST
2014-05-28 16:20 - 2014-05-28 16:20 - 00000488 _____ () C:\Users\ciipresshilll\Desktop\defogger_disable.log
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 _____ () C:\Users\ciipresshilll\defogger_reenable
2014-05-28 16:19 - 2014-05-28 16:19 - 02066944 _____ (Farbar) C:\Users\ciipresshilll\Desktop\FRST64.exe
2014-05-28 16:19 - 2014-05-28 16:19 - 00380416 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.exe
2014-05-28 16:18 - 2014-05-28 16:19 - 00050477 _____ () C:\Users\ciipresshilll\Desktop\Defogger.exe
2014-05-27 21:11 - 2014-05-27 21:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-27 17:32 - 2014-05-30 07:28 - 00037174 _____ () C:\Windows\DirectX.log
2014-05-27 17:32 - 2014-05-27 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-27 17:15 - 2014-05-27 17:15 - 00018284 _____ () C:\Users\ciipresshilll\Documents\cc_20140527_171556.reg
2014-05-27 17:11 - 2014-05-27 17:11 - 00003180 _____ () C:\Windows\System32\Tasks\{1E84FC35-EA3D-4E38-A62A-EE1D78C3AF59}
2014-05-27 17:11 - 2014-05-27 17:11 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieUserList
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieSiteList
2014-05-26 08:32 - 2014-05-26 08:32 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Nero
2014-05-26 08:31 - 2014-05-26 18:04 - 00000000 ____D () C:\ProgramData\Nero
2014-05-26 07:43 - 2014-05-26 07:43 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\TEST
2014-05-26 07:36 - 2014-05-26 07:36 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\GermaniXSoft
2014-05-25 18:50 - 2014-05-25 18:50 - 00000087 _____ () C:\Users\ciipresshilll\Documents\xbox zugang.txt
2014-05-24 21:20 - 2014-05-30 17:08 - 00005122 _____ () C:\Windows\PFRO.log
2014-05-24 09:44 - 2014-05-24 09:44 - 00051062 _____ () C:\Users\ciipresshilll\Documents\cc_20140524_094401.reg
2014-05-24 08:59 - 2014-05-24 08:59 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-05-19 19:08 - 2014-05-30 17:08 - 00002399 _____ () C:\Windows\setupact.log
2014-05-19 19:08 - 2014-05-19 19:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-15 22:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 22:28 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 22:28 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 22:28 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 22:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 22:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 09:51 - 2014-05-15 09:51 - 00020010 _____ () C:\Users\ciipresshilll\Documents\Leserbrief Vegesack.odt
2014-05-15 08:53 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 08:53 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 08:53 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 08:53 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 08:53 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 08:53 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 08:53 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 08:53 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 08:53 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 08:53 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 08:53 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 08:53 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 08:53 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 08:53 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 08:53 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 08:53 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 08:53 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 08:53 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 08:53 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 08:53 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 08:53 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 23:15 - 2014-05-14 23:15 - 00002980 _____ () C:\Windows\System32\Tasks\{769110BA-A2BF-410E-BDA0-416551886AF4}
2014-05-10 10:39 - 2014-05-10 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 22:34 - 2014-05-25 14:10 - 00527700 _____ () C:\Users\ciipresshilll\Documents\report.txt
2014-05-07 11:17 - 2014-05-07 11:17 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-04 21:07 - 2014-05-04 21:07 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\HandBrake
2014-05-04 21:00 - 2014-05-04 21:00 - 00001312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Windows\de
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-01 13:28 - 2014-05-01 13:28 - 00058129 _____ () C:\Windows\SysWOW64\CCCInstall_201405011328019478.log
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\ProgramData\ATI
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-01 13:27 - 2014-05-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-01 13:25 - 2014-05-01 13:25 - 00060544 _____ () C:\Windows\SysWOW64\CCCInstall_201405011325001151.log
2014-04-30 07:46 - 2014-05-16 07:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-05-30 17:31 - 2014-05-28 16:34 - 00027383 _____ () C:\Users\ciipresshilll\Desktop\FRST.txt
2014-05-30 17:31 - 2014-05-28 16:23 - 00000000 ____D () C:\FRST
2014-05-30 17:31 - 2014-01-08 20:30 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\NetSpeedMonitor
2014-05-30 17:30 - 2014-05-30 17:30 - 00001054 _____ () C:\Users\ciipresshilll\Desktop\mwb.txt
2014-05-30 17:26 - 2014-01-16 21:04 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-30 17:24 - 2014-05-29 12:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 17:24 - 2014-02-15 16:55 - 01786675 _____ () C:\Windows\WindowsUpdate.log
2014-05-30 17:19 - 2014-05-30 17:19 - 00000773 _____ () C:\Users\ciipresshilll\Desktop\JRT.txt
2014-05-30 17:15 - 2014-01-09 03:02 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 17:15 - 2014-01-09 03:02 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 17:15 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 17:15 - 2009-07-14 06:45 - 00018592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 17:15 - 2009-07-14 06:45 - 00018592 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 17:09 - 2014-05-30 17:09 - 00000000 ____D () C:\Windows\ERUNT
2014-05-30 17:08 - 2014-05-24 21:20 - 00005122 _____ () C:\Windows\PFRO.log
2014-05-30 17:08 - 2014-05-19 19:08 - 00002399 _____ () C:\Windows\setupact.log
2014-05-30 17:08 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-30 17:07 - 2014-05-30 17:04 - 00000000 ____D () C:\AdwCleaner
2014-05-30 17:04 - 2014-03-17 08:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-30 17:02 - 2014-05-30 17:02 - 01327971 _____ () C:\Users\ciipresshilll\Desktop\adwcleaner_3.211.exe
2014-05-30 17:01 - 2014-05-30 17:01 - 01016261 _____ (Thisisu) C:\Users\ciipresshilll\Desktop\JRT.exe
2014-05-30 11:27 - 2014-01-10 17:49 - 00007607 _____ () C:\Users\ciipresshilll\AppData\Local\Resmon.ResmonCfg
2014-05-30 07:40 - 2014-05-28 23:05 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\Ubisoft Game Launcher
2014-05-30 07:29 - 2014-03-22 23:46 - 00000000 ____D () C:\Users\ciipresshilll\Documents\My Games
2014-05-30 07:28 - 2014-05-27 17:32 - 00037174 _____ () C:\Windows\DirectX.log
2014-05-30 07:28 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-05-30 02:42 - 2014-02-02 23:10 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-05-30 01:56 - 2014-05-30 01:56 - 00001958 _____ () C:\Users\ciipresshilll\Documents\55.aup
2014-05-30 01:56 - 2014-05-30 01:56 - 00000000 ____D () C:\Users\ciipresshilll\Documents\55_data
2014-05-30 01:56 - 2014-03-29 22:40 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Audacity
2014-05-30 01:33 - 2014-05-30 01:33 - 00000221 _____ () C:\Users\ciipresshilll\Desktop\Watch_Dogs.url
2014-05-29 17:57 - 2014-05-29 17:57 - 01324841 _____ () C:\ComboFix.txt
2014-05-29 17:57 - 2014-05-29 17:52 - 00000000 ____D () C:\Qoobox
2014-05-29 17:57 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-29 17:56 - 2014-05-29 17:52 - 00000000 ____D () C:\Windows\erdnt
2014-05-29 17:56 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-29 17:52 - 2014-05-29 17:51 - 05203398 ____R (Swearware) C:\Users\ciipresshilll\Desktop\ComboFix.exe
2014-05-29 17:52 - 2014-01-08 18:34 - 00000000 ____D () C:\ProgramData\Origin
2014-05-29 12:38 - 2014-05-29 12:38 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-29 12:38 - 2014-05-29 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-29 12:38 - 2014-05-29 12:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 12:38 - 2014-05-29 12:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-29 12:37 - 2014-05-29 12:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\ciipresshilll\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-29 10:17 - 2014-01-08 22:31 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-05-29 10:14 - 2014-01-08 18:34 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-05-28 23:29 - 2014-01-08 22:31 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-05-28 23:05 - 2014-05-28 23:05 - 00000828 _____ () C:\Users\ciipresshilll\Desktop\Uplay.lnk
2014-05-28 23:05 - 2014-05-28 23:05 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-05-28 22:02 - 2014-05-28 22:02 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\Tor Browser
2014-05-28 19:53 - 2014-04-22 00:42 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Awesomium
2014-05-28 19:44 - 2014-05-28 19:44 - 00022159 _____ () C:\Users\ciipresshilll\Desktop\trojaner Board logs.zip
2014-05-28 19:18 - 2014-05-28 19:18 - 00085873 _____ () C:\Users\ciipresshilll\Desktop\quikscan gmer.txt
2014-05-28 18:59 - 2014-05-28 18:59 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\avz4
2014-05-28 18:58 - 2009-07-14 07:08 - 00001386 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 18:52 - 2014-05-28 18:52 - 00049491 _____ () C:\Users\ciipresshilll\Documents\gmerbericht.txt
2014-05-28 18:51 - 2014-05-28 18:51 - 00000000 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.bat
2014-05-28 18:50 - 2014-01-09 21:35 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 16:36 - 2014-05-28 16:35 - 00033523 _____ () C:\Users\ciipresshilll\Desktop\Addition.txt
2014-05-28 16:20 - 2014-05-28 16:20 - 00000488 _____ () C:\Users\ciipresshilll\Desktop\defogger_disable.log
2014-05-28 16:20 - 2014-05-28 16:20 - 00000000 _____ () C:\Users\ciipresshilll\defogger_reenable
2014-05-28 16:20 - 2014-01-08 18:06 - 00000000 ____D () C:\Users\ciipresshilll
2014-05-28 16:19 - 2014-05-28 16:19 - 02066944 _____ (Farbar) C:\Users\ciipresshilll\Desktop\FRST64.exe
2014-05-28 16:19 - 2014-05-28 16:19 - 00380416 _____ () C:\Users\ciipresshilll\Desktop\Gmer-19357.exe
2014-05-28 16:19 - 2014-05-28 16:18 - 00050477 _____ () C:\Users\ciipresshilll\Desktop\Defogger.exe
2014-05-28 08:26 - 2014-01-08 22:32 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-05-27 21:42 - 2014-01-10 17:53 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\Edelarsch
2014-05-27 21:11 - 2014-05-27 21:11 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-05-27 17:49 - 2014-01-13 22:00 - 00290184 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-05-27 17:32 - 2014-05-27 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-05-27 17:15 - 2014-05-27 17:15 - 00018284 _____ () C:\Users\ciipresshilll\Documents\cc_20140527_171556.reg
2014-05-27 17:11 - 2014-05-27 17:11 - 00003180 _____ () C:\Windows\System32\Tasks\{1E84FC35-EA3D-4E38-A62A-EE1D78C3AF59}
2014-05-27 17:11 - 2014-05-27 17:11 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-05-27 17:10 - 2014-01-08 18:06 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\VirtualStore
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieUserList
2014-05-27 17:05 - 2014-05-27 17:05 - 00000000 __SHD () C:\Users\ciipresshilll\AppData\Local\EmieSiteList
2014-05-26 18:04 - 2014-05-26 08:31 - 00000000 ____D () C:\ProgramData\Nero
2014-05-26 08:32 - 2014-05-26 08:32 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Nero
2014-05-26 07:43 - 2014-05-26 07:43 - 00000000 ____D () C:\Users\ciipresshilll\Desktop\TEST
2014-05-26 07:36 - 2014-05-26 07:36 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Local\GermaniXSoft
2014-05-25 18:50 - 2014-05-25 18:50 - 00000087 _____ () C:\Users\ciipresshilll\Documents\xbox zugang.txt
2014-05-25 14:10 - 2014-05-08 22:34 - 00527700 _____ () C:\Users\ciipresshilll\Documents\report.txt
2014-05-24 09:44 - 2014-05-24 09:44 - 00051062 _____ () C:\Users\ciipresshilll\Documents\cc_20140524_094401.reg
2014-05-24 08:59 - 2014-05-24 08:59 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2014-05-24 08:56 - 2014-05-24 08:56 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-05-19 19:08 - 2014-05-19 19:08 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-16 08:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-16 07:46 - 2014-04-30 07:46 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 07:46 - 2014-01-08 18:06 - 00000000 ___RD () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 07:46 - 2014-01-08 18:06 - 00000000 ___RD () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 22:28 - 2014-01-08 18:55 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 22:28 - 2014-01-08 18:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 09:51 - 2014-05-15 09:51 - 00020010 _____ () C:\Users\ciipresshilll\Documents\Leserbrief Vegesack.odt
2014-05-14 23:15 - 2014-05-14 23:15 - 00002980 _____ () C:\Windows\System32\Tasks\{769110BA-A2BF-410E-BDA0-416551886AF4}
2014-05-14 17:23 - 2014-03-17 08:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 17:23 - 2014-01-08 22:27 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 17:23 - 2014-01-08 22:27 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 08:34 - 2014-04-22 00:19 - 00000000 ____D () C:\Users\ciipresshilll\Documents\Elder Scrolls Online
2014-05-13 08:34 - 2014-04-22 00:19 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-05-13 08:33 - 2014-02-02 23:10 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-12 07:26 - 2014-05-29 12:38 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-29 12:38 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-29 12:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 19:07 - 2014-03-02 10:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 10:39 - 2014-05-10 10:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 08:14 - 2014-05-15 08:53 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 08:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 11:17 - 2014-05-07 11:17 - 00002788 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-07 11:17 - 2014-05-07 11:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-06 06:40 - 2014-05-15 22:28 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-15 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-15 22:28 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-15 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-15 22:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-15 22:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-04 21:07 - 2014-05-04 21:07 - 00000000 ____D () C:\Users\ciipresshilll\AppData\Roaming\HandBrake
2014-05-04 21:00 - 2014-05-04 21:00 - 00001312 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Windows\de
2014-05-04 21:00 - 2014-05-04 21:00 - 00000000 ____D () C:\Program Files\Windows Live
2014-05-04 21:00 - 2014-03-24 15:56 - 00001381 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2014-05-04 21:00 - 2014-01-08 23:09 - 00001497 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-05-04 21:00 - 2014-01-08 23:09 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-05-01 13:28 - 2014-05-01 13:28 - 00058129 _____ () C:\Windows\SysWOW64\CCCInstall_201405011328019478.log
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\ProgramData\ATI
2014-05-01 13:28 - 2014-05-01 13:28 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-05-01 13:28 - 2014-01-08 18:39 - 00000000 ____D () C:\ProgramData\AMD
2014-05-01 13:27 - 2014-05-01 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-05-01 13:27 - 2014-02-07 08:49 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-05-01 13:25 - 2014-05-01 13:25 - 00060544 _____ () C:\Windows\SysWOW64\CCCInstall_201405011325001151.log
Some content of TEMP:
====================
C:\Users\ciipresshilll\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 13:02
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- mwb Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 30.05.2014 Scan Time: 17:26:36 Logfile: Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.05.30.07 Rootkit Database: v2014.05.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: ciipresshilll Scan Type: Threat Scan Result: Completed Objects Scanned: 279216 Time Elapsed: 3 min, 0 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Geändert von cobolo (30.05.2014 um 16:54 Uhr) Grund: Nachtrag |
|
31.05.2014, 15:15
| #9 |
| /// the machine /// TB-Ausbilder | PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt sollten gleich durch sein  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.06.2014, 17:39
| #10 |
| | PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt Hallo, es wurde nichts auffälliges gefunden, sie haben mir sehr geholfen, dake. thema kann geschlossen werden.  |
|
02.06.2014, 12:30
| #11 |
| /// the machine /// TB-Ausbilder | PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt wenn du meinst Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu PC wird langsam, Leistung nicht mehr wie früher. Logs angehängt |
| administrator, browser, ebanking, explorer, firefox, flash player, helper, home, homepage, internet, kaspersky, langsam, launch, log, mozilla, programme, realtek, registry, scan, security, services.exe, sicherheit, software, svchost.exe, system, temp, windows |
Linear-Darstellung
