| dercaptain | 12.04.2013 21:20 |
OTL.log Code:
OTL logfile created on: 12.04.2013 19:03:06 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Johannes J\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 61,97% Memory free
8,00 Gb Paging File | 5,66 Gb Available in Paging File | 70,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 823,31 Gb Free Space | 88,39% Space Free | Partition Type: NTFS
Drive D: | 7,66 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 7,39 Gb Total Space | 6,07 Gb Free Space | 82,07% Space Free | Partition Type: FAT32
Computer Name: BLUE-PC | User Name: Johannes J | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.12 17:08:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Johannes J\Downloads\OTL.exe
PRC - [2013.04.10 16:42:35 | 004,504,472 | ---- | M] (Spotify Ltd) -- C:\Users\Johannes J\AppData\Roaming\Spotify\spotify.exe
PRC - [2013.04.10 16:42:35 | 001,104,280 | ---- | M] (Spotify Ltd) -- C:\Users\Johannes J\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.04.03 16:26:10 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.04.02 17:29:20 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013.04.02 17:23:04 | 001,516,496 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe
PRC - [2013.03.29 21:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.03.27 04:16:32 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.02.26 00:00:00 | 005,306,880 | ---- | M] () -- c:\program files (x86)\trillian\plugins\skypekit.exe
PRC - [2013.02.26 00:00:00 | 002,585,480 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
PRC - [2012.12.23 21:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe
PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.08.24 16:45:00 | 000,084,360 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
PRC - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
========== Modules (No Company Name) ==========
MOD - [2013.04.10 16:42:35 | 022,248,344 | ---- | M] () -- C:\Users\Johannes J\AppData\Roaming\Spotify\Data\libcef.dll
MOD - [2013.04.02 17:29:19 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013.03.29 21:53:56 | 001,114,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2013.03.27 04:16:46 | 003,143,576 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013.03.26 00:23:34 | 000,651,776 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013.02.26 00:00:00 | 005,306,880 | ---- | M] () -- c:\program files (x86)\trillian\plugins\skypekit.exe
MOD - [2013.02.26 00:00:00 | 000,187,392 | ---- | M] () -- C:\Program Files (x86)\Trillian\libpng15.dll
MOD - [2013.02.26 00:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll
MOD - [2013.02.26 00:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll
MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.11.28 09:21:36 | 000,009,728 | ---- | M] () -- c:\users\johannes j\appdata\roaming\trillian\languages\de\buddy.dll
MOD - [2012.11.28 09:21:36 | 000,007,168 | ---- | M] () -- c:\users\johannes j\appdata\roaming\trillian\languages\de\events.dll
MOD - [2012.11.28 09:21:36 | 000,006,144 | ---- | M] () -- c:\users\johannes j\appdata\roaming\trillian\languages\de\talk.dll
MOD - [2012.11.28 09:21:36 | 000,005,632 | ---- | M] () -- c:\users\johannes j\appdata\roaming\trillian\languages\de\trillian.dll
MOD - [2012.11.28 09:21:36 | 000,002,048 | ---- | M] () -- c:\users\johannes j\appdata\roaming\trillian\languages\de\toolkit.dll
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.3.0.36\wincfi39.dll
MOD - [2009.07.10 09:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
========== Services (SafeList) ==========
SRV - [2013.04.03 16:26:10 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.04.02 17:35:04 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013.04.02 17:29:21 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.27 04:16:39 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.27 00:20:00 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.15 00:08:30 | 001,871,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.02.08 20:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012.12.23 21:33:30 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe -- (NIS)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.09.21 15:18:38 | 002,066,752 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.18 13:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.04.02 17:27:45 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.04.02 17:23:04 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013.01.30 21:18:18 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.01.30 21:18:06 | 001,139,800 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013.01.28 19:45:20 | 000,796,248 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.01.28 19:45:20 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013.01.21 20:15:34 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013.01.03 10:17:38 | 000,079,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2013.01.03 10:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013.01.03 10:17:38 | 000,015,752 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2012.12.19 07:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.11.15 20:22:02 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.11.15 20:18:04 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.10.16 06:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013.04.02 12:20:31 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130412.003\ex64.sys -- (NAVEX15)
DRV - [2013.04.02 12:20:31 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013.04.02 12:20:31 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013.04.02 12:20:31 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130412.003\eng64.sys -- (NAVENG)
DRV - [2013.03.30 05:26:56 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130411.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013.03.22 03:52:21 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.08.24 16:45:54 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2011.08.09 15:29:54 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1245433323-667417225-4073250226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1245433323-667417225-4073250226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1245433323-667417225-4073250226-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA F5 58 4B B5 2F CE 01 [binary data]
IE - HKU\S-1-5-21-1245433323-667417225-4073250226-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1245433323-667417225-4073250226-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1245433323-667417225-4073250226-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&gct=kwd&qsrc=2869
IE - HKU\S-1-5-21-1245433323-667417225-4073250226-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1245433323-667417225-4073250226-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1245433323-667417225-4073250226-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1245433323-667417225-4073250226-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA F5 58 4B B5 2F CE 01 [binary data]
IE - HKU\S-1-5-21-1245433323-667417225-4073250226-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1245433323-667417225-4073250226-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1245433323-667417225-4073250226-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "https://google.de"
FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..network.proxy.http: "www-proxy.t-online.de"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013.04.02 17:28:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013.04.12 13:40:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.04.03 16:06:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.02 17:19:39 | 000,000,000 | ---D | M]
[2013.04.02 17:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes J\AppData\Roaming\mozilla\Extensions
[2013.04.11 21:00:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Johannes J\AppData\Roaming\mozilla\Firefox\Profiles\j7jo3k7n.default\extensions
[2013.04.03 14:15:55 | 000,011,691 | ---- | M] () (No name found) -- C:\Users\Johannes J\AppData\Roaming\mozilla\firefox\profiles\j7jo3k7n.default\extensions\info@maltegoetz.de.xpi
[2013.04.10 17:07:56 | 000,008,122 | ---- | M] () (No name found) -- C:\Users\Johannes J\AppData\Roaming\mozilla\firefox\profiles\j7jo3k7n.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.04.03 00:21:52 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Johannes J\AppData\Roaming\mozilla\firefox\profiles\j7jo3k7n.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2013.04.02 17:46:17 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Johannes J\AppData\Roaming\mozilla\firefox\profiles\j7jo3k7n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.02 17:19:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 17:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\updated\extensions
[2013.04.12 17:19:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.03.27 04:17:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1245433323-667417225-4073250226-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1245433323-667417225-4073250226-1000..\Run: [Spotify Web Helper] C:\Users\Johannes J\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1245433323-667417225-4073250226-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1245433323-667417225-4073250226-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1245433323-667417225-4073250226-1000..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O4 - HKU\S-1-5-21-1245433323-667417225-4073250226-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1245433323-667417225-4073250226-1001..\RunOnce: [CTAutoUpdate] C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1245433323-667417225-4073250226-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9103F31B-388D-4822-BAF1-5CDCA9C829B4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.03 00:07:14 | 000,000,058 | -H-- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{b0e10fd5-9ba6-11e2-824d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b0e10fd5-9ba6-11e2-824d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Diablo III Setup.exe -- [2012.02.03 00:07:14 | 001,856,592 | ---- | M] (Blizzard Entertainment)
O33 - MountPoints2\{de385a79-9bab-11e2-9585-00241dd50408}\Shell - "" = AutoRun
O33 - MountPoints2\{de385a79-9bab-11e2-9585-00241dd50408}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.10 19:15:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
[2013.04.10 19:15:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III Public Test
[2013.04.10 16:36:23 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2013.04.10 16:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2013.04.10 16:36:04 | 001,431,552 | ---- | C] (Propellerhead Software AB) -- C:\Windows\SysWow64\rewire.dll
[2013.04.10 16:36:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VstPlugins
[2013.04.10 16:35:59 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\Documents\Image-Line
[2013.04.10 16:35:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
[2013.04.10 16:35:44 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
[2013.04.10 16:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Outsim
[2013.04.10 16:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image-Line
[2013.04.08 00:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.04.07 16:35:31 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\Documents\Diablo III
[2013.04.07 15:01:39 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\Apps
[2013.04.07 13:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2013.04.07 13:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2013.04.07 13:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013.04.07 13:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013.04.07 13:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013.04.06 15:34:37 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\CrashDumps
[2013.04.06 13:56:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2013.04.06 13:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Age of Empire 2 HD Edition
[2013.04.06 01:27:17 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\PDAppFlex
[2013.04.06 01:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013.04.06 01:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013.04.06 01:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013.04.06 01:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.04.06 01:18:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.04.06 01:17:08 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\Adobe
[2013.04.05 23:31:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013.04.05 23:31:07 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\SkyDrive
[2013.04.05 23:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013.04.05 23:30:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013.04.05 23:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013.04.05 23:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.04.05 23:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013.04.05 23:16:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2013.04.05 22:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2013.04.05 22:35:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2013.04.05 22:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013.04.05 22:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013.04.05 21:41:20 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2013.04.05 21:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.04.05 21:41:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.04.05 21:40:47 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\LogMeIn Hamachi
[2013.04.05 18:56:49 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\.minecraft
[2013.04.05 15:39:54 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\Spotify
[2013.04.05 15:39:25 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Spotify
[2013.04.05 01:30:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.04.05 01:28:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.04.05 01:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.04.05 01:14:16 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013.04.05 01:14:13 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Notepad++
[2013.04.05 01:14:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2013.04.04 20:50:55 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\Documents\My Games
[2013.04.04 20:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2013.04.04 20:50:28 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\WinRAR
[2013.04.04 20:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.04.04 20:50:21 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.04.04 20:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013.04.04 20:45:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2013.04.04 20:18:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2013.04.04 14:24:56 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013.04.04 14:24:40 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013.04.04 14:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.04.03 16:18:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.04.03 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\PunkBuster
[2013.04.03 16:15:54 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\Documents\Battlefield 3
[2013.04.03 16:15:03 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\ESN
[2013.04.03 16:15:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2013.04.03 16:06:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd
[2013.04.03 16:06:47 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Leadertech
[2013.04.03 16:06:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2013.04.03 16:06:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.04.03 16:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2013.04.03 16:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2013.04.03 16:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013.04.03 16:05:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2013.04.03 16:05:30 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013.04.03 16:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013.04.03 16:04:31 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Logitech
[2013.04.03 16:04:31 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Logishrd
[2013.04.03 00:39:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013.04.03 00:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.04.03 00:12:53 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
[2013.04.03 00:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2013.04.02 23:36:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.02 23:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.04.02 23:36:10 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.04.02 23:36:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.04.02 23:35:51 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\Programs
[2013.04.02 23:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2013.04.02 21:37:17 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2013.04.02 21:37:17 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2013.04.02 21:37:16 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2013.04.02 21:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2013.04.02 21:37:03 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\TuneUp Software
[2013.04.02 21:36:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013.04.02 21:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2013.04.02 21:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.04.02 21:28:29 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Origin
[2013.04.02 21:28:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.04.02 21:28:13 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\Origin
[2013.04.02 21:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.04.02 21:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.04.02 21:26:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.04.02 21:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.04.02 21:25:11 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Trillian
[2013.04.02 21:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trillian
[2013.04.02 18:04:15 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.04.02 18:03:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubi Soft
[2013.04.02 18:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Byte
[2013.04.02 17:58:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2013.04.02 17:58:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2013.04.02 17:56:17 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.04.02 17:54:07 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\Diagnostics
[2013.04.02 17:51:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\NVIDIA
[2013.04.02 17:49:57 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Realtime Soft
[2013.04.02 17:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\UltraMon
[2013.04.02 17:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Realtime Soft
[2013.04.02 17:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Realtime Soft
[2013.04.02 17:48:48 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\ElevatedDiagnostics
[2013.04.02 17:44:47 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\vlc
[2013.04.02 17:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.04.02 17:44:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013.04.02 17:40:07 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\Desktop\siedler
[2013.04.02 17:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.04.02 17:39:55 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.04.02 17:39:06 | 000,000,000 | ---D | C] -- C:\BlueByte
[2013.04.02 17:35:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2013.04.02 17:35:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2013.04.02 17:35:42 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.04.02 17:35:40 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.04.02 17:35:35 | 002,873,820 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2013.04.02 17:35:32 | 001,908,736 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2013.04.02 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Macromedia
[2013.04.02 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\Macromedia
[2013.04.02 17:35:28 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Adobe
[2013.04.02 17:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013.04.02 17:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2013.04.02 17:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013.04.02 17:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013.04.02 17:34:02 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.04.02 17:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.04.02 17:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.04.02 17:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.04.02 17:29:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013.04.02 17:29:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013.04.02 17:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013.04.02 17:27:45 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.04.02 17:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013.04.02 17:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013.04.02 17:27:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2013.04.02 17:27:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data
[2013.04.02 17:27:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DATA
[2013.04.02 17:27:08 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys
[2013.04.02 17:27:08 | 000,796,248 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys
[2013.04.02 17:27:08 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys
[2013.04.02 17:27:08 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys
[2013.04.02 17:27:08 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys
[2013.04.02 17:27:08 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys
[2013.04.02 17:27:08 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys
[2013.04.02 17:27:08 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymELAM.sys
[2013.04.02 17:26:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2013.04.02 17:26:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1403000.024
[2013.04.02 17:26:45 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013.04.02 17:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2013.04.02 17:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013.04.02 17:26:39 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.04.02 17:26:39 | 000,053,024 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.04.02 17:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013.04.02 17:26:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013.04.02 17:26:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.04.02 17:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013.04.02 17:25:44 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013.04.02 17:25:24 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.04.02 17:23:31 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\TrueCrypt
[2013.04.02 17:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2013.04.02 17:23:04 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013.04.02 17:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2013.04.02 17:19:43 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Mozilla
[2013.04.02 17:19:43 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\Mozilla
[2013.04.02 17:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.04.02 17:19:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.02 17:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.04.02 17:17:00 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.04.02 17:17:00 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\Searches
[2013.04.02 17:17:00 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.04.02 17:16:51 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Identities
[2013.04.02 17:16:50 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\Contacts
[2013.04.02 17:16:48 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\VirtualStore
[2013.04.02 17:16:41 | 000,000,000 | --SD | C] -- C:\Users\Johannes J\AppData\Roaming\Microsoft
[2013.04.02 17:16:41 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\Videos
[2013.04.02 17:16:41 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\Saved Games
[2013.04.02 17:16:41 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\Pictures
[2013.04.02 17:16:41 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\Music
[2013.04.02 17:16:41 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.04.02 17:16:41 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\Links
[2013.04.02 17:16:41 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\Favorites
[2013.04.02 17:16:41 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\Downloads
[2013.04.02 17:16:41 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\Documents
[2013.04.02 17:16:41 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\Desktop
[2013.04.02 17:16:41 | 000,000,000 | R--D | C] -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\Vorlagen
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\AppData\Local\Verlauf
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\AppData\Local\Temporary Internet Files
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\Startmenü
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\SendTo
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\Recent
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\Netzwerkumgebung
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\Lokale Einstellungen
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\Documents\Eigene Videos
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\Documents\Eigene Musik
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\Eigene Dateien
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\Documents\Eigene Bilder
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\Druckumgebung
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\Cookies
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\AppData\Local\Anwendungsdaten
[2013.04.02 17:16:41 | 000,000,000 | -HSD | C] -- C:\Users\Johannes J\Anwendungsdaten
[2013.04.02 17:16:41 | 000,000,000 | -H-D | C] -- C:\Users\Johannes J\AppData
[2013.04.02 17:16:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\Temp
[2013.04.02 17:16:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Local\Microsoft
[2013.04.02 17:16:41 | 000,000,000 | ---D | C] -- C:\Users\Johannes J\AppData\Roaming\Media Center Programs
[2013.04.02 17:16:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.04.02 17:16:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.04.02 17:16:30 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.04.02 17:16:30 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.04.02 17:16:30 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.04.02 17:16:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.04.02 17:16:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.04.02 17:16:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.04.02 17:16:30 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.04.02 17:16:30 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.04.02 17:16:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.04.02 17:16:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.04.02 17:07:57 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.04.02 17:05:22 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.04.02 17:05:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information
========== Files - Modified Within 30 Days ==========
[2013.04.12 19:01:54 | 000,613,083 | ---- | M] () -- C:\Users\Johannes J\Desktop\adwcleaner.exe
[2013.04.12 19:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.12 18:27:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.12 17:32:20 | 000,055,494 | ---- | M] () -- C:\Users\Johannes J\Desktop\Logfiles.zip
[2013.04.12 13:45:56 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 13:45:56 | 000,014,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 13:38:19 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.12 13:38:18 | 1006,655,485 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.12 12:43:29 | 000,377,856 | ---- | M] () -- C:\Users\Johannes J\Desktop\d993e1rk.exe
[2013.04.12 12:42:06 | 000,000,000 | ---- | M] () -- C:\Users\Johannes J\defogger_reenable
[2013.04.12 12:25:16 | 005,060,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.12 12:23:37 | 002,078,135 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013.04.11 15:51:55 | 000,001,081 | ---- | M] () -- C:\Users\Johannes J\Desktop\Öffentlich - Verknüpfung.lnk
[2013.04.10 19:15:07 | 000,001,326 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III Public Test.lnk
[2013.04.10 16:37:59 | 000,002,098 | ---- | M] () -- C:\Users\Johannes J\Desktop\Deckadance.lnk
[2013.04.10 16:36:25 | 000,001,138 | ---- | M] () -- C:\Users\Johannes J\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2013.04.10 16:36:01 | 000,001,146 | ---- | M] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2013.04.08 15:46:27 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.08 15:46:27 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.08 15:46:27 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.08 15:46:27 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.08 15:46:27 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.07 20:10:19 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.04.07 20:10:19 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.07 15:40:07 | 000,291,088 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.04.07 13:32:50 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2013.04.06 13:56:30 | 000,001,600 | ---- | M] () -- C:\Users\Johannes J\Desktop\AoK HD.exe - Verknüpfung.lnk
[2013.04.06 01:57:34 | 000,000,132 | ---- | M] () -- C:\Users\Johannes J\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2013.04.05 22:39:39 | 000,002,037 | ---- | M] () -- C:\Users\Johannes J\Desktop\JDownloader.lnk
[2013.04.05 22:35:25 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.04.05 21:32:16 | 000,013,448 | ---- | M] () -- C:\Users\Johannes J\Desktop\Minecraft.exe - Verknüpfung.lnk
[2013.04.05 15:39:53 | 000,001,792 | ---- | M] () -- C:\Users\Johannes J\Desktop\Spotify.lnk
[2013.04.04 00:02:57 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.04 00:02:57 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.03 16:26:10 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.04.03 00:39:43 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2013.04.03 00:12:54 | 000,001,035 | ---- | M] () -- C:\Users\Johannes J\Desktop\KMPlayer.lnk
[2013.04.02 23:36:16 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.02 23:22:34 | 000,001,079 | ---- | M] () -- C:\Users\Johannes J\Desktop\Trillian.lnk
[2013.04.02 23:22:34 | 000,001,043 | ---- | M] () -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2013.04.02 21:37:16 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2013.04.02 21:27:10 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.02 18:03:20 | 000,000,743 | ---- | M] () -- C:\Users\Public\Desktop\Die Siedler IV Gold+ Edition.lnk
[2013.04.02 17:58:32 | 000,001,250 | ---- | M] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2013.04.02 17:49:54 | 000,002,585 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2013.04.02 17:44:15 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.02 17:35:42 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013.04.02 17:35:40 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013.04.02 17:27:45 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.04.02 17:27:45 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.04.02 17:27:45 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.04.02 17:27:23 | 000,002,573 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013.04.02 17:27:15 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013.04.02 17:23:05 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013.04.02 17:23:04 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013.04.02 17:19:41 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.02 17:10:12 | 000,056,735 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.04.02 17:10:12 | 000,056,735 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.04.02 17:06:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.03.15 07:53:06 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013.03.15 07:53:06 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013.03.15 07:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
========== Files Created - No Company Name ==========
[2013.04.12 19:01:54 | 000,613,083 | ---- | C] () -- C:\Users\Johannes J\Desktop\adwcleaner.exe
[2013.04.12 17:31:16 | 000,055,494 | ---- | C] () -- C:\Users\Johannes J\Desktop\Logfiles.zip
[2013.04.12 12:43:28 | 000,377,856 | ---- | C] () -- C:\Users\Johannes J\Desktop\d993e1rk.exe
[2013.04.12 12:42:06 | 000,000,000 | ---- | C] () -- C:\Users\Johannes J\defogger_reenable
[2013.04.11 15:51:55 | 000,001,081 | ---- | C] () -- C:\Users\Johannes J\Desktop\Öffentlich - Verknüpfung.lnk
[2013.04.10 19:15:01 | 000,001,326 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III Public Test.lnk
[2013.04.10 16:37:59 | 000,002,098 | ---- | C] () -- C:\Users\Johannes J\Desktop\Deckadance.lnk
[2013.04.10 16:36:24 | 000,001,138 | ---- | C] () -- C:\Users\Johannes J\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2013.04.10 16:36:03 | 000,001,146 | ---- | C] () -- C:\Users\Public\Desktop\FL Studio 10.lnk
[2013.04.07 13:11:41 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2013.04.06 13:56:30 | 000,001,600 | ---- | C] () -- C:\Users\Johannes J\Desktop\AoK HD.exe - Verknüpfung.lnk
[2013.04.06 01:57:34 | 000,000,132 | ---- | C] () -- C:\Users\Johannes J\AppData\Roaming\Adobe CS6-PNG-Format - Voreinstellungen
[2013.04.06 01:26:07 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2013.04.06 01:25:42 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2013.04.06 01:25:17 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2013.04.06 01:25:08 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2013.04.06 01:23:26 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2013.04.06 01:23:22 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2013.04.05 23:31:06 | 000,002,153 | ---- | C] () -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013.04.05 22:39:39 | 000,002,037 | ---- | C] () -- C:\Users\Johannes J\Desktop\JDownloader.lnk
[2013.04.05 22:39:32 | 000,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2013.04.05 22:39:31 | 000,001,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2013.04.05 22:39:30 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2013.04.05 22:35:24 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013.04.05 21:32:16 | 000,013,448 | ---- | C] () -- C:\Users\Johannes J\Desktop\Minecraft.exe - Verknüpfung.lnk
[2013.04.05 15:39:53 | 000,001,792 | ---- | C] () -- C:\Users\Johannes J\Desktop\Spotify.lnk
[2013.04.05 15:39:53 | 000,001,778 | ---- | C] () -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013.04.04 14:25:31 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013.04.04 14:24:25 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013.04.04 14:24:14 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013.04.04 14:24:14 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013.04.04 14:23:58 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013.04.04 14:04:01 | 000,001,439 | ---- | C] () -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.04 00:13:49 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.04.04 00:02:57 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.04 00:02:57 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.03 23:54:48 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.04.03 16:20:31 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.04.03 16:17:34 | 1006,655,485 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.03 00:39:43 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2013.04.03 00:39:01 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.03 00:39:01 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.04.03 00:38:53 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.04.03 00:12:54 | 000,001,035 | ---- | C] () -- C:\Users\Johannes J\Desktop\KMPlayer.lnk
[2013.04.02 23:51:00 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\VT20130115.021
[2013.04.02 23:36:16 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.04.02 23:36:16 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.02 23:22:34 | 000,001,079 | ---- | C] () -- C:\Users\Johannes J\Desktop\Trillian.lnk
[2013.04.02 23:22:34 | 000,001,043 | ---- | C] () -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
[2013.04.02 23:22:33 | 000,001,109 | ---- | C] () -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk
[2013.04.02 21:37:16 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2013.04.02 21:37:09 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2013.04.02 21:27:10 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.02 18:03:28 | 000,069,632 | R--- | C] () -- C:\Windows\SysWow64\xmltok.dll
[2013.04.02 18:03:28 | 000,036,864 | R--- | C] () -- C:\Windows\SysWow64\xmlparse.dll
[2013.04.02 18:03:28 | 000,035,840 | R--- | C] () -- C:\Windows\SysWow64\comdlg32.oca
[2013.04.02 18:03:28 | 000,029,184 | R--- | C] () -- C:\Windows\SysWow64\MSINET.oca
[2013.04.02 18:03:20 | 000,000,743 | ---- | C] () -- C:\Users\Public\Desktop\Die Siedler IV Gold+ Edition.lnk
[2013.04.02 17:58:32 | 000,001,250 | ---- | C] () -- C:\Users\Public\Desktop\Virtual CloneDrive.lnk
[2013.04.02 17:49:54 | 000,002,585 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2013.04.02 17:49:53 | 000,002,535 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraMon.lnk
[2013.04.02 17:44:15 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.04.02 17:36:43 | 000,007,062 | ---- | C] () -- C:\Windows\SysWow64\audiopid.vxd
[2013.04.02 17:29:31 | 003,065,455 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.04.02 17:29:24 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.02 17:27:58 | 002,078,135 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013.04.02 17:27:45 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.04.02 17:27:45 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.04.02 17:27:23 | 000,002,573 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013.04.02 17:27:15 | 000,214,528 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013.04.02 17:27:15 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.04.02 17:27:15 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013.04.02 17:27:15 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.04.02 17:27:15 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013.04.02 17:26:58 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA.inf
[2013.04.02 17:26:58 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS.inf
[2013.04.02 17:26:58 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymNet.inf
[2013.04.02 17:26:58 | 000,001,438 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.inf
[2013.04.02 17:26:58 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.inf
[2013.04.02 17:26:58 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symELAM.inf
[2013.04.02 17:26:58 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.inf
[2013.04.02 17:26:58 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Iron.inf
[2013.04.02 17:26:47 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymVTcer.dat
[2013.04.02 17:26:47 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymELAM64.cat
[2013.04.02 17:26:47 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.cat
[2013.04.02 17:26:47 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnet64.cat
[2013.04.02 17:26:47 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\iron.cat
[2013.04.02 17:26:47 | 000,007,589 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.cat
[2013.04.02 17:26:47 | 000,007,587 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.cat
[2013.04.02 17:26:47 | 000,007,585 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.cat
[2013.04.02 17:26:47 | 000,007,581 | R--- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.cat
[2013.04.02 17:26:47 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\isolate.ini
[2013.04.02 17:26:14 | 000,017,738 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013.04.02 17:23:05 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013.04.02 17:19:41 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.02 17:19:40 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.02 17:17:14 | 000,001,405 | ---- | C] () -- C:\Users\Johannes J\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.04.02 17:10:06 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.04.02 17:10:04 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.04.02 17:06:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.04.02 17:05:04 | 3220,037,632 | -HS- | C] () -- C:\hiberfil.sys
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.04.11 16:11:58 | 000,000,000 | ---D | M] -- C:\Users\Johannes J\AppData\Roaming\.minecraft
[2013.04.03 16:06:47 | 000,000,000 | ---D | M] -- C:\Users\Johannes J\AppData\Roaming\Leadertech
[2013.04.05 01:24:24 | 000,000,000 | ---D | M] -- C:\Users\Johannes J\AppData\Roaming\Notepad++
[2013.04.03 11:45:16 | 000,000,000 | ---D | M] -- C:\Users\Johannes J\AppData\Roaming\Origin
[2013.04.06 01:27:17 | 000,000,000 | ---D | M] -- C:\Users\Johannes J\AppData\Roaming\PDAppFlex
[2013.04.12 18:52:17 | 000,000,000 | ---D | M] -- C:\Users\Johannes J\AppData\Roaming\Spotify
[2013.04.11 16:16:53 | 000,000,000 | ---D | M] -- C:\Users\Johannes J\AppData\Roaming\Trillian
[2013.04.07 16:40:44 | 000,000,000 | ---D | M] -- C:\Users\Johannes J\AppData\Roaming\TrueCrypt
[2013.04.02 21:37:03 | 000,000,000 | ---D | M] -- C:\Users\Johannes J\AppData\Roaming\TuneUp Software
========== Purity Check ==========
< End of report >
AdwCleaner[S1].txt Code:
# AdwCleaner v2.200 - Datei am 12/04/2013 um 22:14:41 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Johannes J - BLUE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Johannes J\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\JOHANN~1\AppData\Local\Temp\OCS
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0 (de)
Datei : C:\Users\Johannes J\AppData\Roaming\Mozilla\Firefox\Profiles\j7jo3k7n.default\prefs.js
C:\Users\Johannes J\AppData\Roaming\Mozilla\Firefox\Profiles\j7jo3k7n.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [1518 octets] - [12/04/2013 22:14:41]
########## EOF - C:\AdwCleaner[S1].txt - [1578 octets] ##########
|
Hinweise zum Ablauf