JRT Logfile: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.5 (04.17.2013:1)
OS: Windows 7 Ultimate x86
Ran by Dennis on 18.04.2013 at 15:46:04,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\urlsearchhooks\\{855f3b16-6d32-4fe6-8a56-bbb695989046}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{f3fee66e-e034-436a-86e4-9690573bee8a}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{f3fee66e-e034-436a-86e4-9690573bee8a}
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-4029795019-3617864426-4262105071-1001\software\web assistant"
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller
Successfully deleted: [Registry Key] hkey_current_user\software\softonic
Successfully deleted: [Registry Key] hkey_local_machine\software\web assistant
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\new_correct_incredibar_install_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\new_correct_incredibar_install_rasmancs
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Dennis\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Program Files\driver-soft"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\d2mpstf0.default\user.js
Successfully deleted: [File] C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\d2mpstf0.default\searchplugins\mystart search.xml
Successfully deleted: [Folder] C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\d2mpstf0.default\extensions\ffxtlbr@incredibar.com
Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted the following from C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\d2mpstf0.default\prefs.js
user_pref("extensions.incredibar.admin", false);
user_pref("extensions.incredibar.aflt", "orgnl");
user_pref("extensions.incredibar.cntry", "DE");
user_pref("extensions.incredibar.dfltLng", "EN");
user_pref("extensions.incredibar.dfltSrch", false);
user_pref("extensions.incredibar.did", "10665");
user_pref("extensions.incredibar.envrmnt", "production");
user_pref("extensions.incredibar.excTlbr", false);
user_pref("extensions.incredibar.hdrMd5", "0FE5EE8E697C2F7984B893C8B37AE79E");
user_pref("extensions.incredibar.hmpg", false);
user_pref("extensions.incredibar.id", "f8da049c000000000000000fb587fcf0");
user_pref("extensions.incredibar.installerproductid", "26");
user_pref("extensions.incredibar.instlDay", "15509");
user_pref("extensions.incredibar.instlRef", "");
user_pref("extensions.incredibar.isDcmntCmplt", true);
user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1416:14:29");
user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
user_pref("extensions.incredibar.newTab", false);
user_pref("extensions.incredibar.noFFXTlbr", false);
user_pref("extensions.incredibar.ppd", "");
user_pref("extensions.incredibar.prdct", "incredibar");
user_pref("extensions.incredibar.productid", "26");
user_pref("extensions.incredibar.propectorlck", 79974550);
user_pref("extensions.incredibar.prtkDS", 0);
user_pref("extensions.incredibar.prtkHmpg", 1);
user_pref("extensions.incredibar.prtnrId", "Incredibar");
user_pref("extensions.incredibar.sg", "none");
user_pref("extensions.incredibar.smplGrp", "none");
user_pref("extensions.incredibar.tlbrId", "base");
user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQAR0OcXJ&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar.upn2", "6PQAR0OcXJ");
user_pref("extensions.incredibar.upn2n", "92543081997421175");
user_pref("extensions.incredibar.vrsn", "1.5.11.14");
user_pref("extensions.incredibar.vrsnTs", "1.5.11.1416:14:29");
user_pref("extensions.incredibar.vrsni", "1.5.11.14");
user_pref("extensions.incredibar_i.aflt", "orgnl");
user_pref("extensions.incredibar_i.dfltLng", "");
user_pref("extensions.incredibar_i.did", "10665");
user_pref("extensions.incredibar_i.excTlbr", false);
user_pref("extensions.incredibar_i.id", "f8da049c000000000000000fb587fcf0");
user_pref("extensions.incredibar_i.installerproductid", "26");
user_pref("extensions.incredibar_i.instlDay", "15509");
user_pref("extensions.incredibar_i.instlRef", "");
user_pref("extensions.incredibar_i.ms_url_id", "");
user_pref("extensions.incredibar_i.newTab", false);
user_pref("extensions.incredibar_i.ppd", "");
user_pref("extensions.incredibar_i.prdct", "incredibar");
user_pref("extensions.incredibar_i.productid", "26");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.smplGrp", "none");
user_pref("extensions.incredibar_i.tlbrId", "base");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQAR0OcXJ&loc=IB_TB&i=26&search=");
user_pref("extensions.incredibar_i.upn2", "6PQAR0OcXJ");
user_pref("extensions.incredibar_i.upn2n", "92543081997421175");
user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:14:29");
user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6PQAR0OcXJ&&i=26&search=");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://us.yhs4.search.yahoo.com
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://us.yhs4.search.yahoo
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.searc
Emptied folder: C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\d2mpstf0.default\minidumps [126 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.04.2013 at 15:54:57,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
adwcleaner Logfile: Code:
# AdwCleaner v2.200 - Datei am 18/04/2013 um 16:03:50 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : Dennis - DENNIS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\d2mpstf0.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\d2mpstf0.default\searchplugins\icqplugin-1.xml
Datei Gelöscht : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\d2mpstf0.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\d2mpstf0.default\searchplugins\icqplugin-3.xml
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\d2mpstf0.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\d2mpstf0.default\prefs.js
C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\d2mpstf0.default\user.js ... Gelöscht !
Gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Gelöscht : user_pref("icqtoolbar.engineVerified", false);
Gelöscht : user_pref("icqtoolbar.geolastmodified", 1342692805);
Gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Gelöscht : user_pref("icqtoolbar.history", "goo||dehn%C3%BCbungen||Organigramm%20Unternehmensstruktur||second%2[...]
Gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Gelöscht : user_pref("icqtoolbar.installTime", "1335026423");
Gelöscht : user_pref("icqtoolbar.newtab_most_visited_state", "1");
Gelöscht : user_pref("icqtoolbar.newtab_recently_closed_state", "1");
Gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Gelöscht : user_pref("icqtoolbar.previousFFVersion", "13.0.1");
Gelöscht : user_pref("icqtoolbar.showPc", false);
Gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Gelöscht : user_pref("icqtoolbar.suggestions", false);
Gelöscht : user_pref("icqtoolbar.uniqueID", "133493911013349388271334950169975");
Gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1342692808);
Gelöscht : user_pref("icqtoolbar.version", "1.4.7");
Gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
-\\ Opera v11.62.1347.0
Datei : C:\Users\Dennis\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : Home URL=hxxp://mystart.incredibar.com/mb165?a=6PQAR0OcXJ&i=26
Gelöscht : HostName Web Lookup Address=hxxp://search.icq.com/search/afe_results.php?q=%s&ch_id=osd&icid=opera
*************************
AdwCleaner[S1].txt - [4967 octets] - [18/04/2013 16:03:50]
########## EOF - C:\AdwCleaner[S1].txt - [5027 octets] ##########
OTL Logfile 1: Code:
OTL Extras logfile created on: 18.04.2013 16:11:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,35% Memory free
4,00 Gb Paging File | 2,87 Gb Available in Paging File | 71,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135,23 Gb Total Space | 10,32 Gb Free Space | 7,63% Space Free | Partition Type: NTFS
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_USERS\S-1-5-21-4029795019-3617864426-4262105071-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22A51859-E041-48B4-AAB6-4DCEAEF0E949}" = rport=137 | protocol=17 | dir=out | app=system |
"{3ACAD572-20EE-4954-AC24-7C3846D1A768}" = rport=138 | protocol=17 | dir=out | app=system |
"{4BF8E616-6716-472C-B26F-4414F8294500}" = rport=139 | protocol=6 | dir=out | app=system |
"{4D683402-EEF6-433F-869F-6CEDC7D8BF5F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{51378518-B84D-48F1-8F9A-ABD165C6EDBD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5EE4E45E-7503-48B8-A1A4-533FC17655AE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5F3DC81C-38DA-4161-A3C2-CD06DBE2FDA5}" = lport=138 | protocol=17 | dir=in | app=system |
"{859B9755-711A-4975-9494-E0F46572C16E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8677F2A5-C2A4-40A8-BC8B-CA9523B159AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD8A5EB0-FDB5-4A49-BB5F-4E9956AD9543}" = lport=445 | protocol=6 | dir=in | app=system |
"{B1C3CEDC-C6EE-4BDE-BC13-4BD4AE195B2E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C2D987B2-FFAA-4FB5-9AA3-240435F31A01}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C9230F97-DC4C-443C-A071-216CD963778C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB04B94B-922C-43EA-8421-FF3BE64FFAF8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDB8D3FD-2578-449C-B797-B7FC804B6F08}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2271197-C1B2-4255-8069-C4CC125FBB88}" = rport=445 | protocol=6 | dir=out | app=system |
"{E323230A-64F8-4025-B040-4E7205551A13}" = lport=139 | protocol=6 | dir=in | app=system |
"{E586EA8D-28DE-42FA-870B-4A5A94E5F37D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB382370-8760-4469-B01B-9BE6BF72063B}" = lport=137 | protocol=17 | dir=in | app=system |
"{FE6BB827-821A-4E6F-9625-CB42E71C5743}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FF92958B-B6AF-4CFB-BADE-255C9F1A2F83}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0336AC25-742D-4F25-98B8-1A7A46D197A9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{079A8880-015F-4FFB-8C53-F86DB3BD924D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{1194F989-B81B-4EC6-8526-08868F8E52E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{139C4EC9-1303-4269-B01D-0734A393EFB1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2\arma2.exe |
"{1E4E2522-283F-437D-B8F4-329B8A2480FC}" = protocol=6 | dir=out | app=system |
"{2D6DF3AB-FD50-4AAC-9732-4FD660A03358}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{342FD0C5-CA65-49F6-AE52-6132E1748F14}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{403EC612-01F9-4A92-BE4B-8D986E558515}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4297B088-E148-4DC0-AEC4-BDD40902677F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43A7263D-276D-479A-B29B-7D91147B6DA9}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{44B0C2C2-A4E0-4E13-82DD-30A4D2733AF0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{497D23B3-666F-46AA-AAFA-561DDB246D79}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{4AD6219C-083D-48BD-A9F4-8A031840822A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4B16C72D-DF1D-4503-8323-3A2F7E94E00A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{4BCEA073-C8C0-48A0-BF98-8514F68AFD8C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{517E2B43-85F6-4D78-842C-6314184351CE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{5B6915EC-89D4-406E-AB5C-5A0F5C9BC947}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dota 2 beta\dota.exe |
"{5D3A005F-D2EB-4F35-9C16-F72552F431EE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{65CEF451-6C2F-45CC-A433-6B6BF6E43330}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{663EA543-E5FA-41B9-A136-528CBDAA5C53}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{670EB5B9-EAAF-4749-B0D9-7278521C07F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6F9FE8EB-D6AF-4C1A-B0A0-47EAF44978A2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{772E8A37-1789-477A-A225-94AF9A4086D0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{845F5D09-19D3-4908-89C0-E041D06F1EBD}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{8CFCF38E-FE98-44DC-A1EF-0D465C2A677A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{92A878B7-26B1-4732-B1D8-1F0FA92E6A5F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{92E099E7-3526-4794-9340-D4899D7D984B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{95304B4E-886C-4020-8DBB-91E87881E360}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9A676BBE-D7CA-48C7-A4A4-72CB18E0F9F1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{9E10AEC1-9AB8-4091-8180-57EE6703A440}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2\arma2.exe |
"{A01B1B10-3BDB-4173-9091-C3F8B3DE75A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A239D487-843B-40BD-9157-65FC900B1CE3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A665139B-18F3-4A03-B9D5-320679E14420}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{AA690390-DD65-4101-9B96-8DCA9407699F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC5A5054-5CFF-435B-8868-3CBA2F1AF508}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AE957766-0F6F-4B97-8BAF-30CB962970CA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{C582DCDC-2E7C-4D5C-89C6-71C44AA24B58}" = protocol=17 | dir=in | app=c:\users\dennis\desktop\lustig\lustig\1364672772.exe |
"{D58697A7-C17A-4CED-B274-078817864C3F}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{D7E9F574-0C7E-438F-AFC0-3D9582222D01}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D93DD2B8-0CBB-4C0E-AB30-EFC7D8733871}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{E2764A84-6B55-41F6-A16A-344E151290F2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{E701FFF7-C037-4CD6-81A5-13ADD36F75DD}" = protocol=6 | dir=in | app=c:\users\dennis\desktop\lustig\lustig\1364672772.exe |
"{E949E40D-1BA5-4E74-A08C-EE72FF0D2E42}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{E94FC3E3-27A7-45CC-907A-909F3E5B20B6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{F1924C14-6E8E-4C1F-8D0E-3BD0BA286F2D}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F566A459-AD74-45CE-8631-540E17B37FF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F5DD72AF-DE59-4C83-9870-9AD2345D0801}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{FF90EC5C-AB90-4017-A5AA-2E6E5BE004EE}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"TCP Query User{15FA6396-3503-4375-B656-2DC13B936178}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{50CC49EB-81E2-4D79-8D3D-202FAE44A652}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{E8537FD6-0EE2-4C54-9676-09B6AAEAC972}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{2E38C0C4-302B-4128-912A-DD9217B9A9C1}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{5DDE454C-8AA7-485C-8372-9261143B926F}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
"UDP Query User{E1B10F20-3BFA-49D5-A229-A06B99C684F6}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1252F398-5142-4D81-AD31-8B0204C26E8C}" = ARIS Express
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}" = Smite
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{86501894-E722-4385-A792-B7C2F28FAE7B}" = NetSpeedMonitor 2.5.4.0 x86
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{93FF055C-7E0B-4E26-AAFB-2C4333E2D7D0}" = Logitech Gaming Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D54640A3-2C2B-4CB1-9666-01E55F54E7F5}" = NCsoft Launcher
"{D9B7C113-F0C0-11D6-B105-000102F9B94F}" = ARIS 6.2 Client
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB47E710-6249-4EFA-BE36-E922B0612AF4}" = CASIO FA-124
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NCLauncher_GameForge" = NC Launcher (GameForge)
"Nero8Lite_is1" = Nero 8 Lite
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 11.62.1347" = Opera 11.62
"Picasa 3" = Picasa 3
"SQLyog Community" = SQLyog Community 8.13
"Steam App 550" = Left 4 Dead 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 730" = Counter-Strike: Global Offensive
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4029795019-3617864426-4262105071-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ARIS Express 2.3" = ARIS Express 2.3
"NCsoft-AionEU" = Aion
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.12.2001 18:02:02 | Computer Name = Dennis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.12.2001 18:02:08 | Computer Name = Dennis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.12.2001 18:02:15 | Computer Name = Dennis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.12.2001 18:02:20 | Computer Name = Dennis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.12.2001 18:02:26 | Computer Name = Dennis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.12.2001 18:02:31 | Computer Name = Dennis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.12.2001 18:02:40 | Computer Name = Dennis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.12.2001 18:02:46 | Computer Name = Dennis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.12.2001 18:02:54 | Computer Name = Dennis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 31.12.2001 18:03:01 | Computer Name = Dennis-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
< End of report >
OTL Logfile 2: Code:
OTL logfile created on: 18.04.2013 16:11:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dennis\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,35% Memory free
4,00 Gb Paging File | 2,87 Gb Available in Paging File | 71,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135,23 Gb Total Space | 10,32 Gb Free Space | 7,63% Space Free | Partition Type: NTFS
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Dennis\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
PRC - C:\Programme\Logitech Gaming Software\Applets\LCDCountdown.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.)
PRC - C:\Programme\Logitech Gaming Software\LCore.exe (Logitech Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe (ROCCAT GmbH)
PRC - C:\xampplite\mysql\bin\mysqld.exe (MySQL AB)
PRC - C:\xampplite\apache\bin\httpd.exe (Apache Software Foundation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\ROCCAT\Kone[+] Mouse\hiddriver.dll ()
========== Services (SafeList) ==========
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (HiPatchService) -- C:\Programme\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (MySQL) -- C:\xampplite\mysql\bin\mysqld.exe (MySQL AB)
SRV - (Apache2.2) -- C:\xampplite\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (TWJMVAAJXX) -- C:\Windows\system32\drivers\TWJMVAAJXXTDTP.sys File not found
DRV - (TUMRIXENED) -- C:\Windows\system32\drivers\TUMRIXENEDEUSA.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (FQOIXBRSIM) -- C:\Windows\system32\drivers\FQOIX.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (tizekdrv) -- C:\Users\Dennis\AppData\Roaming\TZAC\tizek32.sys ()
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (MSHUSBVideo) -- C:\Windows\System32\drivers\nx6000.sys (Microsoft Corporation)
DRV - (LGVirHid) -- C:\Windows\System32\drivers\LGVirHid.sys (Logitech Inc.)
DRV - (LGBusEnum) -- C:\Windows\System32\drivers\LGBusEnum.sys (Logitech Inc.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (AtcL001) -- C:\Windows\System32\drivers\l160x86.sys (Atheros Communications, Inc.)
DRV - (LGPBTDD) -- C:\Windows\System32\drivers\LGPBTDD.sys (Logitech Inc.)
DRV - (PVUSB) -- C:\Windows\System32\drivers\CESG502.sys (Hitachi Semiconductor and Devices Sales Co.,Ltd.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 89 CB 9F 79 19 CD 01 [binary data]
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\..\SearchScopes\{7011DD45-BE5F-4679-99C1-0A779312E393}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\..\SearchScopes\{C9B145F7-0EFE-4762-B78E-DCC4133F077C}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-4029795019-3617864426-4262105071-1004\..\SearchScopes,DefaultScope =
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 18:03:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2002.01.01 00:14:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions
[2013.04.18 16:04:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\d2mpstf0.default\extensions
[2012.06.18 16:14:34 | 000,000,950 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\mozilla\firefox\profiles\d2mpstf0.default\searchplugins\icqplugin-4.xml
[2013.04.12 18:03:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 18:03:21 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2002.01.01 01:08:23 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2002.01.01 01:08:23 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2002.01.01 01:08:23 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2002.01.01 01:08:23 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2002.01.01 01:08:23 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2002.01.01 01:08:23 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2002.01.01 00:24:31 | 000,441,346 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15167 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001..\Run: [LicenseValidator] C:\Users\Dennis\AppData\Roaming\Identities\{3E3FEFA6-1EF0-46B4-9986-F739DE6205DF}\LicenseValidator.exe ()
O4 - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001..\Run: [oqfyo.exe] C:\Users\Dennis\AppData\Roaming\Moodar\oqfyo.exe ()
O4 - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001..\Run: [uxnaq.exe] C:\Users\Dennis\AppData\Roaming\Osgi\uxnaq.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4029795019-3617864426-4262105071-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4029795019-3617864426-4262105071-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{897EE01C-1235-4C5B-8B4B-4879E85BB809}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0A7B7E1-F126-43D0-AB39-E278CE1998AB}: NameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002.01.01 01:06:34 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.18 16:10:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2013.04.18 15:45:41 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.18 15:45:32 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.18 15:44:24 | 000,551,702 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Dennis\Desktop\JRT.exe
[2013.04.17 11:38:25 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\NetSpeedMonitor
[2013.04.17 11:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\NetSpeedMonitor
[2013.04.12 18:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.08 20:51:18 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\client
[2013.04.07 20:06:29 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013.04.07 20:06:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013.04.07 19:48:08 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2013.04.07 19:48:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll
[2013.04.07 19:47:30 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2013.04.07 19:47:30 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2013.04.07 19:47:30 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2013.04.07 19:42:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013.04.07 19:42:45 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2013.04.07 19:42:45 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2013.04.07 19:42:45 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2013.04.07 19:42:45 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2013.04.07 19:41:53 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.07 19:41:53 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.07 19:41:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.07 19:41:53 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.07 19:41:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.07 19:41:50 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013.04.07 19:41:50 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013.04.07 19:41:50 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013.04.07 19:41:50 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013.04.07 19:41:50 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013.04.07 19:41:50 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013.04.07 19:41:50 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013.04.07 19:41:50 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013.04.07 19:41:50 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013.04.07 19:41:50 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013.04.07 19:41:50 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013.04.07 19:41:50 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013.04.07 19:41:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013.04.07 19:41:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013.04.07 19:41:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013.04.07 19:41:50 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013.04.07 19:41:40 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2013.04.07 19:41:25 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2013.04.07 19:41:25 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2013.04.07 19:41:23 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.07 19:41:22 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.07 19:41:21 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.07 19:41:17 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.04.07 19:41:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2013.04.07 19:41:14 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2013.04.07 19:41:05 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2013.04.07 19:41:00 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2013.04.07 19:40:49 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2013.04.07 19:39:16 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013.04.07 19:39:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013.04.07 19:39:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013.04.07 19:39:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013.04.07 19:39:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013.04.07 19:39:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.04.07 19:39:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013.04.07 19:39:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013.04.07 19:39:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013.04.07 19:39:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013.04.07 19:39:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013.04.07 19:39:08 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2013.04.07 19:39:08 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2013.04.07 19:39:08 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2013.04.07 19:39:07 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013.04.07 19:38:22 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2013.04.07 19:38:22 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2013.04.07 19:36:18 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013.04.07 19:36:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013.04.07 19:36:12 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013.04.07 19:36:11 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2013.04.07 19:35:37 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.07 19:29:44 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2013.04.07 19:29:44 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2013.04.07 19:29:35 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2013.04.07 19:29:35 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2013.04.07 19:29:35 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2013.04.07 19:29:21 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2013.04.07 19:29:21 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2013.04.02 11:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\dumps
[2013.03.31 12:04:56 | 000,693,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.03.31 12:04:56 | 000,073,432 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.03.31 03:34:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2013.03.27 14:00:40 | 008,952,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013.03.27 14:00:40 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013.03.27 14:00:38 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013.03.27 14:00:38 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3231422.dll
[2013.03.27 14:00:38 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3231422.dll
[2013.03.27 14:00:37 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013.03.27 14:00:37 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013.03.27 14:00:33 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013.03.27 11:28:51 | 171,934,904 | ---- | C] (NVIDIA Corporation) -- C:\Users\Dennis\Desktop\314.22-desktop-win8-win7-winvista-32bit-international-whql.exe
[2013.03.25 22:39:46 | 004,546,560 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2013.03.23 13:40:02 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220294.dll
[2013.03.23 13:40:02 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3220162.dll
[2010.06.02 06:22:02 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.18 16:12:10 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 16:12:10 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.18 16:10:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2013.04.18 15:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.18 15:44:59 | 000,613,083 | ---- | M] () -- C:\Users\Dennis\Desktop\adwcleaner.exe
[2013.04.18 15:44:50 | 000,551,702 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Dennis\Desktop\JRT.exe
[2013.04.18 15:20:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.08 20:48:50 | 001,633,790 | ---- | M] () -- C:\Users\Dennis\Desktop\client.zip
[2013.04.08 20:07:20 | 000,000,213 | ---- | M] () -- C:\Users\Dennis\Desktop\Counter-Strike Global Offensive.url
[2013.04.08 20:02:29 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.08 20:02:29 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.08 20:02:29 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.08 20:02:29 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.07 20:29:58 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.07 20:29:58 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.07 15:13:11 | 000,103,316 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2013.04.04 15:38:17 | 000,007,605 | ---- | M] () -- C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg
[2013.03.31 15:00:27 | 000,008,900 | ---- | M] () -- C:\Users\Dennis\Desktop\config.cfg
[2013.03.28 18:19:59 | 000,049,375 | ---- | M] () -- C:\Users\Dennis\Desktop\Kabale und Liebe.rtf
[2013.03.28 17:30:12 | 000,026,881 | ---- | M] () -- C:\Users\Dennis\Desktop\Faserland.rtf
[2013.03.27 11:40:46 | 171,934,904 | ---- | M] (NVIDIA Corporation) -- C:\Users\Dennis\Desktop\314.22-desktop-win8-win7-winvista-32bit-international-whql.exe
[2013.03.25 22:39:46 | 004,546,560 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2013.03.22 12:48:08 | 000,000,193 | ---- | M] () -- C:\Windows\FA124.INI
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.18 15:44:39 | 000,613,083 | ---- | C] () -- C:\Users\Dennis\Desktop\adwcleaner.exe
[2013.04.08 20:48:38 | 001,633,790 | ---- | C] () -- C:\Users\Dennis\Desktop\client.zip
[2013.04.08 20:07:20 | 000,000,213 | ---- | C] () -- C:\Users\Dennis\Desktop\Counter-Strike Global Offensive.url
[2013.04.07 19:48:09 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.04.07 19:47:30 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.04.04 15:38:17 | 000,007,605 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg
[2013.03.31 14:13:36 | 000,008,900 | ---- | C] () -- C:\Users\Dennis\Desktop\config.cfg
[2013.03.31 12:04:57 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.28 18:19:59 | 000,049,375 | ---- | C] () -- C:\Users\Dennis\Desktop\Kabale und Liebe.rtf
[2013.03.28 17:30:12 | 000,026,881 | ---- | C] () -- C:\Users\Dennis\Desktop\Faserland.rtf
[2012.11.18 20:17:36 | 000,000,193 | ---- | C] () -- C:\Windows\FA124.INI
[2012.07.07 11:34:32 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2012.02.01 17:53:44 | 000,103,316 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.12.08 21:19:17 | 000,000,031 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.11.12 20:49:52 | 000,017,408 | ---- | C] () -- C:\Users\Dennis\AppData\Local\WebpageIcons.db
[2011.08.06 19:49:32 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.08.06 19:48:34 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.06.02 06:22:54 | 001,412,902 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x64.cab
[2010.06.02 06:22:54 | 001,127,217 | ---- | C] () -- C:\Program Files\OCT2006_d3dx9_31_x86.cab
[2010.06.02 06:22:54 | 000,273,960 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x64.cab
[2010.06.02 06:22:54 | 000,272,611 | ---- | C] () -- C:\Program Files\Nov2008_XAudio_x86.cab
[2010.06.02 06:22:54 | 000,182,361 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x64.cab
[2010.06.02 06:22:54 | 000,138,017 | ---- | C] () -- C:\Program Files\OCT2006_XACT_x86.cab
[2010.06.02 06:22:54 | 000,086,037 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x64.cab
[2010.06.02 06:22:54 | 000,045,359 | ---- | C] () -- C:\Program Files\Oct2005_xinput_x86.cab
[2010.06.02 06:22:52 | 001,906,878 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x64.cab
[2010.06.02 06:22:52 | 001,550,796 | ---- | C] () -- C:\Program Files\Nov2008_d3dx9_40_x86.cab
[2010.06.02 06:22:52 | 000,965,421 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x86.cab
[2010.06.02 06:22:52 | 000,121,794 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x64.cab
[2010.06.02 06:22:52 | 000,092,684 | ---- | C] () -- C:\Program Files\Nov2008_XACT_x86.cab
[2010.06.02 06:22:52 | 000,054,522 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x64.cab
[2010.06.02 06:22:52 | 000,021,851 | ---- | C] () -- C:\Program Files\Nov2008_X3DAudio_x86.cab
[2010.06.02 06:22:50 | 000,994,154 | ---- | C] () -- C:\Program Files\Nov2008_d3dx10_40_x64.cab
[2010.06.02 06:22:50 | 000,196,762 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x64.cab
[2010.06.02 06:22:50 | 000,148,264 | ---- | C] () -- C:\Program Files\NOV2007_XACT_x86.cab
[2010.06.02 06:22:50 | 000,046,144 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x64.cab
[2010.06.02 06:22:50 | 000,018,496 | ---- | C] () -- C:\Program Files\NOV2007_X3DAudio_x86.cab
[2010.06.02 06:22:48 | 001,802,058 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x64.cab
[2010.06.02 06:22:48 | 001,709,360 | ---- | C] () -- C:\Program Files\Nov2007_d3dx9_36_x86.cab
[2010.06.02 06:22:48 | 000,864,600 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x64.cab
[2010.06.02 06:22:48 | 000,803,884 | ---- | C] () -- C:\Program Files\Nov2007_d3dx10_36_x86.cab
[2010.06.02 06:22:48 | 000,273,018 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x86.cab
[2010.06.02 06:22:46 | 000,275,044 | ---- | C] () -- C:\Program Files\Mar2009_XAudio_x64.cab
[2010.06.02 06:22:46 | 000,121,506 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x64.cab
[2010.06.02 06:22:46 | 000,092,740 | ---- | C] () -- C:\Program Files\Mar2009_XACT_x86.cab
[2010.06.02 06:22:38 | 000,054,600 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x64.cab
[2010.06.02 06:22:38 | 000,021,298 | ---- | C] () -- C:\Program Files\Mar2009_X3DAudio_x86.cab
[2010.06.02 06:22:36 | 001,973,702 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x64.cab
[2010.06.02 06:22:36 | 001,612,446 | ---- | C] () -- C:\Program Files\Mar2009_d3dx9_41_x86.cab
[2010.06.02 06:22:36 | 001,067,160 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x64.cab
[2010.06.02 06:22:36 | 001,040,745 | ---- | C] () -- C:\Program Files\Mar2009_d3dx10_41_x86.cab
[2010.06.02 06:22:36 | 000,251,194 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x64.cab
[2010.06.02 06:22:36 | 000,226,250 | ---- | C] () -- C:\Program Files\Mar2008_XAudio_x86.cab
[2010.06.02 06:22:36 | 000,122,336 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x64.cab
[2010.06.02 06:22:36 | 000,093,734 | ---- | C] () -- C:\Program Files\Mar2008_XACT_x86.cab
[2010.06.02 06:22:34 | 001,769,862 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x64.cab
[2010.06.02 06:22:34 | 001,443,282 | ---- | C] () -- C:\Program Files\Mar2008_d3dx9_37_x86.cab
[2010.06.02 06:22:34 | 000,818,260 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x86.cab
[2010.06.02 06:22:34 | 000,055,058 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x64.cab
[2010.06.02 06:22:34 | 000,021,867 | ---- | C] () -- C:\Program Files\Mar2008_X3DAudio_x86.cab
[2010.06.02 06:22:32 | 000,937,246 | ---- | C] () -- C:\Program Files\Jun2010_d3dx9_43_x64.cab
[2010.06.02 06:22:32 | 000,844,884 | ---- | C] () -- C:\Program Files\Mar2008_d3dx10_37_x64.cab
[2010.06.02 06:22:32 | 000,768,036 | ---- | C] () -- C:\Program Files\Jun2010_d3dx9_43_x86.cab
[2010.06.02 06:22:32 | 000,278,060 | ---- | C] () -- C:\Program Files\Jun2010_XAudio_x86.cab
[2010.06.02 06:22:32 | 000,277,338 | ---- | C] () -- C:\Program Files\Jun2010_XAudio_x64.cab
[2010.06.02 06:22:32 | 000,124,596 | ---- | C] () -- C:\Program Files\Jun2010_XACT_x64.cab
[2010.06.02 06:22:32 | 000,093,686 | ---- | C] () -- C:\Program Files\Jun2010_XACT_x86.cab
[2010.06.02 06:22:30 | 000,762,188 | ---- | C] () -- C:\Program Files\Jun2010_d3dcsx_43_x86.cab
[2010.06.02 06:22:30 | 000,235,955 | ---- | C] () -- C:\Program Files\Jun2010_d3dx10_43_x64.cab
[2010.06.02 06:22:30 | 000,197,283 | ---- | C] () -- C:\Program Files\Jun2010_d3dx10_43_x86.cab
[2010.06.02 06:22:30 | 000,138,205 | ---- | C] () -- C:\Program Files\Jun2010_d3dx11_43_x64.cab
[2010.06.02 06:22:30 | 000,109,445 | ---- | C] () -- C:\Program Files\Jun2010_d3dx11_43_x86.cab
[2010.06.02 06:22:28 | 000,944,460 | ---- | C] () -- C:\Program Files\Jun2010_D3DCompiler_43_x64.cab
[2010.06.02 06:22:28 | 000,931,471 | ---- | C] () -- C:\Program Files\Jun2010_D3DCompiler_43_x86.cab
[2010.06.02 06:22:28 | 000,752,783 | ---- | C] () -- C:\Program Files\Jun2010_d3dcsx_43_x64.cab
[2010.06.02 06:22:20 | 000,269,024 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x86.cab
[2010.06.02 06:22:18 | 001,792,608 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x64.cab
[2010.06.02 06:22:18 | 001,463,878 | ---- | C] () -- C:\Program Files\JUN2008_d3dx9_38_x86.cab
[2010.06.02 06:22:18 | 000,867,828 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x64.cab
[2010.06.02 06:22:18 | 000,849,919 | ---- | C] () -- C:\Program Files\JUN2008_d3dx10_38_x86.cab
[2010.06.02 06:22:18 | 000,269,628 | ---- | C] () -- C:\Program Files\JUN2008_XAudio_x64.cab
[2010.06.02 06:22:18 | 000,152,909 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x86.cab
[2010.06.02 06:22:18 | 000,121,054 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x64.cab
[2010.06.02 06:22:18 | 000,093,128 | ---- | C] () -- C:\Program Files\JUN2008_XACT_x86.cab
[2010.06.02 06:22:18 | 000,055,154 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x64.cab
[2010.06.02 06:22:18 | 000,021,905 | ---- | C] () -- C:\Program Files\JUN2008_X3DAudio_x86.cab
[2010.06.02 06:22:16 | 001,607,774 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x64.cab
[2010.06.02 06:22:16 | 001,607,286 | ---- | C] () -- C:\Program Files\JUN2007_d3dx9_34_x86.cab
[2010.06.02 06:22:16 | 001,064,925 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x86.cab
[2010.06.02 06:22:16 | 000,699,044 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x64.cab
[2010.06.02 06:22:16 | 000,698,472 | ---- | C] () -- C:\Program Files\JUN2007_d3dx10_34_x86.cab
[2010.06.02 06:22:16 | 000,197,122 | ---- | C] () -- C:\Program Files\JUN2007_XACT_x64.cab
[2010.06.02 06:22:16 | 000,180,785 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x64.cab
[2010.06.02 06:22:16 | 000,133,671 | ---- | C] () -- C:\Program Files\JUN2006_XACT_x86.cab
[2010.06.02 06:22:14 | 001,336,002 | ---- | C] () -- C:\Program Files\Jun2005_d3dx9_26_x64.cab
[2010.06.02 06:22:14 | 000,277,191 | ---- | C] () -- C:\Program Files\Feb2010_XAudio_x86.cab
[2010.06.02 06:22:14 | 000,276,960 | ---- | C] () -- C:\Program Files\Feb2010_XAudio_x64.cab
[2010.06.02 06:22:14 | 000,122,446 | ---- | C] () -- C:\Program Files\Feb2010_XACT_x64.cab
[2010.06.02 06:22:14 | 000,093,180 | ---- | C] () -- C:\Program Files\Feb2010_XACT_x86.cab
[2010.06.02 06:22:12 | 000,194,675 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x64.cab
[2010.06.02 06:22:12 | 000,147,983 | ---- | C] () -- C:\Program Files\FEB2007_XACT_x86.cab
[2010.06.02 06:22:12 | 000,054,678 | ---- | C] () -- C:\Program Files\Feb2010_X3DAudio_x64.cab
[2010.06.02 06:22:12 | 000,020,713 | ---- | C] () -- C:\Program Files\Feb2010_X3DAudio_x86.cab
[2010.06.02 06:22:10 | 000,178,359 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x64.cab
[2010.06.02 06:22:10 | 000,132,409 | ---- | C] () -- C:\Program Files\Feb2006_XACT_x86.cab
[2010.06.02 06:22:04 | 001,084,720 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x86.cab
[2010.06.02 06:22:02 | 001,801,048 | ---- | C] () -- C:\Program Files\dsetup32.dll
[2010.06.02 06:22:02 | 001,574,376 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x86.cab
[2010.06.02 06:22:02 | 001,362,796 | ---- | C] () -- C:\Program Files\Feb2006_d3dx9_29_x64.cab
[2010.06.02 06:22:02 | 001,247,499 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x64.cab
[2010.06.02 06:22:02 | 001,013,225 | ---- | C] () -- C:\Program Files\Feb2005_d3dx9_24_x86.cab
[2010.06.02 06:22:02 | 000,537,432 | ---- | C] () -- C:\Program Files\DXSETUP.exe
[2010.06.02 06:22:02 | 000,192,475 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x64.cab
[2010.06.02 06:22:02 | 000,145,599 | ---- | C] () -- C:\Program Files\DEC2006_XACT_x86.cab
[2010.06.02 06:22:02 | 000,094,011 | ---- | C] () -- C:\Program Files\dxupdate.cab
[2010.06.02 06:22:02 | 000,042,410 | ---- | C] () -- C:\Program Files\dxdllreg_x86.cab
[2010.06.02 06:22:00 | 001,571,154 | ---- | C] () -- C:\Program Files\DEC2006_d3dx9_32_x64.cab
[2010.06.02 06:22:00 | 001,357,976 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x64.cab
[2010.06.02 06:22:00 | 001,079,456 | ---- | C] () -- C:\Program Files\Dec2005_d3dx9_28_x86.cab
[2010.06.02 06:22:00 | 000,273,264 | ---- | C] () -- C:\Program Files\Aug2009_XAudio_x64.cab
[2010.06.02 06:22:00 | 000,272,642 | ---- | C] () -- C:\Program Files\Aug2009_XAudio_x86.cab
[2010.06.02 06:22:00 | 000,212,807 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x64.cab
[2010.06.02 06:22:00 | 000,191,720 | ---- | C] () -- C:\Program Files\DEC2006_d3dx10_00_x86.cab
[2010.06.02 06:22:00 | 000,122,408 | ---- | C] () -- C:\Program Files\Aug2009_XACT_x64.cab
[2010.06.02 06:22:00 | 000,093,106 | ---- | C] () -- C:\Program Files\Aug2009_XACT_x86.cab
[2010.06.02 06:21:58 | 000,930,116 | ---- | C] () -- C:\Program Files\Aug2009_d3dx9_42_x64.cab
[2010.06.02 06:21:58 | 000,728,456 | ---- | C] () -- C:\Program Files\Aug2009_d3dx9_42_x86.cab
[2010.06.02 06:21:58 | 000,232,635 | ---- | C] () -- C:\Program Files\Aug2009_d3dx10_42_x64.cab
[2010.06.02 06:21:58 | 000,192,131 | ---- | C] () -- C:\Program Files\Aug2009_d3dx10_42_x86.cab
[2010.06.02 06:21:58 | 000,136,301 | ---- | C] () -- C:\Program Files\Aug2009_d3dx11_42_x64.cab
[2010.06.02 06:21:58 | 000,105,044 | ---- | C] () -- C:\Program Files\Aug2009_d3dx11_42_x86.cab
[2010.06.02 06:21:56 | 003,319,740 | ---- | C] () -- C:\Program Files\Aug2009_d3dcsx_42_x86.cab
[2010.06.02 06:21:56 | 003,112,111 | ---- | C] () -- C:\Program Files\Aug2009_d3dcsx_42_x64.cab
[2010.06.02 06:21:56 | 000,900,598 | ---- | C] () -- C:\Program Files\Aug2009_D3DCompiler_42_x86.cab
[2010.06.02 06:21:46 | 000,919,044 | ---- | C] () -- C:\Program Files\Aug2009_D3DCompiler_42_x64.cab
[2010.06.02 06:21:46 | 000,271,412 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x64.cab
[2010.06.02 06:21:46 | 000,271,038 | ---- | C] () -- C:\Program Files\Aug2008_XAudio_x86.cab
[2010.06.02 06:21:44 | 001,794,084 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x64.cab
[2010.06.02 06:21:44 | 001,464,672 | ---- | C] () -- C:\Program Files\Aug2008_d3dx9_39_x86.cab
[2010.06.02 06:21:44 | 000,849,167 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x86.cab
[2010.06.02 06:21:44 | 000,198,096 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x64.cab
[2010.06.02 06:21:44 | 000,153,012 | ---- | C] () -- C:\Program Files\AUG2007_XACT_x86.cab
[2010.06.02 06:21:44 | 000,121,772 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x64.cab
[2010.06.02 06:21:44 | 000,092,996 | ---- | C] () -- C:\Program Files\Aug2008_XACT_x86.cab
[2010.06.02 06:21:42 | 001,800,160 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x64.cab
[2010.06.02 06:21:42 | 001,708,152 | ---- | C] () -- C:\Program Files\AUG2007_d3dx9_35_x86.cab
[2010.06.02 06:21:42 | 000,867,612 | ---- | C] () -- C:\Program Files\Aug2008_d3dx10_39_x64.cab
[2010.06.02 06:21:42 | 000,852,286 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x64.cab
[2010.06.02 06:21:42 | 000,796,867 | ---- | C] () -- C:\Program Files\AUG2007_d3dx10_35_x86.cab
[2010.06.02 06:21:40 | 001,350,542 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x64.cab
[2010.06.02 06:21:40 | 001,077,644 | ---- | C] () -- C:\Program Files\Aug2005_d3dx9_27_x86.cab
[2010.06.02 06:21:40 | 000,182,903 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x64.cab
[2010.06.02 06:21:40 | 000,137,235 | ---- | C] () -- C:\Program Files\AUG2006_XACT_x86.cab
[2010.06.02 06:21:40 | 000,087,142 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x64.cab
[2010.06.02 06:21:40 | 000,053,302 | ---- | C] () -- C:\Program Files\APR2007_xinput_x86.cab
[2010.06.02 06:21:40 | 000,046,058 | ---- | C] () -- C:\Program Files\AUG2006_xinput_x86.cab
[2010.06.02 06:21:38 | 001,606,039 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x86.cab
[2010.06.02 06:21:38 | 000,195,766 | ---- | C] () -- C:\Program Files\APR2007_XACT_x64.cab
[2010.06.02 06:21:38 | 000,151,225 | ---- | C] () -- C:\Program Files\APR2007_XACT_x86.cab
[2010.06.02 06:21:38 | 000,096,817 | ---- | C] () -- C:\Program Files\APR2007_xinput_x64.cab
[2010.06.02 06:21:36 | 001,607,358 | ---- | C] () -- C:\Program Files\APR2007_d3dx9_33_x64.cab
[2010.06.02 06:21:36 | 000,698,612 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x64.cab
[2010.06.02 06:21:36 | 000,695,865 | ---- | C] () -- C:\Program Files\APR2007_d3dx10_33_x86.cab
[2010.06.02 06:21:34 | 000,046,010 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x86.cab
[2010.06.02 06:21:20 | 000,087,101 | ---- | C] () -- C:\Program Files\Apr2006_xinput_x64.cab
[2010.06.02 06:21:18 | 004,162,630 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
[2010.06.02 06:21:18 | 000,916,430 | ---- | C] () -- C:\Program Files\Apr2006_MDX1_x86.cab
[2010.06.02 06:21:18 | 000,179,133 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x64.cab
[2010.06.02 06:21:18 | 000,133,103 | ---- | C] () -- C:\Program Files\Apr2006_XACT_x86.cab
[2010.06.02 06:21:16 | 001,397,830 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x64.cab
[2010.06.02 06:21:16 | 001,347,354 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x64.cab
[2010.06.02 06:21:16 | 001,115,221 | ---- | C] () -- C:\Program Files\Apr2006_d3dx9_30_x86.cab
[2010.06.02 06:21:16 | 001,078,962 | ---- | C] () -- C:\Program Files\Apr2005_d3dx9_25_x86.cab
[2002.01.01 01:41:41 | 000,022,328 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\PnkBstrK.sys
========== ZeroAccess Check ==========
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
:dankeschoen::dankeschoen::dankeschoen:
Habe leider die edit Funktion nicht finden können daher hier ein Nachtrag:
Es scheint so, als ob sich der Internet Explorer nach wie vor im Hintergrund öffnet.
Des weiteren habe ich jetzt ein weiteres "Problem" da ich ingame nur noch 14-20 fps habe. Kann das an den scans bzw dem Löschen liegen? Wenn ja, gibt es eine möglichkeit dies zu beheben?
Danke schonmal! |
AdwCleaner auf deinen Desktop.
GMER herunter: (Dateiname zufällig) 
Tauchen Probleme auf? 
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
