#1
Mein Chrome Browser und System wurde richtig übel infiziert.
"SaveOn" benamte Programme und andere Malware wird automatisch immer wieder installiert und . Zig Popups, Hovers, Banners und ähnliches verunstalten Chrome. Google Hangouts ist plötzlich installiert, das hatte ich auch wenn ich Chrome bisher genutzt habe nie aktiv als Dienst laufen.
Chrome Extensions installieren sich immer wieder auch nach dem Löschen.
Edit: So nachdem ich Chrome mal im abgesicherten Modus neu - installiert habe, kann ich jetzt wenigstens halbwegs hier sinnvoll posten und die Popus sind weg. Dieses Gefühl der Verunsicherung bleibt natürlich
OTL Scan ==================== OTL logfile created on: 19.06.2014 17:24:09 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17126) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
7,95 Gb Total Physical Memory | 4,42 Gb Available Physical Memory | 55,63% Memory free 15,95 Gb Paging File | 12,27 Gb Available in Paging File | 76,96% Paging File free Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 55,80 Gb Total Space | 10,37 Gb Free Space | 18,58% Space Free | Partition Type: NTFS Drive D: | 111,79 Gb Total Space | 27,90 Gb Free Space | 24,96% Space Free | Partition Type: NTFS Drive E: | 596,17 Gb Total Space | 548,66 Gb Free Space | 92,03% Space Free | Partition Type: NTFS Drive H: | 2794,49 Gb Total Space | 1420,69 Gb Free Space | 50,84% Space Free | Partition Type: NTFS Drive M: | 5588,87 Gb Total Space | 1558,75 Gb Free Space | 27,89% Space Free | Partition Type: NTFS
Computer Name: MIDNEID | User Name: NoxMortem | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Bereits versucht: Temporäre Dateien löschen GMer Scan kann nicht mehr durchgeführt werden ->Programm stürzt bei start ab. MalwareBytes Anti-Malware (Trial 2.0.2.1012 scan und Quarantine -> Keine Änderung
Auslöser - kann nur raten, könnte eine TrialVersion von Manycam gewesen sein, das war glaube ich das letzte was ich davor installiert habe, dabei wurde auch ein ziemlich nach Ad/Malware stinkendes Tool "ManyDownloads" mit installiert.
Anbei ein Log von MalwareBytes und nachfolgend das Hijackthislog
Hijackthis log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:55:10, on 19.06.2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17126) Boot mode: Normal
"SaveOn" benamte Programme und andere Malware wird automatisch immer wieder installiert und . Zig Popups, Hovers, Banners und ähnliches verunstalten Chrome. Google Hangouts ist plötzlich installiert, das hatte ich auch wenn ich Chrome bisher genutzt habe nie aktiv als Dienst laufen.
Chrome Extensions installieren sich immer wieder auch nach dem Löschen.
Edit: So nachdem ich Chrome mal im abgesicherten Modus neu - installiert habe, kann ich jetzt wenigstens halbwegs hier sinnvoll posten und die Popus sind weg. Dieses Gefühl der Verunsicherung bleibt natürlich
OTL Scan
====================
OTL logfile created on: 19.06.2014 17:24:09 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
7,95 Gb Total Physical Memory | 4,42 Gb Available Physical Memory | 55,63% Memory free
15,95 Gb Paging File | 12,27 Gb Available in Paging File | 76,96% Paging File free
Paging file location(s): c:\pagefile.sys 8192 8192 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 10,37 Gb Free Space | 18,58% Space Free | Partition Type: NTFS
Drive D: | 111,79 Gb Total Space | 27,90 Gb Free Space | 24,96% Space Free | Partition Type: NTFS
Drive E: | 596,17 Gb Total Space | 548,66 Gb Free Space | 92,03% Space Free | Partition Type: NTFS
Drive H: | 2794,49 Gb Total Space | 1420,69 Gb Free Space | 50,84% Space Free | Partition Type: NTFS
Drive M: | 5588,87 Gb Total Space | 1558,75 Gb Free Space | 27,89% Space Free | Partition Type: NTFS
Computer Name: MIDNEID | User Name: NoxMortem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2014.06.19 17:22:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2014.06.13 20:07:29 | 000,029,696 | ---- | M] () -- E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\SickBeard.exe
PRC - [2014.06.13 01:15:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014.05.29 19:36:48 | 001,754,816 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2014.05.20 02:45:22 | 033,322,312 | ---- | M] (Dropbox, Inc.) -- C:\Users\NoxMortem\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014.05.17 13:38:46 | 001,176,632 | ---- | M] (Spotify Ltd) -- C:\Users\NoxMortem\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014.04.25 09:55:56 | 001,223,536 | ---- | M] (Electronic Arts) -- E:\Program Files (x86)\Origin\OriginClientService.exe
PRC - [2014.04.25 09:55:55 | 003,588,952 | ---- | M] (Electronic Arts) -- E:\Program Files (x86)\Origin\Origin.exe
PRC - [2014.02.21 19:15:09 | 001,380,864 | ---- | M] (FalNET) -- D:\FalNET G19 Display Manager\FalNET G19 Display Manager.exe
PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.11.14 19:32:44 | 001,245,464 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDYT.exe
PRC - [2013.11.14 19:32:40 | 000,703,256 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDWebCam.exe
PRC - [2013.11.14 19:32:26 | 001,039,640 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMovieViewer.exe
PRC - [2013.11.14 19:32:24 | 000,664,344 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2013.10.15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- E:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013.09.13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- E:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013.07.25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- E:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013.01.15 03:29:52 | 000,366,040 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2013.01.15 03:29:52 | 000,279,000 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013.01.15 03:29:50 | 000,165,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.12.18 19:25:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2011.12.15 06:24:00 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.29 20:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.11.11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- E:\Program Files (x86)\Logitech Cam\LWS\Webcam Software\LWS.exe
PRC - [2011.09.20 09:17:44 | 000,115,048 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
PRC - [2010.12.28 19:44:54 | 000,294,912 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2010.11.10 19:28:40 | 000,405,504 | ---- | M] () -- D:\Program Files (x86)\Launchy\Launchy.exe
PRC - [2009.07.07 14:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- D:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2014.06.19 17:17:38 | 000,043,008 | ---- | M] () -- e:\TEMP\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdfs9be.dll
MOD - [2014.06.13 20:07:29 | 000,720,896 | ---- | M] () -- E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\lib\_ssl.pyd
MOD - [2014.06.13 20:07:29 | 000,571,904 | ---- | M] () -- E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\lib\sqlite3.dll
MOD - [2014.06.13 20:07:29 | 000,286,208 | ---- | M] () -- E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\lib\_hashlib.pyd
MOD - [2014.06.13 20:07:29 | 000,153,088 | ---- | M] () -- E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\lib\pyexpat.pyd
MOD - [2014.06.13 20:07:29 | 000,086,016 | ---- | M] () -- E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\lib\_elementtree.pyd
MOD - [2014.06.13 20:07:29 | 000,073,728 | ---- | M] () -- E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\lib\_ctypes.pyd
MOD - [2014.06.13 20:07:29 | 000,072,192 | ---- | M] () -- E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\lib\bz2.pyd
MOD - [2014.06.13 20:07:29 | 000,053,760 | ---- | M] () -- E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\lib\_sqlite3.pyd
MOD - [2014.06.13 20:07:29 | 000,040,448 | ---- | M] () -- E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\lib\_socket.pyd
MOD - [2014.06.13 20:07:29 | 000,029,696 | ---- | M] () -- E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\SickBeard.exe
MOD - [2014.06.13 20:07:29 | 000,023,552 | ---- | M] () -- E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\lib\_multiprocessing.pyd
MOD - [2014.06.13 20:07:29 | 000,011,776 | ---- | M] () -- E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\lib\select.pyd
MOD - [2014.05.29 19:37:34 | 002,139,840 | ---- | M] () -- D:\Steam\video.dll
MOD - [2014.05.29 19:36:54 | 001,116,864 | ---- | M] () -- D:\Steam\bin\chromehtml.dll
MOD - [2014.05.17 03:36:10 | 000,756,224 | ---- | M] () -- D:\Steam\SDL2.dll
MOD - [2014.05.15 03:27:39 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\359e693030a92977455667e67fb74267\Microsoft.VisualBasic.ni.dll
MOD - [2014.05.15 03:26:52 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6b81a58601cb555dd9e63bc05557751b\IAStorUtil.ni.dll
MOD - [2014.05.15 03:19:10 | 000,774,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\98c91b8d3f1d54c41ada5f37e0935303\System.Runtime.Remoting.ni.dll
MOD - [2014.05.02 01:35:22 | 020,628,160 | ---- | M] () -- D:\Steam\bin\libcef.dll
MOD - [2014.04.30 02:08:08 | 001,135,104 | ---- | M] () -- D:\Steam\libavcodec-55.dll
MOD - [2014.04.30 02:08:08 | 000,471,552 | ---- | M] () -- D:\Steam\libavutil-53.dll
MOD - [2014.04.30 02:08:08 | 000,404,992 | ---- | M] () -- D:\Steam\libavformat-55.dll
MOD - [2014.04.30 02:08:08 | 000,340,992 | ---- | M] () -- D:\Steam\libavresample-1.dll
MOD - [2014.04.29 02:37:22 | 000,519,168 | ---- | M] () -- D:\Steam\libswscale-2.dll
MOD - [2014.04.25 09:55:54 | 000,962,560 | ---- | M] () -- E:\Program Files (x86)\Origin\platforms\qwindows.dll
MOD - [2014.04.25 09:55:39 | 000,302,592 | ---- | M] () -- E:\Program Files (x86)\Origin\imageformats\qtiff.dll
MOD - [2014.04.25 09:55:39 | 000,019,968 | ---- | M] () -- E:\Program Files (x86)\Origin\imageformats\qtga.dll
MOD - [2014.04.25 09:55:39 | 000,018,944 | ---- | M] () -- E:\Program Files (x86)\Origin\imageformats\qwbmp.dll
MOD - [2014.04.25 09:55:38 | 000,261,632 | ---- | M] () -- E:\Program Files (x86)\Origin\imageformats\qmng.dll
MOD - [2014.04.25 09:55:38 | 000,217,088 | ---- | M] () -- E:\Program Files (x86)\Origin\imageformats\qjpeg.dll
MOD - [2014.04.25 09:55:38 | 000,025,088 | ---- | M] () -- E:\Program Files (x86)\Origin\imageformats\qico.dll
MOD - [2014.04.25 09:55:38 | 000,024,064 | ---- | M] () -- E:\Program Files (x86)\Origin\imageformats\qgif.dll
MOD - [2014.04.14 15:12:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33f1f62a80540af6dba6af268692c041\IAStorCommon.ni.dll
MOD - [2014.02.22 10:17:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014.02.22 00:53:54 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll
MOD - [2014.02.22 00:40:19 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014.02.22 00:40:15 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014.02.22 00:40:13 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014.02.22 00:40:03 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014.02.22 00:40:01 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014.02.22 00:39:57 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014.01.12 19:31:22 | 000,077,160 | ---- | M] () -- E:\Program Files\TortoiseGit\bin\zlib132.dll
MOD - [2014.01.12 19:31:20 | 000,550,248 | ---- | M] () -- E:\Program Files\TortoiseGit\bin\libgit232.dll
MOD - [2014.01.03 03:09:26 | 003,610,624 | ---- | M] () -- C:\Users\NoxMortem\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013.08.23 21:01:44 | 025,100,288 | ---- | M] () -- C:\Users\NoxMortem\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013.07.08 14:49:50 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2013.07.08 14:49:46 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2013.06.15 01:49:12 | 001,100,800 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll
MOD - [2013.06.15 01:49:12 | 000,192,000 | ---- | M] () -- D:\Steam\bin\avformat-53.dll
MOD - [2013.06.15 01:49:12 | 000,124,416 | ---- | M] () -- D:\Steam\bin\avutil-51.dll
MOD - [2013.05.16 10:55:26 | 000,113,496 | ---- | M] () -- E:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013.05.16 10:55:24 | 000,416,600 | ---- | M] () -- E:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011.11.11 15:08:18 | 007,956,504 | ---- | M] () -- E:\Program Files (x86)\Logitech Cam\LWS\Webcam Software\QTGui4.dll
MOD - [2011.11.11 15:08:18 | 000,342,552 | ---- | M] () -- E:\Program Files (x86)\Logitech Cam\LWS\Webcam Software\QTXml4.dll
MOD - [2011.11.11 15:08:18 | 000,128,536 | ---- | M] () -- E:\Program Files (x86)\Logitech Cam\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011.11.11 15:08:18 | 000,029,208 | ---- | M] () -- E:\Program Files (x86)\Logitech Cam\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011.11.11 15:08:06 | 002,145,304 | ---- | M] () -- E:\Program Files (x86)\Logitech Cam\LWS\Webcam Software\QTCore4.dll
MOD - [2010.11.13 01:26:08 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.10 19:28:40 | 000,405,504 | ---- | M] () -- D:\Program Files (x86)\Launchy\Launchy.exe
MOD - [2010.11.05 15:08:00 | 000,118,784 | ---- | M] () -- D:\Program Files (x86)\Launchy\plugins\calcy.dll
MOD - [2010.11.05 15:03:42 | 000,122,880 | ---- | M] () -- D:\Program Files (x86)\Launchy\plugins\weby.dll
MOD - [2010.08.24 18:40:48 | 000,106,496 | ---- | M] () -- D:\Program Files (x86)\Launchy\plugins\runner.dll
MOD - [2010.08.24 18:40:48 | 000,030,208 | ---- | M] () -- D:\Program Files (x86)\Launchy\plugins\gcalc.dll
MOD - [2010.08.24 18:40:22 | 000,043,520 | ---- | M] () -- D:\Program Files (x86)\Launchy\plugins\verby.dll
MOD - [2010.08.24 18:40:08 | 000,110,592 | ---- | M] () -- D:\Program Files (x86)\Launchy\plugins\controly.dll
MOD - [2010.08.22 22:32:35 | 000,023,552 | ---- | M] () -- D:\Program Files (x86)\Launchy\plugins\tasky.dll
MOD - [2010.06.13 17:02:26 | 000,659,456 | ---- | M] () -- D:\Program Files (x86)\Launchy\plugins\mathyresurrected0.dll
MOD - [2010.06.13 15:36:40 | 000,032,256 | ---- | M] () -- D:\FalNET G19 Display Manager\HIDLibrary.dll
MOD - [2009.12.17 00:18:48 | 000,233,472 | ---- | M] () -- D:\Program Files (x86)\Launchy\imageformats\qmng4.dll
MOD - [2009.12.16 22:13:02 | 008,314,880 | ---- | M] () -- D:\Program Files (x86)\Launchy\QtGui4.dll
MOD - [2009.12.16 21:56:22 | 000,712,704 | ---- | M] () -- D:\Program Files (x86)\Launchy\QtNetwork4.dll
MOD - [2009.12.16 21:54:46 | 002,236,416 | ---- | M] () -- D:\Program Files (x86)\Launchy\QtCore4.dll
MOD - [2009.06.29 11:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.02.06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009.02.03 22:55:40 | 000,065,536 | ---- | M] () -- D:\Program Files (x86)\Launchy\plugins\killy.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:64bit: - [2014.05.30 11:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014.05.21 03:28:26 | 002,279,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014.04.18 03:29:24 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2014.02.26 22:55:33 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014.06.13 01:15:07 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014.03.30 06:19:52 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2014.03.30 06:19:52 | 000,178,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2014.03.11 13:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014.03.11 13:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014.02.21 19:06:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2014.02.21 18:45:55 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2014.02.20 01:07:34 | 000,569,024 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.10.23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.10.11 00:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- E:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2013.10.05 00:58:24 | 000,087,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe -- (VsEtwService120)
SRV - [2013.09.11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.08.22 05:21:36 | 000,119,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2013.08.22 04:55:00 | 000,142,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2013.01.15 03:29:52 | 000,366,040 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2013.01.15 03:29:52 | 000,279,000 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013.01.15 03:29:50 | 000,165,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.12.10 15:31:44 | 000,803,872 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV - [2012.12.10 15:31:28 | 000,732,160 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.10.20 01:19:30 | 000,130,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2011.12.15 06:24:00 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.11.29 20:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.12.28 19:44:54 | 000,294,912 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - [2014.06.19 16:44:23 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014.05.13 15:21:18 | 000,035,440 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2014.05.13 15:06:08 | 000,042,224 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv.sys -- (ManyCam)
DRV:64bit: - [2014.05.12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014.05.12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014.04.18 04:36:46 | 015,376,384 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014.04.18 03:07:06 | 000,638,976 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2014.03.11 10:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014.02.21 20:29:52 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014.02.21 17:42:06 | 000,849,992 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013.12.19 18:45:50 | 000,094,720 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.10.02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.08.22 14:40:24 | 000,040,664 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2013.05.30 18:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012.12.18 21:36:46 | 001,617,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2012.12.18 21:36:34 | 001,572,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2012.12.18 21:36:22 | 000,120,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2012.12.18 21:36:12 | 000,215,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2012.12.18 21:36:00 | 000,018,352 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2012.12.18 21:35:50 | 000,181,680 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2012.12.18 21:35:38 | 000,703,152 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k)
DRV:64bit: - [2012.12.18 21:35:26 | 000,583,088 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2012.12.18 21:35:14 | 001,448,368 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2012.12.18 21:35:14 | 001,448,368 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2012.12.18 21:35:00 | 000,097,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2012.12.18 21:35:00 | 000,097,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2012.12.18 21:34:48 | 000,232,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2012.12.18 21:34:48 | 000,232,880 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2012.08.27 19:51:00 | 000,230,280 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3xhc.sys -- (rusb3xhc)
DRV:64bit: - [2012.08.27 19:50:58 | 000,114,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rusb3hub.sys -- (rusb3hub)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.07.13 11:56:32 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 06:15:42 | 004,862,368 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011.12.15 06:15:34 | 000,351,392 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.11.29 19:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.16 18:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.07.09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.07.01 21:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 4A 37 AE D1 8B CF 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.3.0: C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.4.0: C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014.02.21 19:50:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014.05.13 19:00:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014.02.21 19:50:04 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2014.06.13 16:53:51 | 000,451,209 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 15487 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] D:\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LWS] E:\Program Files (x86)\Logitech Cam\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [RUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SDTray] E:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] D:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [EADM] E:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [FalNET G19 Display Manager] D:\FalNET G19 Display Manager\FalNET G19 Display Manager.exe (FalNET)
O4 - HKCU..\Run: [Plex Media Server] E:\MediaServer\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\NoxMortem\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - Startup: C:\Users\NoxMortem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CouchPotato.lnk = C:\Users\NoxMortem\AppData\Roaming\CouchPotato\application\CouchPotato.exe ()
O4 - Startup: C:\Users\NoxMortem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\NoxMortem\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\NoxMortem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk = D:\Program Files (x86)\Launchy\Launchy.exe ()
O4 - Startup: C:\Users\NoxMortem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk = E:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
O4 - Startup: C:\Users\NoxMortem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SickBeard.lnk = E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\SickBeard.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DD451F6-0806-4D92-B864-79EEF7DC72BA}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
ActiveX:64bit: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1} - .NET Framework
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7DEBE4EB-6B40-3766-BB35-5CBBC385DA37} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
MsConfig:64bit - StartUpFolder: C:^Users^NoxMortem^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^An OneNote senden.lnk - C:\Programme\Microsoft Office 15\root\office15\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - D:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AsioReg - hkey= - key= - C:\Windows\SysNative\REGSVR32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: CTxfiHlp - hkey= - key= - C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
MsConfig:64bit - StartUpReg: SkyDrive - hkey= - key= - C:\Users\NoxMortem\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\NoxMortem\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Xvid - hkey= - key= - E:\Program Files (x86)\Xvid\CheckUpdate.exe ()
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2014.06.19 17:22:46 | 000,000,000 | ---D | C] -- C:\Users\NoxMortem\AppData\Roaming\SUPERAntiSpyware.com
[2014.06.19 17:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014.06.19 17:21:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014.06.19 16:43:35 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.06.19 16:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014.06.19 16:43:09 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.06.19 16:43:09 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.06.19 16:43:09 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.06.19 16:43:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.06.19 16:39:44 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014.06.19 16:39:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.06.19 16:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014.06.17 18:57:59 | 000,000,000 | ---D | C] -- C:\Users\NoxMortem\AppData\Roaming\Visicom Media
[2014.06.17 18:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\WorldAppIt
[2014.06.17 18:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Adblocker
[2014.06.17 18:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adblocker
[2014.06.17 18:56:22 | 000,000,000 | ---D | C] -- C:\Users\NoxMortem\AppData\Local\Packages
[2014.06.17 18:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\e1b6d499cc894799
[2014.06.17 18:56:07 | 000,000,000 | ---D | C] -- C:\Users\NoxMortem\AppData\Local\Comodo
[2014.06.17 18:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2014.06.17 18:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\EmailNotifier
[2014.06.17 18:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visicom Media
[2014.06.17 18:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Visicom Media
[2014.06.17 18:31:31 | 000,000,000 | ---D | C] -- C:\Program Files\Visicom Media
[2014.06.13 02:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2014.06.13 00:47:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014.06.13 00:47:05 | 000,000,000 | ---D | C] -- C:\Users\NoxMortem\AppData\Roaming\library_dir
[2014.06.13 00:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr
[2014.06.13 00:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2014.06.13 00:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2014.06.13 00:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014.06.13 00:45:32 | 000,806,912 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst_14.100.dll
[2014.06.13 00:45:32 | 000,586,240 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2014.06.13 00:45:32 | 000,239,616 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2014.06.13 00:45:32 | 000,190,976 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2014.06.13 00:45:32 | 000,065,024 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014.06.13 00:45:32 | 000,058,880 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014.06.13 00:45:32 | 000,031,232 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2014.06.13 00:35:48 | 000,000,000 | ---D | C] -- C:\Users\NoxMortem\AppData\Roaming\ATI
[2014.06.13 00:35:48 | 000,000,000 | ---D | C] -- C:\Users\NoxMortem\AppData\Local\ATI
[2014.06.13 00:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2014.06.13 00:34:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2014.06.13 00:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2014.06.13 00:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2014.06.13 00:33:32 | 000,000,000 | ---D | C] -- C:\AMD
[2014.06.13 00:20:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2014.06.13 00:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014.06.12 23:45:52 | 000,000,000 | ---D | C] -- C:\Users\NoxMortem\AppData\Local\ElevatedDiagnostics
[2014.06.12 23:44:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014.06.12 23:23:55 | 000,000,000 | -HSD | C] -- C:\Users\NoxMortem\AppData\Local\EmieUserList
[2014.06.12 23:23:55 | 000,000,000 | -HSD | C] -- C:\Users\NoxMortem\AppData\Local\EmieSiteList
[2014.06.10 15:53:24 | 000,000,000 | ---D | C] -- E:\Desktop\TEST
[2014.06.08 20:21:12 | 000,000,000 | ---D | C] -- C:\Users\NoxMortem\AppData\Roaming\TortoiseGit
[2014.06.08 19:52:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014.06.07 17:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Very Sleepy
[2014.05.30 15:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2014.05.30 15:15:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2014.05.30 15:14:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2014.05.30 15:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2014.05.30 15:13:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2014.05.30 15:13:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2014.05.30 15:13:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2014.05.30 15:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014.05.30 15:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014.05.30 15:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Suite 5 Production Premium
[2014.05.30 15:13:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014.05.30 15:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2014.06.19 17:25:10 | 000,016,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.06.19 17:25:10 | 000,016,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.06.19 17:23:31 | 001,656,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.06.19 17:23:31 | 000,717,310 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.06.19 17:23:31 | 000,661,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.06.19 17:23:31 | 000,154,870 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.06.19 17:23:31 | 000,126,744 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.06.19 17:22:51 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b8b91d08-9604-467b-81ef-9821f8e9dc22.job
[2014.06.19 17:22:51 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 32691ede-233a-4eb0-9aed-ce1deeeafdad.job
[2014.06.19 17:21:21 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014.06.19 17:16:55 | 000,000,554 | ---- | M] () -- C:\Windows\tasks\MATLAB R2012b Startup Accelerator.job
[2014.06.19 17:16:45 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.06.19 17:16:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.19 17:03:21 | 000,063,896 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014.06.19 17:03:21 | 000,063,896 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014.06.19 17:03:21 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000004-00000000-00000000-00001102-0000000B-00431102}.rfx
[2014.06.19 17:01:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.06.19 16:44:23 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.06.19 16:43:15 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.06.18 12:51:35 | 000,000,447 | ---- | M] () -- C:\Users\NoxMortem\.gitconfig
[2014.06.17 22:39:19 | 000,007,616 | ---- | M] () -- C:\Users\NoxMortem\AppData\Local\Resmon.ResmonCfg
[2014.06.17 18:56:07 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014.06.15 16:55:51 | 000,000,132 | ---- | M] () -- C:\Users\NoxMortem\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014.06.14 13:15:58 | 002,560,076 | ---- | M] () -- E:\Desktop\Background.jpg
[2014.06.14 11:12:10 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.06.14 11:09:43 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014.06.13 16:53:51 | 000,451,209 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014.06.13 01:15:07 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014.06.13 00:35:38 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2014.06.11 04:26:02 | 000,004,080 | ---- | M] () -- E:\Desktop\controls.html
[2014.06.10 22:24:48 | 000,070,903 | ---- | M] () -- E:\Desktop\kineticexample.jpg
[2014.06.10 17:15:12 | 000,408,660 | ---- | M] () -- E:\Desktop\sam healy.png
[2014.06.10 16:11:53 | 000,234,924 | ---- | M] () -- E:\Desktop\web.PNG
[2014.06.09 20:38:48 | 000,067,342 | ---- | M] () -- E:\Desktop\fireworks.PNG
[2014.06.09 18:16:38 | 000,063,765 | ---- | M] () -- E:\Desktop\haeufung.PNG
[2014.06.09 17:47:23 | 000,068,311 | ---- | M] () -- E:\Desktop\SolarFlare2.PNG
[2014.06.09 17:46:05 | 000,118,427 | ---- | M] () -- E:\Desktop\SolarFlare.PNG
[2014.06.09 17:29:10 | 000,061,630 | ---- | M] () -- E:\Desktop\boundary2.PNG
[2014.06.09 15:27:55 | 000,127,920 | ---- | M] () -- E:\Desktop\boundary.PNG
[2014.06.09 14:48:06 | 000,173,975 | ---- | M] () -- E:\Desktop\DEBUG.PNG
[2014.06.09 01:06:15 | 000,077,135 | ---- | M] () -- E:\Desktop\instabil.PNG
[2014.06.08 21:27:13 | 000,036,085 | ---- | M] () -- E:\Desktop\Schön.PNG
[2014.06.07 14:50:07 | 000,036,652 | ---- | M] () -- E:\Desktop\muh2.png
[2014.06.07 14:40:42 | 000,011,178 | ---- | M] () -- E:\Desktop\muh.png
[2014.06.03 23:45:03 | 000,039,096 | ---- | M] () -- E:\Desktop\nn-100.PNG
[2014.06.03 23:44:18 | 000,039,576 | ---- | M] () -- E:\Desktop\nn-93.PNG
[2014.06.03 23:43:11 | 000,034,310 | ---- | M] () -- E:\Desktop\nn-90.PNG
[2014.06.03 22:15:22 | 000,055,162 | ---- | M] () -- E:\Desktop\nn.pdf
[2014.06.03 00:20:45 | 000,311,479 | ---- | M] () -- E:\Desktop\assignment_3.pdf
[2014.06.02 19:35:02 | 000,026,930 | ---- | M] () -- E:\Desktop\Histest.PNG
[2014.06.02 15:04:57 | 000,026,434 | ---- | M] () -- E:\Desktop\histresults2.png
[2014.06.02 15:04:05 | 000,017,156 | ---- | M] () -- E:\Desktop\traindata and bins 64.png
[2014.06.01 21:06:37 | 000,068,245 | ---- | M] () -- E:\Desktop\C.pdf
[2014.05.31 08:00:30 | 005,009,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.05.30 20:24:14 | 000,451,214 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140604-003443.backup
[2014.05.29 18:07:12 | 000,105,068 | ---- | M] () -- E:\Desktop\MSAA4.PNG
[2014.05.29 18:06:57 | 000,089,869 | ---- | M] () -- E:\Desktop\MSAA2.PNG
[2014.05.29 18:03:10 | 000,286,254 | ---- | M] () -- E:\Desktop\MSAA8.PNG
[2014.05.29 18:02:57 | 000,242,640 | ---- | M] () -- E:\Desktop\MSAA1.PNG
[2014.05.29 16:34:48 | 000,040,926 | ---- | M] () -- E:\Desktop\drogenhasen.png
[2014.05.29 00:05:31 | 000,122,605 | ---- | M] () -- E:\Desktop\green.PNG
[2014.05.29 00:00:29 | 000,215,759 | ---- | M] () -- E:\Desktop\ConeLighting.PNG
[2014.05.28 23:56:13 | 000,239,471 | ---- | M] () -- E:\Desktop\ScaleTranslate.PNG
[2014.05.28 22:03:18 | 000,002,897 | ---- | M] () -- E:\Desktop\joke.png
[2014.05.28 19:01:17 | 000,055,014 | ---- | M] () -- E:\Desktop\zoomedOut.PNG
[2014.05.28 19:01:06 | 000,226,722 | ---- | M] () -- E:\Desktop\zoomedIn.PNG
[2014.05.28 18:54:09 | 000,109,914 | ---- | M] () -- E:\Desktop\12345.PNG
[2014.05.28 18:52:55 | 000,077,397 | ---- | M] () -- E:\Desktop\1234.PNG
[2014.05.28 18:50:57 | 000,095,075 | ---- | M] () -- E:\Desktop\123.PNG
[2014.05.28 18:38:43 | 000,256,526 | ---- | M] () -- E:\Desktop\positionWS.PNG
[2014.05.28 18:34:40 | 000,137,128 | ---- | M] () -- E:\Desktop\positioNVS.PNG
[2014.05.28 00:42:40 | 000,001,052 | ---- | M] () -- C:\Users\NoxMortem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014.05.27 23:44:09 | 000,032,639 | ---- | M] () -- E:\Desktop\cone.PNG
[2014.05.27 23:41:14 | 000,026,354 | ---- | M] () -- E:\Desktop\create cone.png
[2014.05.27 23:22:51 | 000,003,531 | ---- | M] () -- E:\Desktop\basis.png
[2014.05.27 23:18:15 | 000,005,575 | ---- | M] () -- E:\Desktop\baseMatrix.PNG
[2014.05.27 23:03:20 | 000,122,109 | ---- | M] () -- E:\Desktop\conestatic.PNG
[2014.05.27 20:42:32 | 000,241,247 | ---- | M] () -- E:\Desktop\test2.PNG
[2014.05.27 20:40:13 | 000,226,840 | ---- | M] () -- E:\Desktop\test.PNG
[2014.05.27 18:14:57 | 001,127,008 | ---- | M] () -- E:\Desktop\colorPhong.PNG
[2014.05.27 18:14:44 | 001,093,242 | ---- | M] () -- E:\Desktop\colorDeferred.PNG
[2014.05.27 17:27:42 | 000,795,487 | ---- | M] () -- E:\Desktop\perturbedNormals.PNG
[2014.05.27 17:27:28 | 000,344,493 | ---- | M] () -- E:\Desktop\gBuffer.PNG
[2014.05.27 16:36:43 | 000,339,201 | ---- | M] () -- E:\Desktop\realLight.PNG
[2014.05.27 16:36:25 | 000,151,968 | ---- | M] () -- E:\Desktop\estimateRadius.PNG
[2014.05.27 16:35:31 | 000,151,968 | ---- | M] () -- E:\Desktop\radius.PNG
[2014.05.27 01:56:39 | 000,538,539 | ---- | M] () -- E:\Desktop\SpotlightDeferred.PNG
[2014.05.27 01:55:38 | 000,465,343 | ---- | M] () -- E:\Desktop\Spotlight.PNG
[2014.05.27 00:09:23 | 000,614,548 | ---- | M] () -- E:\Desktop\BlinnSpecular.PNG
[2014.05.27 00:08:53 | 000,671,633 | ---- | M] () -- E:\Desktop\DeferredSpecular.PNG
[2014.05.26 23:41:32 | 000,967,847 | ---- | M] () -- E:\Desktop\Unbenannt2.PNG
[2014.05.26 23:40:39 | 000,899,679 | ---- | M] () -- E:\Desktop\Unbenannt.PNG
[2014.05.26 20:28:41 | 000,083,867 | ---- | M] () -- E:\Desktop\DeferredPhong.PNG
[2014.05.26 20:28:31 | 000,114,570 | ---- | M] () -- E:\Desktop\deferredPoints.PNG
[2014.05.26 11:36:35 | 000,631,712 | ---- | M] () -- E:\Desktop\Cone2.PNG
[2014.05.26 11:36:00 | 000,145,559 | ---- | M] () -- E:\Desktop\Cone1.PNG
[2014.05.25 16:01:29 | 000,142,240 | ---- | M] () -- E:\Desktop\blurry2.PNG
[2014.05.25 16:01:10 | 000,097,559 | ---- | M] () -- E:\Desktop\blurry1.PNG
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2014.06.19 17:22:51 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b8b91d08-9604-467b-81ef-9821f8e9dc22.job
[2014.06.19 17:22:51 | 000,000,518 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 32691ede-233a-4eb0-9aed-ce1deeeafdad.job
[2014.06.19 17:21:21 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014.06.19 16:43:15 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.06.18 12:51:35 | 000,000,447 | ---- | C] () -- C:\Users\NoxMortem\.gitconfig
[2014.06.17 18:56:07 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014.06.14 13:14:57 | 002,560,076 | ---- | C] () -- E:\Desktop\Background.jpg
[2014.06.13 01:15:07 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014.06.13 01:15:06 | 003,894,632 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2014.06.13 00:45:32 | 003,471,376 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2014.06.13 00:45:32 | 003,437,632 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2014.06.13 00:45:32 | 001,187,342 | ---- | C] () -- C:\Windows\SysNative\amdocl_as64.exe
[2014.06.13 00:45:32 | 001,061,902 | ---- | C] () -- C:\Windows\SysNative\amdocl_ld64.exe
[2014.06.13 00:45:32 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2014.06.13 00:45:32 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2014.06.13 00:45:32 | 000,723,841 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2014.06.13 00:45:32 | 000,580,816 | ---- | C] () -- C:\Windows\SysWow64\atiapfxx.blb
[2014.06.13 00:45:32 | 000,580,816 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2014.06.13 00:45:32 | 000,275,124 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_vi.dat
[2014.06.13 00:45:32 | 000,273,712 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_vi_nd.dat
[2014.06.13 00:45:32 | 000,234,804 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik.dat
[2014.06.13 00:45:32 | 000,233,008 | ---- | C] () -- C:\Windows\SysNative\ativvaxy_cik_nd.dat
[2014.06.13 00:45:32 | 000,231,424 | ---- | C] () -- C:\Windows\SysNative\clinfo.exe
[2014.06.13 00:45:32 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014.06.13 00:45:32 | 000,204,952 | ---- | C] () -- C:\Windows\SysNative\ativvsvl.dat
[2014.06.13 00:45:32 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2014.06.13 00:45:32 | 000,157,144 | ---- | C] () -- C:\Windows\SysNative\ativvsva.dat
[2014.06.13 00:45:32 | 000,134,192 | ---- | C] () -- C:\Windows\SysNative\ativce03.dat
[2014.06.13 00:45:32 | 000,082,128 | ---- | C] () -- C:\Windows\SysNative\ativce02.dat
[2014.06.13 00:45:32 | 000,042,544 | ---- | C] () -- C:\Windows\SysNative\kapp_ci.sbin
[2014.06.13 00:35:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014.06.12 23:48:35 | 000,002,105 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2014.06.12 23:48:35 | 000,001,128 | ---- | C] () -- C:\Users\NoxMortem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CouchPotato.lnk
[2014.06.12 23:48:35 | 000,001,052 | ---- | C] () -- C:\Users\NoxMortem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014.06.12 23:48:35 | 000,001,019 | ---- | C] () -- C:\Users\NoxMortem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SickBeard.lnk
[2014.06.12 23:48:35 | 000,000,723 | ---- | C] () -- C:\Users\NoxMortem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk
[2014.06.12 23:48:35 | 000,000,720 | ---- | C] () -- C:\Users\NoxMortem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
[2014.06.12 23:34:54 | 000,715,877 | ---- | C] () -- C:\Windows\SysNative\amdicdxx.dat
[2014.06.11 04:26:01 | 000,004,080 | ---- | C] () -- E:\Desktop\controls.html
[2014.06.10 22:24:47 | 000,070,903 | ---- | C] () -- E:\Desktop\kineticexample.jpg
[2014.06.10 17:15:12 | 000,408,660 | ---- | C] () -- E:\Desktop\sam healy.png
[2014.06.10 16:11:53 | 000,234,924 | ---- | C] () -- E:\Desktop\web.PNG
[2014.06.09 20:38:48 | 000,067,342 | ---- | C] () -- E:\Desktop\fireworks.PNG
[2014.06.09 18:16:38 | 000,063,765 | ---- | C] () -- E:\Desktop\haeufung.PNG
[2014.06.09 17:47:23 | 000,068,311 | ---- | C] () -- E:\Desktop\SolarFlare2.PNG
[2014.06.09 17:46:05 | 000,118,427 | ---- | C] () -- E:\Desktop\SolarFlare.PNG
[2014.06.09 17:29:10 | 000,061,630 | ---- | C] () -- E:\Desktop\boundary2.PNG
[2014.06.09 15:27:55 | 000,127,920 | ---- | C] () -- E:\Desktop\boundary.PNG
[2014.06.09 14:48:06 | 000,173,975 | ---- | C] () -- E:\Desktop\DEBUG.PNG
[2014.06.09 01:06:15 | 000,077,135 | ---- | C] () -- E:\Desktop\instabil.PNG
[2014.06.08 21:27:13 | 000,036,085 | ---- | C] () -- E:\Desktop\Schön.PNG
[2014.06.07 14:50:07 | 000,036,652 | ---- | C] () -- E:\Desktop\muh2.png
[2014.06.07 14:40:42 | 000,011,178 | ---- | C] () -- E:\Desktop\muh.png
[2014.06.03 23:45:02 | 000,039,096 | ---- | C] () -- E:\Desktop\nn-100.PNG
[2014.06.03 23:44:18 | 000,039,576 | ---- | C] () -- E:\Desktop\nn-93.PNG
[2014.06.03 23:43:11 | 000,034,310 | ---- | C] () -- E:\Desktop\nn-90.PNG
[2014.06.03 22:15:21 | 000,055,162 | ---- | C] () -- E:\Desktop\nn.pdf
[2014.06.03 00:20:08 | 000,311,479 | ---- | C] () -- E:\Desktop\assignment_3.pdf
[2014.06.02 19:35:02 | 000,026,930 | ---- | C] () -- E:\Desktop\Histest.PNG
[2014.06.02 15:04:56 | 000,026,434 | ---- | C] () -- E:\Desktop\histresults2.png
[2014.06.02 15:04:04 | 000,017,156 | ---- | C] () -- E:\Desktop\traindata and bins 64.png
[2014.06.01 21:06:34 | 000,068,245 | ---- | C] () -- E:\Desktop\C.pdf
[2014.05.30 16:35:04 | 000,000,132 | ---- | C] () -- C:\Users\NoxMortem\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014.05.30 15:13:16 | 000,001,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2014.05.29 18:07:12 | 000,105,068 | ---- | C] () -- E:\Desktop\MSAA4.PNG
[2014.05.29 18:03:10 | 000,286,254 | ---- | C] () -- E:\Desktop\MSAA8.PNG
[2014.05.29 18:02:56 | 000,242,640 | ---- | C] () -- E:\Desktop\MSAA1.PNG
[2014.05.29 17:13:47 | 000,089,869 | ---- | C] () -- E:\Desktop\MSAA2.PNG
[2014.05.29 16:34:48 | 000,040,926 | ---- | C] () -- E:\Desktop\drogenhasen.png
[2014.05.29 00:05:30 | 000,122,605 | ---- | C] () -- E:\Desktop\green.PNG
[2014.05.29 00:00:29 | 000,215,759 | ---- | C] () -- E:\Desktop\ConeLighting.PNG
[2014.05.28 23:56:13 | 000,239,471 | ---- | C] () -- E:\Desktop\ScaleTranslate.PNG
[2014.05.28 22:03:18 | 000,002,897 | ---- | C] () -- E:\Desktop\joke.png
[2014.05.28 19:01:17 | 000,055,014 | ---- | C] () -- E:\Desktop\zoomedOut.PNG
[2014.05.28 19:01:06 | 000,226,722 | ---- | C] () -- E:\Desktop\zoomedIn.PNG
[2014.05.28 18:54:09 | 000,109,914 | ---- | C] () -- E:\Desktop\12345.PNG
[2014.05.28 18:52:55 | 000,077,397 | ---- | C] () -- E:\Desktop\1234.PNG
[2014.05.28 18:50:57 | 000,095,075 | ---- | C] () -- E:\Desktop\123.PNG
[2014.05.28 18:38:43 | 000,256,526 | ---- | C] () -- E:\Desktop\positionWS.PNG
[2014.05.28 18:34:40 | 000,137,128 | ---- | C] () -- E:\Desktop\positioNVS.PNG
[2014.05.27 23:41:03 | 000,026,354 | ---- | C] () -- E:\Desktop\create cone.png
[2014.05.27 23:22:50 | 000,003,531 | ---- | C] () -- E:\Desktop\basis.png
[2014.05.27 23:18:15 | 000,005,575 | ---- | C] () -- E:\Desktop\baseMatrix.PNG
[2014.05.27 23:03:20 | 000,122,109 | ---- | C] () -- E:\Desktop\conestatic.PNG
[2014.05.27 20:42:32 | 000,241,247 | ---- | C] () -- E:\Desktop\test2.PNG
[2014.05.27 20:40:13 | 000,226,840 | ---- | C] () -- E:\Desktop\test.PNG
[2014.05.27 18:14:57 | 001,127,008 | ---- | C] () -- E:\Desktop\colorPhong.PNG
[2014.05.27 18:14:44 | 001,093,242 | ---- | C] () -- E:\Desktop\colorDeferred.PNG
[2014.05.27 17:27:41 | 000,795,487 | ---- | C] () -- E:\Desktop\perturbedNormals.PNG
[2014.05.27 17:27:28 | 000,344,493 | ---- | C] () -- E:\Desktop\gBuffer.PNG
[2014.05.27 16:36:43 | 000,339,201 | ---- | C] () -- E:\Desktop\realLight.PNG
[2014.05.27 16:36:25 | 000,151,968 | ---- | C] () -- E:\Desktop\estimateRadius.PNG
[2014.05.27 16:35:31 | 000,151,968 | ---- | C] () -- E:\Desktop\radius.PNG
[2014.05.27 01:56:39 | 000,538,539 | ---- | C] () -- E:\Desktop\SpotlightDeferred.PNG
[2014.05.27 01:55:38 | 000,465,343 | ---- | C] () -- E:\Desktop\Spotlight.PNG
[2014.05.27 00:09:23 | 000,614,548 | ---- | C] () -- E:\Desktop\BlinnSpecular.PNG
[2014.05.27 00:08:53 | 000,671,633 | ---- | C] () -- E:\Desktop\DeferredSpecular.PNG
[2014.05.26 23:41:32 | 000,967,847 | ---- | C] () -- E:\Desktop\Unbenannt2.PNG
[2014.05.26 20:28:41 | 000,083,867 | ---- | C] () -- E:\Desktop\DeferredPhong.PNG
[2014.05.26 20:28:31 | 000,114,570 | ---- | C] () -- E:\Desktop\deferredPoints.PNG
[2014.05.26 19:53:21 | 000,032,639 | ---- | C] () -- E:\Desktop\cone.PNG
[2014.05.26 11:36:35 | 000,631,712 | ---- | C] () -- E:\Desktop\Cone2.PNG
[2014.05.26 11:35:59 | 000,145,559 | ---- | C] () -- E:\Desktop\Cone1.PNG
[2014.05.25 16:01:29 | 000,142,240 | ---- | C] () -- E:\Desktop\blurry2.PNG
[2014.05.25 16:01:10 | 000,097,559 | ---- | C] () -- E:\Desktop\blurry1.PNG
[2014.04.17 22:28:30 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2014.04.15 12:39:54 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2014.04.15 12:27:57 | 000,632,320 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2014.04.15 12:27:57 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2014.04.12 10:19:10 | 000,007,616 | ---- | C] () -- C:\Users\NoxMortem\AppData\Local\Resmon.ResmonCfg
[2014.02.26 22:55:41 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014.02.21 20:23:36 | 000,000,130 | ---- | C] () -- C:\Users\NoxMortem\mercurial.ini
[2014.02.21 19:48:29 | 000,262,534 | ---- | C] () -- C:\Windows\hpwins23.dat
[2014.02.21 19:48:29 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2014.02.21 19:30:20 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2014.02.21 18:45:48 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2014.02.21 18:45:48 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2014.02.21 18:45:43 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2014.02.21 18:22:45 | 001,591,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.18 20:35:42 | 000,017,979 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2012.12.18 20:35:36 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2012.12.18 19:34:34 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2012.12.18 19:32:14 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2012.12.18 19:16:06 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2012.12.18 19:16:06 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2012.12.18 19:00:06 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2012.12.18 18:59:58 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2012.12.10 15:12:50 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2014.02.21 21:20:01 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\Battle.net
[2014.03.19 19:32:53 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\com.valve.FTP
[2014.06.19 17:17:13 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\CouchPotato
[2014.04.15 20:40:20 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\DAEMON Tools Lite
[2014.06.19 17:17:49 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\Dropbox
[2014.06.19 17:17:41 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\DropboxMaster
[2014.02.21 19:52:24 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\e-academy Inc
[2014.04.16 02:35:46 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\FileBot
[2014.05.30 16:39:33 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\FileZilla
[2014.05.06 23:45:03 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\Filter Forge 4
[2014.02.21 20:19:00 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\GitHub
[2014.06.18 13:39:18 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\KeePass
[2014.04.10 13:29:06 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\Launchy
[2014.02.21 23:58:37 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\Leadertech
[2014.06.13 00:47:05 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\library_dir
[2014.05.08 20:19:17 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\NCSOFT
[2014.03.18 23:31:09 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\NetBeans
[2014.05.25 01:33:13 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\Notepad++
[2014.02.24 13:46:57 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\NuGet
[2014.02.21 23:08:21 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\Origin
[2014.06.14 19:15:42 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\Spotify
[2014.04.23 19:32:15 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\Subversion
[2014.02.28 19:15:10 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\TeamViewer
[2014.06.17 18:57:59 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\Visicom Media
[2014.03.16 13:02:23 | 000,000,000 | ---D | M] -- C:\Users\NoxMortem\AppData\Roaming\xm1
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2014.02.21 17:36:44 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2014.06.19 17:15:51 | 000,000,000 | ---D | M] -- C:\AdwCleaner
[2014.06.13 00:44:45 | 000,000,000 | ---D | M] -- C:\AMD
[2014.06.19 16:25:33 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2014.02.21 17:36:40 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2014.02.21 18:56:50 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2014.06.19 16:25:32 | 000,000,000 | R--D | M] -- C:\Program Files
[2014.06.19 16:51:31 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2014.06.19 17:22:46 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2014.02.21 17:36:40 | 000,000,000 | -HSD | M] -- C:\Programme
[2014.02.21 17:36:40 | 000,000,000 | -HSD | M] -- C:\Recovery
[2014.06.19 17:26:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2014.06.17 18:56:06 | 000,000,000 | R--D | M] -- C:\Users
[2014.06.19 16:41:33 | 000,000,000 | ---D | M] -- C:\Windows
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2014.03.04 13:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\SysNative\winlogon.exe
[2014.03.04 11:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
< End of report >
===================
Gmer Scan:
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-19 17:26:51
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-2 OCZ-VERT rev.2.25 55,90GB
Running: emtmkyxg.exe; Driver: E:\TEMP\uxldypog.sys
---- Processes - GMER 2.1 ----
Library C:\Users\NoxMortem\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\NoxMortem\AppData\Roaming\Dropbox\bin\Dropbox.exe [3084](2014-01-03 01:09:26) 0000000004040000
Library C:\Users\NoxMortem\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\NoxMortem\AppData\Roaming\Dropbox\bin\Dropbox.exe [3084](2013-08-23 19:01:44) 00000000548a0000
Library C:\Users\NoxMortem\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\NoxMortem\AppData\Roaming\Dropbox\bin\Dropbox.exe [3084] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 0000000053f10000
Library C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5980] 000007fee1270000
Library C:\Program Files\Common Files\Microsoft Shared\Office15\adal.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5980] 000007fee05e0000
Library C:\Program Files\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5980] 000007fedb630000
Library C:\Program Files\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5980] 000007fedb4b0000
Library C:\Program Files\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5980] 000007fedadf0000
Library C:\Program Files\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5980] 000007fedad80000
Library C:\Program Files\Common Files\Microsoft Shared\Office15\ACECORE.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5980] 000007fedab30000
Library C:\Program Files\Common Files\Microsoft Shared\Office15\1031\ACEWSTR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5980] 000007fedaa50000
Library C:\Program Files\Common Files\Microsoft Shared\Office15\ACEES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5980] 000007feda970000
Library C:\Program Files\Common Files\Microsoft Shared\Office15\VBAJET32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5980] 000007fef6bb0000
Library C:\Program Files\Common Files\Microsoft Shared\Office15\expsrv.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5980] 000007feda900000
Library C:\Program Files\Common Files\Microsoft Shared\Office15\ACEERR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5980] 000007fed98e0000
Process C:\Users\NoxMortem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWT6BNWF\emtmkyxg.exe (*** suspicious ***) @ C:\Users\NoxMortem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CWT6BNWF\emtmkyxg.exe [6344](2014-06-19 15:25:20) 0000000000400000
---- EOF - GMER 2.1 ----
Bereits versucht:
Temporäre Dateien löschen
GMer Scan kann nicht mehr durchgeführt werden ->Programm stürzt bei start ab.
MalwareBytes Anti-Malware (Trial 2.0.2.1012 scan und Quarantine -> Keine Änderung
Auslöser - kann nur raten, könnte eine TrialVersion von Manycam gewesen sein, das war glaube ich das letzte was ich davor installiert habe, dabei wurde auch ein ziemlich nach Ad/Malware stinkendes Tool "ManyDownloads" mit installiert.
Anbei ein Log von MalwareBytes und nachfolgend das Hijackthislog
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:55:10, on 19.06.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
D:\Steam\Steam.exe
D:\FalNET G19 Display Manager\FalNET G19 Display Manager.exe
E:\Program Files (x86)\Origin\Origin.exe
E:\MediaServer\Plex\Plex Media Server\Plex Media Server.exe
C:\Users\NoxMortem\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\NoxMortem\AppData\Roaming\CouchPotato\application\CouchPotato.exe
C:\Users\NoxMortem\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
D:\Program Files (x86)\Launchy\Launchy.exe
E:\Program Files (x86)\SABnzbd\SABnzbd.exe
E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\SickBeard.exe
D:\Notepad++\notepad++.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
E:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
E:\Program Files (x86)\Logitech Cam\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
D:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
E:\MediaServer\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
E:\MediaServer\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
E:\MediaServer\Plex\Plex Media Server\PlexScriptHost.exe
E:\MediaServer\Plex\Plex Media Server\PlexScriptHost.exe
E:\MediaServer\Plex\Plex Media Server\PlexScriptHost.exe
E:\MediaServer\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
E:\Downloads\HiJackThis204.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
O4 - HKLM\..\Run: [SDTray] "E:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [LWS] E:\Program Files (x86)\Logitech Cam\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "D:\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VolPanel] "D:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [FalNET G19 Display Manager] "D:\FalNET G19 Display Manager\FalNET G19 Display Manager.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [EADM] E:\Program Files (x86)\Origin\Origin.exe -AutoStart
O4 - HKCU\..\Run: [Plex Media Server] "E:\MediaServer\Plex\Plex Media Server\Plex Media Server.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\NoxMortem\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-2720964973-897590068-413116418-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Steam] "D:\Steam\steam.exe" -silent (User '?')
O4 - S-1-5-21-2720964973-897590068-413116418-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: CouchPotato.lnk = NoxMortem\AppData\Roaming\CouchPotato\application\CouchPotato.exe (User '?')
O4 - S-1-5-21-2720964973-897590068-413116418-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: Dropbox.lnk = NoxMortem\AppData\Roaming\Dropbox\bin\Dropbox.exe (User '?')
O4 - S-1-5-21-2720964973-897590068-413116418-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: Launchy.lnk = D:\Program Files (x86)\Launchy\Launchy.exe (User '?')
O4 - S-1-5-21-2720964973-897590068-413116418-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: SABnzbd.lnk = E:\Program Files (x86)\SABnzbd\SABnzbd.exe (User '?')
O4 - S-1-5-21-2720964973-897590068-413116418-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 Startup: SickBeard.lnk = E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\SickBeard.exe (User '?')
O4 - Startup: CouchPotato.lnk = NoxMortem\AppData\Roaming\CouchPotato\application\CouchPotato.exe
O4 - Startup: Dropbox.lnk = NoxMortem\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Launchy.lnk = D:\Program Files (x86)\Launchy\Launchy.exe
O4 - Startup: SABnzbd.lnk = E:\Program Files (x86)\SABnzbd\SABnzbd.exe
O4 - Startup: SickBeard.lnk = E:\MediaServer\SickBeard-win32-alpha-build503\SickBeard-win32-alpha-build503\SickBeard.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - E:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - E:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - E:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 19171 bytes