Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PUP.Blabbers

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.11.2012, 15:56   #1
Hajaku
 
PUP.Blabbers - Standard

PUP.Blabbers



Hallo,

ich habe heute Malwarebytes Anti-Malware laufen lassen und es hat dann 44 infizierte Objekete gefunden. Habe alle Objekte in Quarantäne verschoben.
Nun benötige ich eure Hilfe, denn ich weiß nicht wie ich diese Viren entfernen kann.

Gruß

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.10.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tran Quoc Tuan :: TUAN [Administrator]

10.11.2012 14:43:34
mbam-log-2012-11-10 (15-46-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 355421
Laufzeit: 1 Stunde(n), 1 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 23
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Users\Tran Quoc Tuan\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Tran Quoc Tuan\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Tran Quoc Tuan\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt.

Infizierte Dateien: 15
C:\Program Files (x86)\GinyasBrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\GinyasBrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\GinyasBrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt.
C:\Users\Tran Quoc Tuan\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> Keine Aktion durchgeführt.
         

Alt 10.11.2012, 17:01   #2
M-K-D-B
/// TB-Ausbilder
 
PUP.Blabbers - Standard

PUP.Blabbers






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.





Schritt 2
Bitte lade Junkware Removal Tool auf Deinen Desktop.
  • Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
  • Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Das Tool wird sich öffnen und mit dem Scan beginnen.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.





Schritt 3
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die beiden Logdateien von OTL(OTL.txt und Extras.txt).
__________________


Alt 10.11.2012, 20:15   #3
Hajaku
 
PUP.Blabbers - Standard

PUP.Blabbers



Vielen Dank für die schnelle Antwort
hier die Logs

AdwCleaner
Code:
ATTFilter
# AdwCleaner v2.007 - Datei am 10/11/2012 um 17:22:59 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Tran Quoc Tuan - TUAN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tran Quoc Tuan\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Tran Quoc Tuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
Ordner Gelöscht : C:\Users\Tran Quoc Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\m9qzk0gc.default\extensions\bbrs_002@blabbers.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Tran Quoc Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\m9qzk0gc.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1874 octets] - [10/11/2012 17:22:59]

########## EOF - C:\AdwCleaner[S1].txt - [1934 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 2.9.4 (11.10.2012)
OS: Windows 7 Home Premium x64
Ran by Tran Quoc Tuan on 10.11.2012 at 19:50:31,95
Blog: hxxp://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder-LOCKED!] "C:\Users\Tran Quoc Tuan\AppData\Roaming\dvdvideosoft"
Successfully deleted: [Folder] "C:\Users\Tran Quoc Tuan\AppData\Roaming\dvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\dvdvideosoft"
Successfully deleted: [Folder] "C:\Program Files (x86)\dvdvideosoft"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.11.2012 at 19:53:34,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.11.2012 19:57:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tran Quoc Tuan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,97 Gb Total Physical Memory | 4,40 Gb Available Physical Memory | 73,69% Memory free
11,94 Gb Paging File | 9,93 Gb Available in Paging File | 83,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681,64 Gb Total Space | 550,42 Gb Free Space | 80,75% Space Free | Partition Type: NTFS
 
Computer Name: TUAN | User Name: Tran Quoc Tuan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.10 17:25:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tran Quoc Tuan\Desktop\OTL.exe
PRC - [2012.11.02 20:17:19 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.02 20:16:45 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.02 20:16:44 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.26 17:01:05 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.28 23:54:30 | 000,054,464 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2012.03.13 17:02:03 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.03.13 17:01:48 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.03.13 17:01:29 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.03.13 17:00:11 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012.03.07 17:57:48 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
PRC - [2012.03.07 17:57:46 | 000,065,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
PRC - [2012.02.23 16:09:58 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012.02.22 18:10:28 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.21 11:41:12 | 000,473,960 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012.02.21 11:37:16 | 000,693,608 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2011.11.30 17:49:50 | 000,082,592 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.29 19:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.09.20 15:57:56 | 000,060,552 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011.02.23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.26 16:20:06 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.09.26 16:19:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.09.26 16:19:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.09.26 16:19:58 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll
MOD - [2012.09.26 16:19:56 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll
MOD - [2012.09.26 16:19:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.09.26 16:19:44 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.09.26 16:19:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.09.26 16:19:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.09.26 16:19:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.09.26 16:19:25 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.08.27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.04.23 05:39:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.03.13 18:15:50 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.11.30 17:49:50 | 000,260,768 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2012.11.10 14:32:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.02 20:18:07 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.11.02 20:17:19 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.02 20:16:45 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.24 18:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.26 17:01:05 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.28 23:54:30 | 000,054,464 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2012.05.10 17:44:34 | 001,259,104 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2012.03.26 08:24:10 | 000,978,056 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2012.03.21 16:08:20 | 000,112,256 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
SRV - [2012.03.13 17:02:03 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.03.13 17:01:48 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.03.13 17:01:29 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.03.13 17:00:11 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012.03.07 17:57:46 | 000,065,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service)
SRV - [2012.02.23 16:09:58 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012.02.23 15:51:40 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012.02.21 11:41:12 | 000,473,960 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012.02.08 17:36:01 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.01.10 12:45:32 | 000,535,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2012.01.06 15:44:28 | 000,074,904 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2012.01.06 15:44:26 | 000,138,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011.12.29 15:10:08 | 000,960,160 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2011.12.21 12:55:14 | 000,382,720 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2011.12.21 12:15:06 | 000,550,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.12.01 09:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.08.26 17:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.02.23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.02 20:17:23 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.10.12 15:35:24 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.06 15:02:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.04.07 11:51:34 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.03.13 18:19:06 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.13 18:16:05 | 010,732,032 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.03.13 18:16:05 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.13 18:03:03 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.03.13 18:01:03 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 16:01:34 | 000,036,128 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\leath_hid.sys -- (lehidmini)
DRV:64bit: - [2012.02.23 16:01:04 | 000,550,560 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012.02.23 16:00:34 | 000,421,664 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_vdp.sys -- (BTATH_VDP)
DRV:64bit: - [2012.02.23 16:00:16 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012.02.23 16:00:04 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012.02.23 15:59:34 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012.02.23 15:59:16 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012.02.23 15:59:04 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.02.23 15:58:46 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012.02.23 15:58:28 | 000,339,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012.02.23 15:57:58 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2012.02.22 18:10:17 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.22 18:10:12 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.22 18:10:10 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.21 22:27:36 | 002,807,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.02.13 10:21:29 | 000,675,432 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.02.08 17:36:36 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012.01.16 10:01:14 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-471519800-2590362783-709212159-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
IE - HKU\S-1-5-21-471519800-2590362783-709212159-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKU\S-1-5-21-471519800-2590362783-709212159-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://sony.msn.com [binary data]
IE - HKU\S-1-5-21-471519800-2590362783-709212159-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vaioportal.sony.eu
IE - HKU\S-1-5-21-471519800-2590362783-709212159-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKU\S-1-5-21-471519800-2590362783-709212159-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-471519800-2590362783-709212159-1001\..\SearchScopes\{A5BF304A-614C-426F-AE25-29C0777750E1}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms}
IE - HKU\S-1-5-21-471519800-2590362783-709212159-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-471519800-2590362783-709212159-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 16:54:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.10.28 16:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\Extensions
[2012.11.10 17:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\Firefox\Profiles\m9qzk0gc.default\extensions
[2012.11.03 13:58:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\Firefox\Profiles\m9qzk0gc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.31 18:05:09 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\Firefox\Profiles\m9qzk0gc.default\extensions\ich@maltegoetz.de
[2012.10.31 18:05:09 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\firefox\profiles\m9qzk0gc.default\extensions\personas@christopher.beard.xpi
[2012.10.31 18:05:09 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\firefox\profiles\m9qzk0gc.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2012.10.28 17:16:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\firefox\profiles\m9qzk0gc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.31 18:05:09 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\firefox\profiles\m9qzk0gc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.10.28 16:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-471519800-2590362783-709212159-1001..\RunOnce: [Uninstall C:\Users\Tran Quoc Tuan\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tran Quoc Tuan\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727" File not found
O4 - HKU\S-1-5-21-471519800-2590362783-709212159-1001..\RunOnce: [Uninstall C:\Users\Tran Quoc Tuan\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tran Quoc Tuan\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Tran Quoc Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tran Quoc Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Tran Quoc Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tran Quoc Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7567DF0C-6F5E-4792-A469-7C1641767BB2}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{BB2326E0-1AAE-432B-89E1-7BFC8550CD09} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - 
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - 
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.10 19:50:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.11.10 19:50:28 | 000,000,000 | ---D | C] -- C:\JRT
[2012.11.10 17:25:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tran Quoc Tuan\Desktop\OTL.exe
[2012.11.09 21:14:43 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.11.09 21:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.11.09 21:14:42 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Notepad++
[2012.11.09 21:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012.11.07 17:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
[2012.11.07 17:12:29 | 000,000,000 | ---D | C] -- C:\Dev-Cpp
[2012.11.07 11:09:26 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\GinyasBrowserCompanion
[2012.11.07 11:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GinyasBrowserCompanion
[2012.11.07 11:09:13 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Dev-Cpp
[2012.11.07 11:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MinGW
[2012.11.03 20:09:59 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\Documents\Meine empfangenen Dateien
[2012.11.03 20:06:44 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.11.03 20:06:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.11.03 20:05:54 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012.11.03 20:05:53 | 000,000,000 | ---D | C] -- C:\Windows\bg
[2012.11.03 20:05:50 | 000,000,000 | ---D | C] -- C:\Windows\cs
[2012.11.03 20:05:48 | 000,000,000 | ---D | C] -- C:\Windows\da
[2012.11.03 20:05:45 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012.11.03 20:05:43 | 000,000,000 | ---D | C] -- C:\Windows\fi
[2012.11.03 20:05:38 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012.11.03 20:05:35 | 000,000,000 | ---D | C] -- C:\Windows\el
[2012.11.03 20:05:33 | 000,000,000 | ---D | C] -- C:\Windows\hu
[2012.11.03 20:05:30 | 000,000,000 | ---D | C] -- C:\Windows\it
[2012.11.03 20:05:28 | 000,000,000 | ---D | C] -- C:\Windows\pl
[2012.11.03 20:05:26 | 000,000,000 | ---D | C] -- C:\Windows\pt-pt
[2012.11.03 20:05:23 | 000,000,000 | ---D | C] -- C:\Windows\ro
[2012.11.03 20:05:21 | 000,000,000 | ---D | C] -- C:\Windows\ru
[2012.11.03 20:05:18 | 000,000,000 | ---D | C] -- C:\Windows\sk
[2012.11.03 20:05:15 | 000,000,000 | ---D | C] -- C:\Windows\sv
[2012.11.03 20:05:13 | 000,000,000 | ---D | C] -- C:\Windows\sl
[2012.11.03 20:05:07 | 000,000,000 | ---D | C] -- C:\Windows\tr
[2012.11.03 20:05:05 | 000,000,000 | ---D | C] -- C:\Windows\uk
[2012.11.03 20:05:03 | 000,000,000 | ---D | C] -- C:\Windows\nb-no
[2012.11.03 20:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.11.03 20:00:17 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012.11.03 20:00:17 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012.11.03 20:00:17 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012.11.03 20:00:17 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012.11.03 20:00:15 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012.11.03 20:00:15 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012.11.03 20:00:14 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012.11.03 20:00:14 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012.11.03 19:59:43 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012.11.03 19:59:43 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.11.03 19:59:10 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012.11.03 19:59:10 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012.10.28 16:54:33 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Mozilla
[2012.10.28 16:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.10.28 16:21:27 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.28 16:21:27 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.28 16:21:27 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.28 16:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.10.28 16:05:32 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012.10.28 16:05:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012.10.28 16:05:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012.10.28 16:05:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012.10.28 16:05:27 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2012.10.28 16:05:27 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012.10.28 16:05:26 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012.10.28 16:05:26 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012.10.28 16:05:26 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012.10.28 16:05:26 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012.10.28 16:05:26 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012.10.28 16:05:26 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012.10.28 16:05:26 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012.10.28 16:05:26 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012.10.28 16:05:26 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012.10.28 16:05:26 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012.10.28 16:05:26 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012.10.28 16:05:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012.10.28 16:05:26 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012.10.28 16:05:26 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012.10.28 16:05:26 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012.10.28 16:05:25 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012.10.28 16:05:25 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012.10.28 16:05:25 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012.10.28 16:05:25 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012.10.28 16:04:56 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.10.28 16:04:56 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.10.27 16:18:29 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\McAfee
[2012.10.27 15:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012.10.26 15:52:03 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Avira
[2012.10.26 15:44:37 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Local\Diagnostics
[2012.10.26 15:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.26 15:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.26 15:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.10.24 20:47:03 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Local\Cyberlink
[2012.10.24 20:46:57 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\Documents\CyberLink
[2012.10.24 20:46:56 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\CyberLink
[2012.10.24 20:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.10.24 17:18:00 | 000,000,000 | ---D | C] -- C:\MinGW
[2012.10.22 17:47:18 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Telefónica
[2012.10.22 17:46:24 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2012.10.21 16:05:15 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\Tracing
[2012.10.19 19:20:47 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.10.19 19:20:47 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.10.19 19:20:47 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.10.19 19:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2012.10.19 19:06:32 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.10.19 19:06:32 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.10.19 19:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
[2012.10.12 15:35:24 | 001,795,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2012.10.12 15:35:24 | 000,050,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
[2012.10.11 21:25:40 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\WindSolutions
[2012.10.11 21:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2012.10.11 20:52:07 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Apple Computer
[2012.10.11 20:52:07 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Local\Apple Computer
[2012.10.11 20:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.10.11 20:51:58 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.10.11 20:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.10.11 20:51:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.10.11 20:51:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.10.11 20:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.10.11 20:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.10.11 20:50:27 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Local\Apple
[2012.10.11 20:50:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.10.11 20:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.10.11 20:49:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.10.11 20:49:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.10.11 20:49:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.10.11 20:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.10 19:53:39 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.10 19:53:39 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.10 19:45:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.10 19:45:52 | 513,560,575 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.10 17:25:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tran Quoc Tuan\Desktop\OTL.exe
[2012.11.10 17:25:25 | 000,910,303 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\JRT.exe
[2012.11.10 17:22:01 | 000,541,569 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\adwcleaner.exe
[2012.11.10 16:04:22 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.11.10 16:04:22 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.10 15:29:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.10 15:12:55 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.11.10 14:32:09 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.11.10 14:32:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.11.09 21:14:43 | 000,001,019 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\Notepad++.lnk
[2012.11.08 23:07:02 | 001,613,328 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.08 23:07:02 | 000,697,080 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.08 23:07:02 | 000,652,358 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.08 23:07:02 | 000,148,344 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.08 23:07:02 | 000,121,290 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.07 11:09:28 | 000,000,043 | ---- | M] () -- C:\END
[2012.11.03 21:16:09 | 000,012,006 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\Telekom Kündigung.odt
[2012.11.03 20:01:21 | 000,002,494 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\Windows Live Messenger.lnk
[2012.11.02 20:17:23 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.28 16:54:27 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.28 16:21:36 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.27 16:34:01 | 000,004,096 | ---- | M] () -- C:\conf.dat
[2012.10.27 16:33:44 | 000,032,768 | ---- | M] () -- C:\cache.dat
[2012.10.27 16:33:44 | 000,000,000 | ---- | M] () -- C:\manifest.dat
[2012.10.24 11:06:26 | 000,070,511 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\Materialien_1.pdf
[2012.10.19 19:06:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.10.19 19:06:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
[2012.10.19 18:36:46 | 000,001,199 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\DVDVideoSoft Free Studio.lnk
[2012.10.19 16:54:45 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.15 15:15:18 | 000,025,932 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\Bestellbestaetigung.pdf
[2012.10.12 15:35:24 | 001,795,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01011.dll
[2012.10.12 15:35:24 | 000,050,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\point64.sys
[2012.10.11 20:52:04 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.10.11 20:39:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.10 17:25:25 | 000,910,303 | ---- | C] () -- C:\Users\Tran Quoc Tuan\Desktop\JRT.exe
[2012.11.10 17:22:01 | 000,541,569 | ---- | C] () -- C:\Users\Tran Quoc Tuan\Desktop\adwcleaner.exe
[2012.11.09 21:14:43 | 000,001,019 | ---- | C] () -- C:\Users\Tran Quoc Tuan\Desktop\Notepad++.lnk
[2012.11.07 11:09:27 | 000,000,043 | ---- | C] () -- C:\END
[2012.11.03 21:16:09 | 000,012,006 | ---- | C] () -- C:\Users\Tran Quoc Tuan\Desktop\Telekom Kündigung.odt
[2012.11.03 20:05:01 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.10.28 16:54:27 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.28 16:54:27 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.28 16:21:36 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.27 16:34:01 | 000,004,096 | ---- | C] () -- C:\conf.dat
[2012.10.27 16:33:44 | 000,032,768 | ---- | C] () -- C:\cache.dat
[2012.10.27 16:33:44 | 000,000,000 | ---- | C] () -- C:\manifest.dat
[2012.10.24 17:15:21 | 000,070,511 | ---- | C] () -- C:\Users\Tran Quoc Tuan\Desktop\Materialien_1.pdf
[2012.10.22 19:53:50 | 000,025,932 | ---- | C] () -- C:\Users\Tran Quoc Tuan\Desktop\Bestellbestaetigung.pdf
[2012.10.19 19:06:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.10.19 19:06:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
[2012.10.19 19:06:34 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.10.11 20:52:04 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.10.11 20:50:27 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.10.11 20:39:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.09.26 16:30:07 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012.09.26 13:09:04 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.09.26 10:06:08 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.26 10:06:05 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.23 06:33:39 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012.04.23 05:12:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.14 05:53:13 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.14 05:53:13 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.14 05:53:13 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.02.09 22:00:18 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2012.02.09 22:00:06 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.02.11 00:03:27 | 001,591,222 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.10.24 23:03:48 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.10.24 23:03:48 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.10.24 23:03:48 | 000,891,808 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012.02.24 01:21:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012.02.24 01:21:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012.02.24 01:21:12 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012.08.24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012.08.24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012.10.24 23:03:48 | 000,891,808 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012.10.24 23:03:48 | 000,891,808 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012.10.24 23:03:48 | 000,891,808 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012.02.24 01:21:11 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012.02.24 01:21:11 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012.02.24 01:21:11 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012.08.24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012.08.24 08:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)

< End of report >
         
--- --- ---

[/code]
__________________

Alt 10.11.2012, 20:16   #4
Hajaku
 
PUP.Blabbers - Standard

PUP.Blabbers



Extras
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.11.2012 19:57:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tran Quoc Tuan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,97 Gb Total Physical Memory | 4,40 Gb Available Physical Memory | 73,69% Memory free
11,94 Gb Paging File | 9,93 Gb Available in Paging File | 83,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681,64 Gb Total Space | 550,42 Gb Free Space | 80,75% Space Free | Partition Type: NTFS
 
Computer Name: TUAN | User Name: Tran Quoc Tuan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-471519800-2590362783-709212159-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{073DA745-3A42-4E44-83BD-9A254B51CA27}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0811E86D-CA8D-4BE0-B4C9-3EE0D64DE2F1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2BBC52D2-5F54-4DEA-9322-0C7BEDF7CD87}" = lport=80 | protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | 
"{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{46F323E0-D30A-4312-B783-5485A1A7031F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{49CD2904-9488-402D-AEF6-11669DEA71DA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4A9E816C-6E0E-4F56-B622-21B08AFB682C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4AB74B6B-590B-4E0C-A14A-A997AC6D458F}" = lport=3888 | protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio creations\vaio movie story\vmstory.exe | 
"{4C918393-C840-4189-8811-E72EEDCEDE2B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{5B512016-BA87-454D-80E8-DA60D59F1C0E}" = lport=3888 | protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio creations\vaio movie story\vmstory.exe | 
"{690E14BB-5705-4E6D-A99C-9A85606D7899}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6E6A00B2-7D87-4AF0-9FF5-D1FB7A00B73B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{72BC806D-D1BF-49F7-BB04-D90E7A7EBFA8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{744EEAFF-C9C8-4B33-8B64-DC97C4B6CFA4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78D77E12-7D8F-4937-BFA2-E6F14F008018}" = lport=137 | protocol=17 | dir=in | app=system | 
"{8E2A0D42-07B2-4486-A9B9-B3075158FB83}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9762D45A-389F-4724-80E0-EFE8EF784D26}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A1F60A42-EE8F-457B-A2C0-CE2A249B7073}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AC89E5B0-1B5D-4F8A-BDBF-BF2C8A6B343D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B570CB87-C1C4-47B1-B14F-C0F509E381C2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B733E2C4-2B4F-4F17-B023-CB42873D398B}" = lport=53 | protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\dcdhcpservice.exe | 
"{B7EBAB4B-AB8F-4724-8F70-BBB517D75183}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BDD4902C-A637-44D3-84D1-CE8239383BF5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BDF3E5DE-E5FF-46F9-84FE-BCA9342AEDD1}" = lport=3880 | protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio creations\vaio movie story\vmstory.exe | 
"{C478FF22-DDE5-488B-B619-178A30496E1E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{C575B730-E7C4-43D2-8795-F859FCF65875}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D16F5B88-E022-4AB8-B866-861BD80D216F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ED6B2DCA-DF41-4436-BD69-50129DD928D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EDCE12CC-22D8-42D1-BD75-C91E0EAE2002}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{FDEFD9F6-A4BD-4A20-A25D-E58CAA364BD2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FE1A9D12-0324-4FA3-A16F-4DDF595BF9DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08101561-A007-4306-A3E2-834FD3FE46E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0A803B77-FF73-4089-8C55-30755C016B1C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{0AA96641-84A9-43D1-984D-51A04C441C05}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{12B8B965-011B-4193-842B-BA2A8BC547C4}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{15849544-6A22-4075-9A78-40F298376DF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1686B3E5-DEC4-469C-A561-B6C96EBA4938}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{195D0010-55FA-4E73-B233-9F0B1F2929C5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\shogun2.exe | 
"{1CED16D5-D8B2-4B9E-AB66-6FBC5842F5D5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{27265820-6295-460A-AFA7-974B1C07611C}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{39248890-4E5F-4C73-8878-F71A20F10147}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{398350C2-94B8-4860-9BD3-856D17C6869C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{52E89123-33AF-4CE5-91B1-C7AE3A6EF6DD}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{57877DD8-8506-425B-A74C-A105BFF1A492}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{58248D5F-D34B-4906-A682-FBDD8169266F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{5F99EB2A-B901-4F2F-A51D-CDFF4FD7FF87}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{603F7DDD-3B3A-429D-95D1-8ADAD086D43A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{60B14ABB-1FE5-42B8-8E45-1C40AA638EC8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{61011DA7-1F10-4C49-AB5D-FC00D161AE9E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
"{6D9ED0DA-FE37-4037-96FC-4A4A02EA21AD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{74297CD7-D8C0-44CE-9BC8-AFD82E6A6FF8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{77BE2D05-47EE-461D-A242-849796EBF15B}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{7B245C74-A734-49AD-8B0B-42D8C501A444}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{7DC5FED2-3709-459E-8C7E-4DEBC6976E9D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{83C37BCA-76D7-452B-AE64-32F532A98CDA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{88D275BB-BF2A-40F8-B0A2-E04E5FC872BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8C1845AC-2121-450B-9469-DC82D19976C3}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{98178275-B277-4BCF-9B13-DDE7299860A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B6BB261-7F9D-461A-B3F3-E4C18EC4A248}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{9B7DD19B-D8F8-49F2-BCE6-E39BC4B041F2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{9B99710E-2EC1-4579-A315-08BA3583324F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A439E262-23DF-46B2-B54F-B3AE4F5A8A85}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{A4F6268F-5FE5-42CB-AA7A-DF909C1B02C0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A6459144-4B42-4E10-9FC8-767808BEA011}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A71ECF2B-8192-4746-94B2-B702ACDC2DD1}" = protocol=6 | dir=out | app=system | 
"{AA25FF56-D9B5-4415-91F4-E48B311FA51E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{AD585339-110E-46D3-AE79-F1BD926E4859}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AEABF324-753F-4E90-9C51-0130B1DC3AB0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_specify_properties.bat | 
"{B31D6528-38F9-4CC7-89CF-CC13A59C5942}" = dir=in | app=c:\users\tran quoc tuan\appdata\local\microsoft\skydrive\skydrive.exe | 
"{B99278C7-1F3F-40D2-8348-3675B611AB75}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{BD901A54-4DB2-45A3-A6F9-AADFE8D7DD66}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{C1A36FBB-7CA8-4FBE-BB58-82A9E89D7455}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C4607A43-B0B1-4C90-B089-03E8408E4E8A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C5E4ED7B-4245-466C-A786-6D38E9F75CCE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CE2DE7F5-BD1D-486A-ABED-59DE88EF8EFB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D23DD7AF-87AE-4038-8AA6-3D49FA42F1CD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\benchmarks\benchmark_current_settings.bat | 
"{D40E68B2-6AED-4E65-9946-49FF31D63EE4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{DEC68D55-D02D-4139-9CD1-A7C152B4B24B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E9719953-F2A0-4400-BE16-C42E37731AD4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{F06DD2A8-3B0A-49E9-B3C0-266E9E9D70D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F37537F5-9A5E-4511-B209-D902052FC968}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{FD6014F9-F712-4A82-9D04-29D050E167C9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{FEE5B6E3-443A-48ED-81F0-D5BBC5A403EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war shogun 2\data\encyclopedia\how_to_play.html | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0EB7792D-EFA2-42AB-9A22-F33D9458E974}" = Media Gallery
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{34EB42BE-F4D3-44C1-B28E-9740115DB72C}" = VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4D95D095-8C6F-4357-BDD8-27E295F37FB1}" = VAIO Care
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = VSSTx64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{549AD5FB-F52D-4307-864A-C0008FB35D96}" = VCCx64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CCD3595-D38B-4750-CF49-C6DDDAB5B355}" = ccc-utility64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{75C95C84-264F-4CC7-8A7E-346444E6C7C1}" = VAIO Improvement Validation
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}" = VAIO - PlayMemories Home Plug-in
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEAA361-F8A4-4298-B41C-9E9DCB9AAB84}" = VPMx64
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EBF1529E-D2D5-47CF-97EC-7D90CEF0FE04}" = AMD Catalyst Install Manager
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00476F3E-3C4D-4E02-B8BB-125350157EB9}" = Windows Live Mail
"{03426ED9-9D9C-4F71-B293-BBE6493367A2}" = Windows Live Mail
"{0363A571-BD40-C5E2-2573-92B60D93EE97}" = Catalyst Control Center InstallProxy
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{03E2EED4-368D-49EA-B1AC-8B615E37E16D}" = Windows Live Messenger
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" = 
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{048C8498-C20B-4AF7-9978-7A79E567D74C}" = Photo Common
"{058EDEC8-1873-4B49-9A08-54ADE9CC129B}" = Movie Maker
"{06EED60F-7FFC-43A7-936E-AA4A8BD948B4}" = Windows Live Writer
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play mit PlayStation®3
"{087D261B-73AE-4B8A-8F18-2EE80DD2ED8B}" = Фотоальбом
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail
"{0B783100-6F04-4E2F-B83D-0A9B4EEDE47A}" = Windows Live Writer Resources
"{0BC39E89-506A-4ADA-8924-27AEE2C97618}" = Windows Live Writer
"{0BFF2188-2D8E-4BE2-95D0-B3CCD4C6A0C9}" = Photo Common
"{0D4931AE-CD0A-B202-CA87-7E7DF1322D24}" = CCC Help Italian
"{0DF95460-2887-4011-9344-1959CDF18ADC}" = Photo Common
"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0E710CBA-8571-7C5C-68BA-47E1C34A6745}" = CCC Help Dutch
"{1026DF85-1C0F-4839-888E-EB9D5B73CF46}" = Windows Live Writer
"{115356B4-8E81-43DB-BB2A-19E5ED95FBAF}" = Фотоколекція
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{182D3167-FE80-4DF6-96C2-84AC0ABA20D8}" = Windows Live Writer Resources
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19AFD9A4-B584-41C8-91EA-38EB2FC1BD50}" = Windows Live Messenger
"{1A79A578-4277-48AF-98A6-F9E48CF1B6D8}" = Windows Live Writer
"{1D6F9A9A-DCF3-45A7-9B14-46DDA778313F}" = Windows Liven sähköposti
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F0C818D-4A41-4E40-BAFB-BB940C82A518}" = Fotogalerija
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{207E9B4C-48A9-47CE-BBC8-ACF0B2006351}" = Windows Live Mail
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{254F7574-53A7-43D1-BC4D-B1E894AEE175}" = Windows Live Writer
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{262E7632-72F9-4CBE-9461-937F24106EF2}" = Windows Live Essentials
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28B2947F-FC0B-4450-80E3-6DF698E824A6}" = Windows Liven peruspaketti
"{2A078A2B-E2C8-43A3-862C-DC57090AB7C2}" = Movie Maker
"{2AC4C6D7-512D-4B78-A85B-2C16E748AB8E}" = Movie Maker
"{2B068A64-F867-44E9-8827-A795647C8730}" = Фотографии (общедоступная версия)
"{2B919309-7052-45A4-B1C8-5B4894E8648B}" = Windows Live Writer
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F41EF61-A066-4EBF-84F8-21C1B317A780}" = VAIO - TrackID™ mit BRAVIA
"{306C7AEF-16C7-428D-93AA-99D4A4090243}" = Movie Maker
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{31846283-C955-4CE1-9297-8670BD0C9A7E}" = Windows Live Messenger
"{32AA7594-09A9-437F-9541-5F760509B752}" = Фотогалерия
"{330BBA5F-4A63-4545-900F-8446F205BA52}" = Windows Live Writer Resources
"{3490653F-2789-46A1-B1BF-6BD4CF4131AB}" = FDUx86
"{34C5AD54-3CCD-4935-AB8D-8527058B96F7}" = Windows Live UX Platform Language Pack
"{35CB7C2D-B421-46FC-89CF-3B630628876F}" = Windows Live Writer Resources
"{36BEC461-B58A-414D-993E-E2BDD1F1A14B}" = Movie Maker
"{373EF285-A2DC-44EB-8D79-18918F33CB3A}" = Windows Live Messenger
"{37FDD121-C443-4FD3-A213-2449B397C068}" = Windows Live Messenger
"{38911305-6616-4D26-91DB-AD83B1F2DCF0}" = Windows Live Mail
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A9ECD64-DE00-4779-A89E-C878513B2B37}" = Windows Live Writer Resources
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D4F3F4C-E364-4E46-BFB1-A00BF9777422}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FD0036E-236A-4EDD-894D-4374BEE64464}" = Windows Live UX Platform Language Pack
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{42B6C7E0-0DAE-488D-8DAF-838898102F19}" = Windows Live Writer
"{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
"{45F41392-ED69-D133-4F2B-3236C0ABF088}" = CCC Help Russian
"{4601C392-2281-0E26-01C5-F6AD044A0AB9}" = CCC Help German
"{46A648D2-C097-41A3-A517-E709F045B6CD}" = Movie Maker
"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4AF53C99-315D-4536-873F-029D2D274AE2}" = Photo Common
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E55905B-849D-4633-9267-3EC77E24221A}" = Poczta usługi Windows Live
"{5078CEC3-A56F-4080-8CD4-ED7BCBE5686B}" = Photo Common
"{50849B2C-097E-47A5-A076-6F11A939E093}" = Windows Live Mail
"{51449A7F-4820-4757-9236-87A3BE7B6F27}" = Windows Live Writer
"{5156C9BF-1C27-430B-96D8-7129F11699A8}" = VAIO Data Restore Tool
"{51EF51B6-0D9F-4977-8F9D-A1E15017D2B7}" = Windows Live Mail
"{537B16E0-A39F-47CB-9C1E-50978862B108}" = Windows Live UX Platform Language Pack
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{55268806-FC27-4CA2-9CCA-1269FD4831FE}" = Windows Live Writer
"{56232E3D-7EA9-45E0-A371-26CD80510AF7}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5917D694-AFC3-46BF-8CAB-0DABAF9D6FCB}" = Windows Live UX Platform Language Pack
"{5A30E103-9FA6-4A23-A107-E1F5F174BB62}" = Windows Live Temel Parçalar
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{5FE3BC4E-2BD5-4D6B-8BC4-640A42626AAD}" = Почта Windows Live
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{6209125A-46C5-4099-96DC-72FD55B07C1C}" = Windows Live Writer Resources
"{62BBCDDC-4979-4E59-9D97-5B8E874C3191}" = Movie Maker
"{62CC9AF4-EDD9-43C8-9856-FFD60362CFA9}" = Windows Live Messenger
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6466EF6E-700E-470F-94CB-D0050302C84E}" = Remote Keyboard
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66DB6D91-BF91-480B-933D-7CB8B1E64D74}" = Windows Live Messenger
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{692955F2-DE9F-4078-8FAA-858D6F3A1776}" = VAIO Gesture Control
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6B8F13E2-F02B-445C-9A31-3C0E5D547CBA}" = Photo Common
"{6DA675F3-B549-4BDE-90FA-BEF8C3B87F00}" = Windows Live Mail
"{6FD21053-829D-40E7-B04C-CAFB7D5CD025}" = KUx86
"{6FD7D12D-2E71-42F4-B0E9-3BD2010D6F07}" = Catalyst Control Center - Branding
"{701FE1BC-834A-4857-AF62-6EBA50CFBC78}" = Movie Maker
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{70BF63A5-DE6A-417C-AB93-5E31D0DA994E}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{715F9B21-2817-402A-9BF0-BDA764D21F09}" = Windows Live Essentials
"{7211F448-F865-4D37-B905-24D84E6C3E5E}" = Windows Live Writer Resources
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73669388-1011-4B57-A90F-8B0415093AB2}" = Windows Live Writer
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote-Tastatur
"{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
"{751EB657-3F22-4150-8CE4-D79A262F1D92}" = Movie Maker
"{7595CAD2-87D0-4D01-AC02-3FDD3A891BB8}" = Galeria fotografii
"{7607440C-FDCA-4210-9CD9-13D8F0DDAD0C}" = Windows Live Writer Resources
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77911750-3B45-9927-43CE-96153D2E16B3}" = Catalyst Control Center Localization All
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{794D971F-7EC1-4F71-A51C-773074CAB8DA}" = Windows Live Writer
"{797DC296-ADC5-4A08-8CBC-AEB0D6F4B249}" = Windows Live Essentials
"{7A83618D-879A-4258-8B5E-5AD8B5F3EDD0}" = Windows Live Writer
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7BF004A9-25FA-331C-0995-8198C9A9EE07}" = CCC Help Portuguese
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7E41F42B-7ED8-4E15-A492-B93B287C027F}" = Windows Live Writer Resources
"{7E5A5CA6-B7D0-406E-A75E-157CAB47EB94}" = VMLx86
"{7E63F102-A9E9-4F4C-8004-BC62974736BF}" = Movie Maker
"{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack
"{7F6B531E-0B45-6C2F-7649-B876E323B025}" = CCC Help French
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = 
"{8063EB67-E777-4A56-9C1E-FAD75C2F5EC2}" = Photo Common
"{8146445E-B14D-4CBA-AB9A-728CF166DAC9}" = Windows Live Messenger
"{8176B9CA-F037-49C0-BD77-661B1DDCA6F3}" = Movie Maker
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger
"{83F937CA-5775-606B-C0D1-879C9458B25F}" = CCC Help Danish
"{854A24E3-A0EF-472A-B1D6-A2E9D43D5D8B}" = Windows Live Writer Resources
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials
"{858B32BD-121C-4AC8-BD87-CE37C51C03E2}" = TrackID(TM) with BRAVIA
"{85C71DC0-F0FE-15EA-15E8-EE05059D04E9}" = CCC Help Thai
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{87425773-10F4-4858-8CBF-465093FA43DE}" = Windows Live Mail
"{88809C3E-8C92-4454-AEB7-B26166E3D6CD}" = Windows Live UX Platform Language Pack
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger
"{8CE152BA-1D16-11E1-867D-984BE15F174E}" = Evernote v. 4.5.2
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8E241C05-52BF-4862-AD1F-AAE465C0075B}" = Windows Live Mail
"{8E31695A-4694-4DC4-8BEF-F8F22520D38D}" = Windows Live Writer
"{8E797841-A110-41FD-B17A-3ABC0641187A}" = VAIO Control Center
"{8FCDAAE0-130C-EB8B-6F9D-B7F802B38E43}" = CCC Help Chinese Standard
"{902C4E0E-89CE-43B9-BCC0-F3A91E987F99}" = Windows Live Writer
"{9038E0C6-9CB9-4380-8FA3-B6B30FA304CF}" = Основи Windows Live
"{9093B0D5-EA59-4C9E-A2E3-CC130138DFCD}" = Fotogaléria
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{91AFB7F0-CF98-73B6-8FA9-958878EF65DE}" = CCC Help Chinese Traditional
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{9306084B-53F6-33E3-3B6D-3C9485AB5C44}" = CCC Help Polish
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96361BC7-B7C8-4594-AD89-813C371F4246}" = Windows Live Writer Resources
"{968B8056-7631-4204-9BFB-CF7E0965C31F}" = Windows Live Messenger
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{989889A7-D13D-4DA4-B059-B250784DFABC}" = Photo Common
"{9939B8FF-7D2D-4258-B5B9-B6BA8DD59905}" = Windows Live Mail
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF}" = Windows Live Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C60D080-84E7-43A5-8ECA-28253D253BD7}" = Windows Live Essentials
"{9D3B7B6C-1493-441C-99B6-26A419354812}" = Windows Live Writer
"{9E536BEC-BD58-EA09-62B9-DC8BD889CBA6}" = CCC Help English
"{9EDF46F0-2D4E-4C00-B2B6-0660666E9F60}" = Movie Maker
"{9F470E17-4FC3-4091-A508-D5347A16A2B9}" = Fotogalleriet
"{A035950F-15BA-41C0-9D8F-165FC0536012}" = Movie Maker
"{A0E4C4A6-1CC7-4442-8CAE-2D825B7BC1C1}" = Windows Live Writer Resources
"{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
"{A17D2142-6D09-4C3D-AD24-FDF9EF3198C3}" = Windows Live Writer Resources
"{A19A8C25-272A-4CD6-8BA8-3772321A021B}" = Συλλογή φωτογραφιών
"{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}" = Fotogalerie
"{A37F2060-813A-4325-9456-272B10EE75EF}" = Windows Live Essentials
"{A3D995FA-C9A0-4E7D-B430-3F7A6731B4D5}" = Windows Live UX Platform Language Pack
"{A412D7BD-FD86-461D-B385-CD8062F34131}" = Windows Live Messenger
"{A47EA9D4-BB87-415E-9239-28860434E5A0}" = Movie Maker
"{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
"{A58FCEF4-3191-466C-8949-0FFFFFB7631D}" = Windows Live Writer Resources
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}" = Podstawowe programy Windows Live
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD
"{AA82E5EF-70C2-41CB-8432-309078304CBB}" = Photo Common
"{ABA75682-3B03-F4EB-F755-F81272A9FB50}" = CCC Help Swedish
"{ABAF6F07-0D84-4700-948E-EC5042B9D978}" = Windows Live Mail
"{AC2C1BDB-1E91-4F94-B99C-E716FE2E9C75}_is1" = MinGW-Get version 0.5-beta-20120426-1
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC}" = Windows Live UX Platform Language Pack
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{AE5F3379-8B81-457E-8E09-7E61D941AFA4}" = VAIO Gate
"{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B24BB74E-8359-43AA-985A-8E80C9219C70}" = VSSTx86
"{B306F739-A414-4698-BFAD-0AB23F73D14F}" = Windows Live Messenger
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B625668D-34AA-462D-AA32-44BFA70F08E7}" = Windows Live Messenger
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B67B2671-2981-466B-BA14-25538AA871DC}" = Windows Live Messenger
"{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{BA068968-594F-40BE-8EE8-99119123C991}" = Windows Live UX Platform Language Pack
"{BAD4B8FA-4BDA-4A59-BE64-9741031680C7}" = Movie Maker
"{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}" = VAIO CPU-Lüfterdiagnose
"{BFA6D5AD-25EA-475F-AD80-ECD408C674AB}" = Movie Maker
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2F1EBBF-9AC4-4E0B-A7F4-74C9C7AD4813}" = Galerie foto
"{C32F4F5A-C9FB-427C-9F6F-9DB157611FFF}" = Valokuvavalikoima
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4D82144-B2D5-4A0E-A470-16F13EBC5BCB}" = Windows Live Essentials
"{C595F480-788A-4F8F-8277-1A91F32CA879}" = Windows Live Writer
"{C63E7C86-2AB0-95C7-52E4-4AAFDAE83B1B}" = CCC Help Finnish
"{C67BC332-A59A-4D40-977F-664F60AB21D8}" = Photo Common
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C7929038-EDFB-416D-A2C9-CC65416DA0DF}" = Photo Common
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{C8544A9A-76BE-4F82-811E-979799AE493B}" = VAIO Gesture Control
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{C9D08433-5FDD-43C6-8482-7AFA7D891D98}" = Windows Live UX Platform Language Pack
"{CA5C4498-C7E7-4808-AB41-A2B534A476AF}" = Windows Live Messenger
"{CAEDA0C9-8B41-4D69-B4D6-5AC66AAF44FB}" = Photo Common
"{CCB26B62-5219-9E89-E5EC-17CFAEA9E5E3}" = CCC Help Korean
"{CD239A50-AD95-4A72-9D5F-D4FBD4B89417}" = Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CE44687E-BC21-4B69-B0AE-6BDFD6B5C327}" = Windows Live Messenger
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{D04EBB49-C985-4A38-8695-62000861293A}" = Raccolta foto
"{D06D3E90-8881-014E-D9A0-64CF95AB21BB}" = Catalyst Control Center Graphics Previews Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D16E0F0C-5D10-45CF-A585-CE3689B5A913}" = Windows Live Writer
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D1952E4A-9F67-4693-A06D-DA8E0FB2B00D}" = Windows Live Essentials
"{D1F5A388-09C9-4998-A793-B15DCDEB3B42}" = Photo Common
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D4EA8070-20E0-4BAF-BC44-D166C292FEBE}" = Windows Live Writer Resources
"{D52EDEF4-068C-0F6C-374C-A3D87418F027}" = CCC Help Greek
"{D56DA747-5FDB-4AD5-9A6A-3481C0ED44BD}" = Remote Play with PlayStation(R)3
"{D824AFCC-3408-4FB2-A6C9-28C660700DD4}" = Photo Common
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DAD85607-2C8E-43D5-B068-4B218F1A7DB8}" = Windows Live Mail
"{DB1A3EA7-0C25-4BEC-A108-176195190369}" = VHD
"{DB7B6508-2AAB-4F26-99D4-74559A2F5E42}" = Fotoğraf Galerisi
"{DF184496-1CA2-4D07-92E7-0BD251D7DEF0}" = VCCx86
"{DFB0E1FE-B5DE-42D7-97A9-2A69FB530A73}" = Windows Live Messenger
"{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}" = PlayMemories Home
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E0FB88-D570-463E-A98E-733B7B656867}" = Photo Gallery
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E18F981B-401C-4D90-BC57-D8903564D558}" = Windows Live UX Platform Language Pack
"{E22E95E7-0A26-4AEC-A907-390C568C5BC1}" = Windows Live Messenger
"{E33F7934-F129-EC39-2EF6-6C3414B94594}" = CCC Help Spanish
"{E354D495-5DA4-4CCF-AB39-080F6A4141BE}" = Fotogalleri
"{E3D6D7E5-5C24-DAC0-E268-4A08098201E6}" = CCC Help Hungarian
"{E50E3DBC-46AA-4827-B2A6-F995D81DF526}" = Fotótár
"{E570053D-8ABC-4938-9E23-C634E08E7490}" = Windows Live Mail
"{E6757A5B-EE7E-4D72-82B7-D1B2991DF55E}" = PYV_x86
"{E682702C-609C-4017-99E7-3129C163955F}" = VAIO - Remote-Tastatur mit PlayStation®3
"{E6A3F960-E593-4DDE-B9F2-66885D973A26}" = Pošta Windows Live
"{E727B31A-8B24-4C1C-934A-69634E0D2C0B}" = Qualcomm Atheros WiFi Driver Installation
"{E800ADC4-F459-42F5-89A2-E754634B010A}" = Windows Live Writer Resources
"{EB91007A-0110-42A6-B869-2709955A9B2A}" = Photo Common
"{EC33D375-5164-4374-9061-43F5C6073219}" = Photo Common
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF9A2D34-4261-AE03-C9A7-ED54EA8F9A70}" = CCC Help Japanese
"{F09DD76B-D3D3-4558-B5BC-F1EEA6E00162}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CA7DAE-F998-499C-8CA5-FC58CA2416EC}" = Windows Live Essentials
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F29C9CFE-350A-42AC-A7C8-04154D5FE8A9}" = Windows Live Writer
"{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
"{F54A07A9-9716-4094-9E79-F5E929679FFF}" = Windows Live Writer Resources
"{F5E338CE-E1C6-4F7D-8300-44DBD05B9F14}" = Galeria de Fotografias
"{F613796A-D87D-4576-0F6B-A7770FBAAC52}" = CCC Help Czech
"{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
"{F67E566E-7B97-3599-D353-06B7532851C9}" = CCC Help Turkish
"{F7304CCF-B4A0-49C7-88A8-CD3F28FFBF9A}" = Основные компоненты Windows Live
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9395F3D-4198-476C-8C41-63D0B5B51E35}" = PlayMemories Home/PMB VAIO Edition Plug-in Ver.2.2 Upgrade Program
"{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FBC5861D-E773-18D2-7C71-2CEB8CE3939D}" = CCC Help Norwegian
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEEB8EEC-CC21-0CFF-6C5C-E86BDF9323CE}" = Catalyst Control Center
"{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"ESN Sonar-0.70.4" = ESN Sonar
"Free Studio_is1" = Free Studio version 5.7.4.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"GeoGebra" = GeoGebra
"GinyasBrowserCompanion" = GinyasBrowserCompanion
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD
"InstallShield_{F9395F3D-4198-476C-8C41-63D0B5B51E35}" = VAIO - PlayMemories Home Plug-in
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 34330" = Total War: SHOGUN 2
"VAIO Help and Support" = 
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-471519800-2590362783-709212159-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
< End of report >
         
--- --- ---

[/code]

Alt 11.11.2012, 12:38   #5
M-K-D-B
/// TB-Ausbilder
 
PUP.Blabbers - Standard

PUP.Blabbers



Servus,



Schritt 1
Ich sehe, dass du sog. Registry Cleaner auf dem System hast.
In deinem Fall CCleaner.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
  • Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
  • Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
  • Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.
Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.
Am Ende der Bereinigung empfehle ich dir ein anderes Tool, mit dem du deine temporären Dateien entfernen kannst.





Schritt 2
Downloade Dir bitte den Revo Uninstaller
  • Doppelklicke auf die revosetup.exe.
  • Installiere das Tool in den vorgegebenen Pfad.
  • Doppelklicke auf das Revo Uninstall Icon.
  • Suche Dir nun folgende Software aus der Code-Box.
    Code:
    ATTFilter
    GinyasBrowserCompanion
             
    Klicke darauf und bestätige mit Ja.
  • Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
  • Das Tool wird nun nach allen Einträgen auf dem Rechner suchen. Klick auf weiter
  • Klicke auf den Markiere alle Button und klicke auf löschen und bestätige mit Ja.
Bebilderte Anleitung

Starte den Rechner abschließend neu auf.





Schritt 3
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
[2012.11.07 11:09:26 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\GinyasBrowserCompanion
[2012.11.07 11:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GinyasBrowserCompanion

:commands
[Emptytemp]
         
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread





Schritt 4
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von ComboFix.


Alt 11.11.2012, 14:45   #6
Hajaku
 
PUP.Blabbers - Standard

PUP.Blabbers



Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\Tran Quoc Tuan\AppData\Roaming\GinyasBrowserCompanion folder moved successfully.
C:\Program Files (x86)\GinyasBrowserCompanion folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Tran Quoc Tuan
->Temp folder emptied: 7703387 bytes
->Temporary Internet Files folder emptied: 8236709 bytes
->Java cache emptied: 73886 bytes
->FireFox cache emptied: 107963328 bytes
->Flash cache emptied: 62051 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2432 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 175069 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 119,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11112012_142701

Files\Folders moved on Reboot...
C:\Users\Tran Quoc Tuan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-09.02 - Tran Quoc Tuan 11.11.2012  14:35:06.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6114.4272 [GMT 1:00]
ausgeführt von:: c:\users\Tran Quoc Tuan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-11 bis 2012-11-11  ))))))))))))))))))))))))))))))
.
.
2012-11-11 13:41 . 2012-11-11 13:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-11 13:27 . 2012-11-11 13:27	--------	d-----w-	C:\_OTL
2012-11-10 20:58 . 2012-11-10 20:58	--------	d-----w-	c:\users\Tran Quoc Tuan\AppData\Roaming\FileZilla
2012-11-10 20:58 . 2012-11-10 20:58	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client
2012-11-10 18:50 . 2012-11-10 18:50	--------	d-----w-	c:\windows\ERUNT
2012-11-10 18:50 . 2012-11-10 18:53	--------	d-----w-	C:\JRT
2012-11-09 20:14 . 2012-11-09 20:15	--------	d-----w-	c:\users\Tran Quoc Tuan\AppData\Roaming\Notepad++
2012-11-09 20:14 . 2012-11-09 20:14	--------	d-----w-	c:\program files (x86)\Notepad++
2012-11-07 16:12 . 2012-11-07 16:12	--------	d-----w-	C:\Dev-Cpp
2012-11-07 10:09 . 2012-11-07 16:24	--------	d-----w-	c:\users\Tran Quoc Tuan\AppData\Roaming\Dev-Cpp
2012-11-03 19:06 . 2012-11-03 19:06	--------	d-----w-	c:\windows\de
2012-11-03 19:00 . 2012-11-03 19:00	--------	d-----w-	c:\program files\Windows Live
2012-11-03 19:00 . 2010-06-02 03:55	77656	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2012-11-03 19:00 . 2010-06-02 03:55	74072	----a-w-	c:\windows\SysWow64\XAPOFX1_5.dll
2012-11-03 19:00 . 2010-06-02 03:55	527192	----a-w-	c:\windows\SysWow64\XAudio2_7.dll
2012-11-03 19:00 . 2010-06-02 03:55	518488	----a-w-	c:\windows\system32\XAudio2_7.dll
2012-11-03 19:00 . 2010-05-26 10:41	2526056	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2012-11-03 19:00 . 2010-05-26 10:41	2106216	----a-w-	c:\windows\SysWow64\D3DCompiler_43.dll
2012-11-03 19:00 . 2010-05-26 10:41	276832	----a-w-	c:\windows\system32\d3dx11_43.dll
2012-11-03 19:00 . 2010-05-26 10:41	248672	----a-w-	c:\windows\SysWow64\d3dx11_43.dll
2012-11-03 18:59 . 2009-09-04 16:29	453456	----a-w-	c:\windows\SysWow64\d3dx10_42.dll
2012-11-03 18:59 . 2009-09-04 16:29	523088	----a-w-	c:\windows\system32\d3dx10_42.dll
2012-11-03 18:59 . 2006-11-29 12:06	4398360	----a-w-	c:\windows\system32\d3dx9_32.dll
2012-11-03 18:59 . 2006-11-29 12:06	3426072	----a-w-	c:\windows\SysWow64\d3dx9_32.dll
2012-11-03 18:57 . 2012-11-03 18:57	5659096	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\37d0e871cdb9f501\skydrivesetup.exe
2012-10-28 15:21 . 2012-11-02 19:17	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-10-28 15:21 . 2012-09-24 08:58	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-10-28 15:21 . 2012-09-13 14:52	99248	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-28 15:18 . 2012-10-28 15:18	--------	d-----w-	c:\programdata\McAfee
2012-10-28 15:04 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-10-28 15:04 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-10-28 15:04 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-10-28 15:04 . 2012-08-24 18:04	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-10-28 15:04 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-10-28 15:04 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-10-28 15:04 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-10-28 15:04 . 2012-08-24 16:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-10-28 15:04 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-10-27 15:18 . 2012-10-27 15:18	--------	d-----w-	c:\users\Tran Quoc Tuan\AppData\Roaming\McAfee
2012-10-27 14:46 . 2012-11-11 13:25	--------	d-----w-	c:\program files (x86)\VS Revo Group
2012-10-26 14:52 . 2012-10-26 14:52	--------	d-----w-	c:\users\Tran Quoc Tuan\AppData\Roaming\Avira
2012-10-26 14:44 . 2012-10-26 14:44	--------	d-----w-	c:\users\Tran Quoc Tuan\AppData\Local\Diagnostics
2012-10-26 14:40 . 2012-10-26 14:40	--------	d-----w-	c:\programdata\Avira
2012-10-26 14:40 . 2012-10-26 14:40	--------	d-----w-	c:\program files (x86)\Avira
2012-10-24 19:47 . 2012-10-24 19:47	--------	d-----w-	c:\users\Tran Quoc Tuan\AppData\Local\Cyberlink
2012-10-24 19:46 . 2012-10-24 19:46	--------	d-----w-	c:\users\Tran Quoc Tuan\AppData\Roaming\CyberLink
2012-10-24 19:46 . 2012-10-24 19:46	--------	d-----w-	c:\programdata\CyberLink
2012-10-24 16:18 . 2012-11-07 10:18	--------	d-----w-	C:\MinGW
2012-10-22 16:47 . 2012-10-22 16:47	--------	d-----w-	c:\users\Tran Quoc Tuan\AppData\Roaming\Telefónica
2012-10-22 16:46 . 2008-03-27 08:51	1490656	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2012-10-21 15:05 . 2012-11-07 17:12	--------	d-----w-	c:\users\Tran Quoc Tuan\Tracing
2012-10-19 18:20 . 2012-09-24 21:16	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-19 18:06 . 2012-07-26 07:46	2560	----a-w-	c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-10-19 18:06 . 2012-07-26 04:55	785512	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-10-19 18:06 . 2012-07-26 04:55	54376	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-10-19 18:06 . 2012-07-26 02:36	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-10-19 18:06 . 2012-10-19 18:06	--------	d-----w-	c:\program files\Microsoft Mouse and Keyboard Center
2012-10-12 14:35 . 2012-10-12 14:35	50856	----a-w-	c:\windows\system32\drivers\point64.sys
2012-10-12 14:35 . 2012-10-12 14:35	1795952	----a-w-	c:\windows\system32\WdfCoInstaller01011.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-10 19:57 . 2012-09-26 16:00	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-11-10 19:57 . 2012-09-26 09:06	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-11-10 19:54 . 2012-09-26 09:06	281520	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-11-10 13:32 . 2012-04-23 04:35	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-10 13:32 . 2012-04-23 04:35	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-10 19:57 . 2012-09-26 11:15	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-09-29 17:54 . 2012-09-25 17:09	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-28 20:32 . 2012-09-28 20:32	2177688	----a-w-	c:\windows\system32\coin92.dll
2012-09-26 16:01 . 2012-09-26 09:06	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-09-26 15:30 . 2012-09-26 15:30	2434856	----a-w-	c:\windows\SysWow64\pbsvc_bc2.exe
2012-09-25 19:04 . 2012-09-25 19:04	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-25 19:04 . 2012-04-23 04:14	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-25 16:44 . 2011-03-28 16:36	19720	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-20 15:02 . 2012-09-20 15:02	1832760	----a-w-	c:\windows\system32\LogiLDA.DLL
2012-09-14 19:19 . 2012-10-10 16:39	2048	----a-w-	c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 16:39	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-09-12 15:07 . 2012-09-12 15:07	58368	----a-w-	c:\windows\SysWow64\sirenacm.dll
2012-09-12 14:57 . 2012-09-12 14:57	322048	----a-w-	c:\windows\WLXPGSS.SCR
2012-08-31 18:19 . 2012-10-10 16:40	1659760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 16:40	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 16:40	3968880	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 16:40	3914096	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 16:39	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 16:39	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-26 10:15	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-26 10:15	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-26 10:15	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-26 10:15	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-26 10:15	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-26 10:15	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-26 10:15	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-26 10:15	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-26 10:15	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-26 10:15	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-26 10:15	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-26 10:15	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-26 10:15	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-26 10:15	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-26 10:15	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-26 10:15	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-26 10:15	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-26 10:15	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-26 10:15	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-26 10:15	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-26 10:15	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-26 10:15	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-26 10:05	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-26 10:05	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-26 10:05	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-26 10:05	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 10:04	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-21 11:01 . 2012-10-11 19:51	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2012-08-21 11:01	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2012-08-21 11:01	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2012-08-20 18:48 . 2012-10-10 16:39	243200	----a-w-	c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 16:39	362496	----a-w-	c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 16:39	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 16:39	215040	----a-w-	c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 16:39	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 16:39	424448	----a-w-	c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 16:39	1162240	----a-w-	c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 16:39	338432	----a-w-	c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 16:39	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	4608	---ha-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3584	---ha-w-	c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	4096	---ha-w-	c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	4096	---ha-w-	c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3584	---ha-w-	c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3584	---ha-w-	c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3584	---ha-w-	c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3584	---ha-w-	c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3584	---ha-w-	c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	4096	---ha-w-	c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3584	---ha-w-	c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	5120	---ha-w-	c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 16:39	3072	---ha-w-	c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 16:39	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 16:39	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 16:39	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 16:39	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 16:39	274944	----a-w-	c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 16:39	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:39	4608	---ha-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:39	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:39	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 16:39	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-03 18:58	220632	----a-w-	c:\users\Tran Quoc Tuan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-03 18:58	220632	----a-w-	c:\users\Tran Quoc Tuan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-03 18:58	220632	----a-w-	c:\users\Tran Quoc Tuan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-10 343168]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-22 291608]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-02 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-23 36000]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2012-02-23 51872]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-23 339616]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-23 110752]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2012-02-23 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-23 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2012-02-23 280992]
R3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2012-02-23 421664]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-23 550560]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-21 112256]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 lehidmini;Bluetooth Low Energy Hid Device;c:\windows\system32\drivers\leath_hid.sys [2012-02-23 36128]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-10-12 50856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys [2012-03-13 21264]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 138392]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 74904]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-26 101600]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys [2012-02-22 16152]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-13 235520]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-02 84256]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-23 106144]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-08 2429544]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-13 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-13 161560]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 473960]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-13 363800]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-02-23 158880]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-03-13 95248]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2012-02-23 30368]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys [2012-02-22 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys [2012-02-22 787736]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-02-08 339048]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-13 675432]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2012-01-16 14336]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-05-28 54464]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-05-10 1259104]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-23 13:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-03 18:58	244696	----a-w-	c:\users\Tran Quoc Tuan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-03 18:58	244696	----a-w-	c:\users\Tran Quoc Tuan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-03 18:58	244696	----a-w-	c:\users\Tran Quoc Tuan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-13 1156712]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-23 1020576]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-23 800416]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://vaioportal.sony.eu
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Free YouTube Download - c:\users\Tran Quoc Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Tran Quoc Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Tran Quoc Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\m9qzk0gc.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2012-10-28 17:16; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Tran Quoc Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\m9qzk0gc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-10-31 18:05; ich@maltegoetz.de; c:\users\Tran Quoc Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\m9qzk0gc.default\extensions\ich@maltegoetz.de
FF - ExtSQL: 2012-10-31 18:05; personas@christopher.beard; c:\users\Tran Quoc Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\m9qzk0gc.default\extensions\personas@christopher.beard.xpi
FF - ExtSQL: 2012-10-31 18:05; {99B98C2C-7274-45a3-A640-D9DF1A1C8460}; c:\users\Tran Quoc Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\m9qzk0gc.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
FF - ExtSQL: 2012-10-31 18:05; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Tran Quoc Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\m9qzk0gc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2012-10-31 18:05; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Tran Quoc Tuan\AppData\Roaming\Mozilla\Firefox\Profiles\m9qzk0gc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-471519800-2590362783-709212159-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-471519800-2590362783-709212159-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-11  14:43:03
ComboFix-quarantined-files.txt  2012-11-11 13:43
.
Vor Suchlauf: 16 Verzeichnis(se), 597.240.262.656 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 597.089.726.464 Bytes frei
.
- - End Of File - - 51980E06408EEC1DB4E38CE334E5255F
         
--- --- ---

Alt 11.11.2012, 15:50   #7
M-K-D-B
/// TB-Ausbilder
 
PUP.Blabbers - Standard

PUP.Blabbers



Servus,



wie läuft dein Rechner derzeit?
Gibt es noch Probleme mit Malware? Wenn ja, welche?





Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

Alt 11.11.2012, 16:24   #8
Hajaku
 
PUP.Blabbers - Standard

PUP.Blabbers



Der Rechner läuft ganz normal

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.11.2012 16:15:47 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tran Quoc Tuan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,97 Gb Total Physical Memory | 3,79 Gb Available Physical Memory | 63,39% Memory free
11,94 Gb Paging File | 9,27 Gb Available in Paging File | 77,63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681,64 Gb Total Space | 554,88 Gb Free Space | 81,40% Space Free | Partition Type: NTFS
 
Computer Name: TUAN | User Name: Tran Quoc Tuan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.10 17:25:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tran Quoc Tuan\Desktop\OTL.exe
PRC - [2012.11.10 14:32:09 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012.11.02 20:17:19 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.02 20:16:45 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.02 20:16:44 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.26 17:01:05 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.28 23:54:30 | 000,054,464 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2012.03.13 17:02:03 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.03.13 17:01:48 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.03.13 17:01:29 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.03.13 17:00:11 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012.03.07 17:57:48 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
PRC - [2012.03.07 17:57:46 | 000,065,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
PRC - [2012.02.23 16:09:58 | 000,158,880 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2012.02.22 18:10:28 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.21 11:41:12 | 000,473,960 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012.02.21 11:37:16 | 000,693,608 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2011.11.30 17:49:50 | 000,082,592 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.11.29 19:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.09.20 15:57:56 | 000,060,552 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011.02.23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.10 14:32:09 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012.10.24 18:49:23 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.09.26 16:20:06 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.09.26 16:19:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.09.26 16:19:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.09.26 16:19:58 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\acc563eb665e430df4375afb9697a5d9\IAStorCommon.ni.dll
MOD - [2012.09.26 16:19:56 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\33e53ffe7ba7362a2d483ef4ea79bfe3\IAStorUtil.ni.dll
MOD - [2012.09.26 16:19:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.09.26 16:19:44 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.09.26 16:19:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.09.26 16:19:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.09.26 16:19:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.09.26 16:19:25 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.08.27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.04.23 05:39:43 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.03.13 18:15:50 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.11.30 17:49:50 | 000,260,768 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2012.11.10 14:32:09 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.11.02 20:18:07 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.11.02 20:17:19 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.02 20:16:45 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.24 18:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.26 17:01:05 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.28 23:54:30 | 000,054,464 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2012.05.10 17:44:34 | 001,259,104 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2012.03.26 08:24:10 | 000,978,056 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2012.03.21 16:08:20 | 000,112,256 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
SRV - [2012.03.13 17:02:03 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.03.13 17:01:48 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.03.13 17:01:29 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.03.13 17:00:11 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012.03.07 17:57:46 | 000,065,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service)
SRV - [2012.02.23 16:09:58 | 000,158,880 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)
SRV - [2012.02.23 15:51:40 | 000,106,144 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012.02.21 11:41:12 | 000,473,960 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012.02.08 17:36:01 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.01.10 12:45:32 | 000,535,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2012.01.06 15:44:28 | 000,074,904 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2012.01.06 15:44:26 | 000,138,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011.12.29 15:10:08 | 000,960,160 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2011.12.21 12:55:14 | 000,382,720 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2011.12.21 12:15:06 | 000,550,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.12.01 09:04:56 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.11.29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.08.26 17:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.02.23 13:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.02 20:17:23 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.10.12 15:35:24 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.06 15:02:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.04.07 11:51:34 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.03.13 18:19:06 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.13 18:16:05 | 010,732,032 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.03.13 18:16:05 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.13 18:03:03 | 000,425,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012.03.13 18:01:03 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 16:01:34 | 000,036,128 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\leath_hid.sys -- (lehidmini)
DRV:64bit: - [2012.02.23 16:01:04 | 000,550,560 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012.02.23 16:00:34 | 000,421,664 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_vdp.sys -- (BTATH_VDP)
DRV:64bit: - [2012.02.23 16:00:16 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012.02.23 16:00:04 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012.02.23 15:59:34 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012.02.23 15:59:16 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012.02.23 15:59:04 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012.02.23 15:58:46 | 000,110,752 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012.02.23 15:58:28 | 000,339,616 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012.02.23 15:57:58 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2012.02.22 18:10:17 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.22 18:10:12 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.22 18:10:10 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.21 22:27:36 | 002,807,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.02.13 10:21:29 | 000,675,432 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.02.08 17:36:36 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012.01.16 10:01:14 | 000,014,336 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vaioportal.sony.eu
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{A5BF304A-614C-426F-AE25-29C0777750E1}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q212&_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: {99B98C2C-7274-45a3-A640-D9DF1A1C8460}:1.4
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.11
FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\TRANQU~1\\AppData\\Local\\Temp\\proxtube.pac"
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 16:54:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.10.28 16:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\Extensions
[2012.11.10 17:22:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\Firefox\Profiles\m9qzk0gc.default\extensions
[2012.11.03 13:58:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\Firefox\Profiles\m9qzk0gc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.31 18:05:09 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\Firefox\Profiles\m9qzk0gc.default\extensions\ich@maltegoetz.de
[2012.10.31 18:05:09 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\firefox\profiles\m9qzk0gc.default\extensions\personas@christopher.beard.xpi
[2012.10.31 18:05:09 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\firefox\profiles\m9qzk0gc.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2012.10.28 17:16:20 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\firefox\profiles\m9qzk0gc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.31 18:05:09 | 000,252,340 | ---- | M] () (No name found) -- C:\Users\Tran Quoc Tuan\AppData\Roaming\mozilla\firefox\profiles\m9qzk0gc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.10.28 16:54:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Tran Quoc Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tran Quoc Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Tran Quoc Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tran Quoc Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7567DF0C-6F5E-4792-A469-7C1641767BB2}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.11 14:43:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.11 14:33:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.11 14:33:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.11 14:33:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.11 14:32:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.11 14:32:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.11 14:31:39 | 004,998,937 | R--- | C] (Swearware) -- C:\Users\Tran Quoc Tuan\Desktop\ComboFix.exe
[2012.11.11 14:27:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.11 14:25:43 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.11.11 14:25:02 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\Tran Quoc Tuan\Desktop\revosetup.exe
[2012.11.10 21:58:52 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\FileZilla
[2012.11.10 21:58:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.11.10 21:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2012.11.10 19:50:35 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.11.10 19:50:28 | 000,000,000 | ---D | C] -- C:\JRT
[2012.11.10 17:25:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tran Quoc Tuan\Desktop\OTL.exe
[2012.11.09 21:14:43 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.11.09 21:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.11.09 21:14:42 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Notepad++
[2012.11.09 21:14:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012.11.07 17:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
[2012.11.07 17:12:29 | 000,000,000 | ---D | C] -- C:\Dev-Cpp
[2012.11.07 11:09:13 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Dev-Cpp
[2012.11.07 11:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MinGW
[2012.11.03 20:09:59 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\Documents\Meine empfangenen Dateien
[2012.11.03 20:06:44 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.11.03 20:06:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.11.03 20:05:54 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012.11.03 20:05:53 | 000,000,000 | ---D | C] -- C:\Windows\bg
[2012.11.03 20:05:50 | 000,000,000 | ---D | C] -- C:\Windows\cs
[2012.11.03 20:05:48 | 000,000,000 | ---D | C] -- C:\Windows\da
[2012.11.03 20:05:45 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012.11.03 20:05:43 | 000,000,000 | ---D | C] -- C:\Windows\fi
[2012.11.03 20:05:38 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012.11.03 20:05:35 | 000,000,000 | ---D | C] -- C:\Windows\el
[2012.11.03 20:05:33 | 000,000,000 | ---D | C] -- C:\Windows\hu
[2012.11.03 20:05:30 | 000,000,000 | ---D | C] -- C:\Windows\it
[2012.11.03 20:05:28 | 000,000,000 | ---D | C] -- C:\Windows\pl
[2012.11.03 20:05:26 | 000,000,000 | ---D | C] -- C:\Windows\pt-pt
[2012.11.03 20:05:23 | 000,000,000 | ---D | C] -- C:\Windows\ro
[2012.11.03 20:05:21 | 000,000,000 | ---D | C] -- C:\Windows\ru
[2012.11.03 20:05:18 | 000,000,000 | ---D | C] -- C:\Windows\sk
[2012.11.03 20:05:15 | 000,000,000 | ---D | C] -- C:\Windows\sv
[2012.11.03 20:05:13 | 000,000,000 | ---D | C] -- C:\Windows\sl
[2012.11.03 20:05:07 | 000,000,000 | ---D | C] -- C:\Windows\tr
[2012.11.03 20:05:05 | 000,000,000 | ---D | C] -- C:\Windows\uk
[2012.11.03 20:05:03 | 000,000,000 | ---D | C] -- C:\Windows\nb-no
[2012.11.03 20:00:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.10.28 16:54:33 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Mozilla
[2012.10.28 16:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.10.28 16:21:27 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.28 16:21:27 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.28 16:21:27 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.28 16:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.10.27 16:18:29 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\McAfee
[2012.10.27 15:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012.10.26 15:52:03 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Avira
[2012.10.26 15:44:37 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Local\Diagnostics
[2012.10.26 15:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.26 15:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.26 15:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.10.24 20:47:03 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Local\Cyberlink
[2012.10.24 20:46:57 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\Documents\CyberLink
[2012.10.24 20:46:56 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\CyberLink
[2012.10.24 20:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.10.24 17:18:00 | 000,000,000 | ---D | C] -- C:\MinGW
[2012.10.22 17:47:18 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Telefónica
[2012.10.21 16:05:15 | 000,000,000 | ---D | C] -- C:\Users\Tran Quoc Tuan\Tracing
[2012.10.19 19:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center
[2012.10.19 19:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.11 15:32:26 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.11 15:32:26 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.11 15:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.11 14:31:44 | 004,998,937 | R--- | M] (Swearware) -- C:\Users\Tran Quoc Tuan\Desktop\ComboFix.exe
[2012.11.11 14:29:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.11 14:29:10 | 513,560,575 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.11 14:25:43 | 000,001,224 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\Revo Uninstaller.lnk
[2012.11.11 14:25:05 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\Tran Quoc Tuan\Desktop\revosetup.exe
[2012.11.10 20:57:56 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.11.10 20:57:56 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.10 20:54:54 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.11.10 17:25:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tran Quoc Tuan\Desktop\OTL.exe
[2012.11.10 17:25:25 | 000,910,303 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\JRT.exe
[2012.11.10 17:22:01 | 000,541,569 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\adwcleaner.exe
[2012.11.09 21:14:43 | 000,001,019 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\Notepad++.lnk
[2012.11.08 23:07:02 | 001,613,328 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.08 23:07:02 | 000,697,080 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.08 23:07:02 | 000,652,358 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.08 23:07:02 | 000,148,344 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.08 23:07:02 | 000,121,290 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.07 11:09:28 | 000,000,043 | ---- | M] () -- C:\END
[2012.11.03 21:16:09 | 000,012,006 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\Telekom Kündigung.odt
[2012.11.03 20:01:21 | 000,002,494 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\Windows Live Messenger.lnk
[2012.11.02 20:17:23 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.28 16:54:27 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.28 16:21:36 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.27 16:34:01 | 000,004,096 | ---- | M] () -- C:\conf.dat
[2012.10.27 16:33:44 | 000,032,768 | ---- | M] () -- C:\cache.dat
[2012.10.27 16:33:44 | 000,000,000 | ---- | M] () -- C:\manifest.dat
[2012.10.24 11:06:26 | 000,070,511 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\Materialien_1.pdf
[2012.10.19 19:06:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.10.19 19:06:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
[2012.10.19 16:54:45 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.10.15 15:15:18 | 000,025,932 | ---- | M] () -- C:\Users\Tran Quoc Tuan\Desktop\Bestellbestaetigung.pdf
 
========== Files Created - No Company Name ==========
 
[2012.11.11 14:33:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.11 14:33:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.11 14:33:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.11 14:33:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.11 14:33:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.11 14:25:43 | 000,001,224 | ---- | C] () -- C:\Users\Tran Quoc Tuan\Desktop\Revo Uninstaller.lnk
[2012.11.10 17:25:25 | 000,910,303 | ---- | C] () -- C:\Users\Tran Quoc Tuan\Desktop\JRT.exe
[2012.11.10 17:22:01 | 000,541,569 | ---- | C] () -- C:\Users\Tran Quoc Tuan\Desktop\adwcleaner.exe
[2012.11.09 21:14:43 | 000,001,019 | ---- | C] () -- C:\Users\Tran Quoc Tuan\Desktop\Notepad++.lnk
[2012.11.07 11:09:27 | 000,000,043 | ---- | C] () -- C:\END
[2012.11.03 21:16:09 | 000,012,006 | ---- | C] () -- C:\Users\Tran Quoc Tuan\Desktop\Telekom Kündigung.odt
[2012.11.03 20:05:01 | 000,001,265 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.10.28 16:54:27 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.28 16:54:27 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.28 16:21:36 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.10.27 16:34:01 | 000,004,096 | ---- | C] () -- C:\conf.dat
[2012.10.27 16:33:44 | 000,032,768 | ---- | C] () -- C:\cache.dat
[2012.10.27 16:33:44 | 000,000,000 | ---- | C] () -- C:\manifest.dat
[2012.10.24 17:15:21 | 000,070,511 | ---- | C] () -- C:\Users\Tran Quoc Tuan\Desktop\Materialien_1.pdf
[2012.10.22 19:53:50 | 000,025,932 | ---- | C] () -- C:\Users\Tran Quoc Tuan\Desktop\Bestellbestaetigung.pdf
[2012.10.19 19:06:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01011.Wdf
[2012.10.19 19:06:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
[2012.10.19 19:06:34 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.09.26 16:30:07 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012.09.26 13:09:04 | 002,580,552 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.09.26 10:06:08 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.26 10:06:05 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.23 06:33:39 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012.04.23 05:12:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.14 05:53:13 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.14 05:53:13 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.14 05:53:13 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.02.09 22:00:18 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2012.02.09 22:00:06 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.02.11 00:03:27 | 001,591,222 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.07 17:24:16 | 000,000,000 | ---D | M] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Dev-Cpp
[2012.11.10 19:50:52 | 000,000,000 | ---D | M] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\DVDVideoSoft
[2012.11.10 21:58:58 | 000,000,000 | ---D | M] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\FileZilla
[2012.10.27 16:53:24 | 000,000,000 | ---D | M] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\iolo
[2012.11.09 21:15:16 | 000,000,000 | ---D | M] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Notepad++
[2012.09.26 10:09:53 | 000,000,000 | ---D | M] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\OpenOffice.org
[2012.09.25 18:22:25 | 000,000,000 | ---D | M] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Origin
[2012.10.22 17:47:18 | 000,000,000 | ---D | M] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Telefónica
[2012.09.26 17:29:10 | 000,000,000 | ---D | M] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\The Creative Assembly
[2012.10.21 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\Windows Live Writer
[2012.10.11 21:25:40 | 000,000,000 | ---D | M] -- C:\Users\Tran Quoc Tuan\AppData\Roaming\WindSolutions
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

[/code]

Alt 11.11.2012, 16:33   #9
M-K-D-B
/// TB-Ausbilder
 
PUP.Blabbers - Standard

PUP.Blabbers



Servus,




Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Tran Quoc Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tran Quoc Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Tran Quoc Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tran Quoc Tuan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found

:commands
[Emptytemp]
         
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread







Schritt 2
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.





Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 4
Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.





Bitte poste mit deiner nächsten Antwort
  • die Logdatei von OTL,
  • die Logdatei von MBAM,
  • die Logdatei von ESET,
  • die Logdatei von SecurityCheck.

Alt 13.11.2012, 22:59   #10
Hajaku
 
PUP.Blabbers - Standard

PUP.Blabbers



Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tran Quoc Tuan :: TUAN [Administrator]

11.11.2012 16:48:54
mbam-log-2012-11-11 (16-48-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 206230
Laufzeit: 3 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4079b0737c47a748be723568ac5f2385
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-11 05:05:14
# local_time=2012-11-11 06:05:14 (+0100, Mitteleurop‰ische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1386956 1386956 0 0
# compatibility_mode=5893 16776574 100 94 17493268 104279255 0 0
# compatibility_mode=8192 67108863 100 0 3717 3717 0 0
# scanned=68521
# found=0
# cleaned=0
# scan_time=4109
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4079b0737c47a748be723568ac5f2385
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-13 06:40:52
# local_time=2012-11-13 07:40:52 (+0100, Mitteleurop‰ische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1561437 1561437 0 0
# compatibility_mode=5893 16776574 100 94 17667749 104453736 0 0
# compatibility_mode=8192 67108863 100 0 178198 178198 0 0
# scanned=163487
# found=0
# cleaned=0
# scan_time=8166
         
Code:
ATTFilter
*Results of screen317's Security Check version 0.99.54 *
*Windows 7 Service Pack 1 x64 (UAC is enabled) *
*Internet Explorer 9 *
``````````````Antivirus/Firewall Check:``````````````*
Avira Desktop **
*Antivirus up to date! **
`````````Anti-malware/Other Utilities Check:`````````*
*Malwarebytes Anti-Malware Version 1.65.1.1000 *
*Java 7 Update 9 *
*Adobe Flash Player 11.5.502.110 *
*Adobe Reader X (10.1.4)*
*Mozilla Firefox (16.0.2)*
````````Process Check: objlist.exe by Laurent```````` *
*Avira Antivir avgnt.exe*
*Avira Antivir avguard.exe*
`````````````````System Health check`````````````````*
*Total Fragmentation on Drive C: *
````````````````````End of Log``````````````````````*
         

Alt 14.11.2012, 16:58   #11
M-K-D-B
/// TB-Ausbilder
 
PUP.Blabbers - Standard

PUP.Blabbers



Servus,



Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Bitte poste mir mit deiner letzten Antwort noch die Logdatei von Schritt 2!





Schritt 1
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
ATTFilter
Combofix /Uninstall
         


Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.





Schritt 2
Downloade Dir bitte delfix auf deinen Desktop.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Es öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\DelFix[S1].txt.
  • Klicke abschließend auf Deinstallation.
  • Bestätige mit Ja.





Schritt 3
Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
  • Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe.
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.



Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 15.11.2012, 19:21   #12
M-K-D-B
/// TB-Ausbilder
 
PUP.Blabbers - Standard

PUP.Blabbers



Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Alt 15.11.2012, 20:09   #13
Hajaku
 
PUP.Blabbers - Standard

PUP.Blabbers



vielen vielen Dank für die super Hilfe
[code]

# AdwCleaner v6.2 - Datei am 15/11/2012 um 20:03:30 erstellt
# Aktualisiert am 11/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Tran Quoc Tuan - TUAN
# Ausgef¸hrt unter : C:\Users\Tran Quoc Tuan\Desktop\Import\delfix.exe
# Option [Lˆschen]


~~~~~~ Ordner ~~~~~~

Gelˆscht : C:\JRT
Gelˆscht : C:\_OTL
Nicht gelˆscht : C:\Combofix

~~~~~~ Datei(en) ~~~~~~

Gelˆscht : C:\AdwCleaner[S1].txt
Gelˆscht : C:\Users\Tran Quoc Tuan\Desktop\adwcleaner.exe
Gelˆscht : C:\Users\Tran Quoc Tuan\Desktop\AdwCleaner[S1].txt
Gelˆscht : C:\Users\Tran Quoc Tuan\Desktop\ComboFix.exe
Gelˆscht : C:\Users\Tran Quoc Tuan\Desktop\esetsmartinstaller_enu.exe
Gelˆscht : C:\Users\Tran Quoc Tuan\Desktop\Extras.Txt
Gelˆscht : C:\Users\Tran Quoc Tuan\Desktop\JRT.exe
Gelˆscht : C:\Users\Tran Quoc Tuan\Desktop\JRT.txt
Gelˆscht : C:\Users\Tran Quoc Tuan\Desktop\OTL.Txt
Gelˆscht : C:\Users\Tran Quoc Tuan\Desktop\OTL.exe
Gelˆscht : C:\Windows\grep.exe
Gelˆscht : C:\Windows\PEV.exe
Gelˆscht : C:\Windows\NIRCMD.exe
Gelˆscht : C:\Windows\MBR.exe
Gelˆscht : C:\Windows\SED.exe
Gelˆscht : C:\Windows\SWREG.exe
Gelˆscht : C:\Windows\SWSC.exe
Gelˆscht : C:\Windows\SWXCACLS.exe
Gelˆscht : C:\Windows\Zip.exe

~~~~~~ Registrierungsdatenbank ~~~~~~

Schl¸ssel gelˆscht : HKCU\console_combofixbackup
Schl¸ssel gelˆscht : HKLM\SOFTWARE\OldTimer Tools
Schl¸ssel gelˆscht : HKLM\SOFTWARE\AdwCleaner
Schl¸ssel gelˆscht : HKLM\SOFTWARE\Swearware
Schl¸ssel gelˆscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart
Schl¸ssel gelˆscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys
Schl¸ssel gelˆscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart
Schl¸ssel gelˆscht : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys

~~~~~~ Sonstiges ~~~~~~

-> Prefetch Geleert

*************************

DelFix[S1].txt - [1947 octets] - [15/11/2012 20:03:30]

########## EOF - C:\DelFix[S1].txt - [2071 octets] ##########
[code]

Antwort

Themen zu PUP.Blabbers
administrator, aktion, anti-malware, appdata, autostart, browser, cache, dateien, entfernen, explorer, files, gen, helper, heute, infizierte, malwarebytes, microsoft, quarantäne, registrierung, service, software, speicher, version, viren




Ähnliche Themen: PUP.Blabbers


  1. Pup.Blabbers Entfernen
    Log-Analyse und Auswertung - 30.04.2013 (9)
  2. PUP.Blabbers
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (7)
  3. Wizebar, PUP.Blabbers
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (7)
  4. PUP.Blabbers - Systembereinigung benötigt
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (17)
  5. PUP.Blabbers wie krieg ich die wieder weg?
    Plagegeister aller Art und deren Bekämpfung - 08.02.2013 (11)
  6. PUP.Blabbers mit Malwarebytes gefunden. Was tun?
    Plagegeister aller Art und deren Bekämpfung - 26.01.2013 (11)
  7. Mit PUP.Blabbers infizierter Win7
    Plagegeister aller Art und deren Bekämpfung - 21.01.2013 (15)
  8. Mehrere PUP.Blabbers Funde
    Plagegeister aller Art und deren Bekämpfung - 17.01.2013 (26)
  9. PUP.Blabbers gefunden mit mbam
    Log-Analyse und Auswertung - 07.01.2013 (10)
  10. PUP.Blabbers und Trojaner gefunden
    Log-Analyse und Auswertung - 29.11.2012 (2)
  11. PUP.Blabbers - Trojaner eingefangen?
    Log-Analyse und Auswertung - 18.11.2012 (1)
  12. PUP.Blabbers / searchplusnetwork.com
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (25)
  13. Trojaner PUP.Blabbers
    Plagegeister aller Art und deren Bekämpfung - 08.11.2012 (2)
  14. pup.blabbers Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (28)
  15. PUP.Blabbers
    Plagegeister aller Art und deren Bekämpfung - 01.11.2012 (16)
  16. Pup Blabbers /xsecva usw. - was tun?
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (34)
  17. Trojaner Pup.Blabbers
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (23)

Zum Thema PUP.Blabbers - Hallo, ich habe heute Malwarebytes Anti-Malware laufen lassen und es hat dann 44 infizierte Objekete gefunden. Habe alle Objekte in Quarantäne verschoben. Nun benötige ich eure Hilfe, denn ich weiß - PUP.Blabbers...
Archiv
Du betrachtest: PUP.Blabbers auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.