Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU-Trojaner 2.07

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 25.07.2013, 11:00   #1
MD11
 
GVU-Trojaner 2.07 - Standard

GVU-Trojaner 2.07



Hallo liebe Helfer,

wie die Meisten hier bin auch ich neu hier und habe gleich ein Anliegen.

Wahrscheinlich habe ich schon einige Fehler gemacht, die aber jetzt passiert sind.

Was ist passiert?

Ich habe den GVU-Trojaner. Ich bin also gerade an meinem Computer, als ich vorgeworfen bekomme, dass meine Festplatte sowohl Kinderpornografische Inhalte hat als auch illegale Software enthält. Hundert Euro seien fällig und möglichst schnell zu bezahlen. Ah ja.

Eine kurze Recherche mit einem anderen Computer führte mich dann also zu dem Namen des Trojaners mit dessen Hilfe ich versuchte noch etwas mehr über ihn zu erfahren. Nun stand aber der 2-wöchige Urlaub so kurz davor, dass ich mich nicht mehr darum kümmern konnte.

Als ich den Computer nach dem Auftreten des Problems durch die Betätigung des Einschaltknopfes herunterfahren wollte, schloss sich die vermeintliche Warnung, da Excel noch fragen musste ob es ohne Speichern geschlossen werden sollte. Schnell klickte ich auf herunterfahren abbrechen und ich konnte wieder ganz normal auf den Desktop und alles andere zugreifen.

Mit Norton machte ich dann einen kompletten Scan über die Festplatte, der aber kein Ergebnis hatte. Nach dem 6-Stunden Scan habe ich dann erstmal nach neuen, für mich verdächtig aussehenden .exe Dateien gesucht, bin aber nicht fündig geworden, woraufhin ich dann alle kürzlich installierten Programme und auffindbare zugehörige Ordner entfernte – Vielleicht der erste Fehler. Dann habe ich die Logfiles erstellt.

Im Anschluss direkt der zweite Fehler – Ich habe den Computer heruntergefahren, um zu sehen, ob meine Maßnahmen eine Wirkung hatten. Die Wirkung ist die, dass nun beim Hochfahren nicht mehr der Drohbildschirm angezeigt wird, sondern ein komplett weißer Bildschirm. Die Anfrage nach einem Kamerazugriff kommt davor.

Nun, nach dem bereits gemachten frage ich mich, was ich nun machen kann, um diesen Bösling wegzubekommen.

Zu meinem System:
Es geht um einen Notebook der Marke Medion, der Win7 64bit als Betriebssystem nutzt.

Logfiles

OTL.txt


Code:
ATTFilter
OTL logfile created on: 24.07.2013 22:20:52 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 3,79 Gb Available Physical Memory | 64,09% Memory free
11,82 Gb Paging File | 9,90 Gb Available in Paging File | 83,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657,54 Gb Total Space | 232,51 Gb Free Space | 35,36% Space Free | Partition Type: NTFS
Drive D: | 37,99 Gb Total Space | 14,71 Gb Free Space | 38,71% Space Free | Partition Type: NTFS
Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,92 Gb Total Space | 9,37 Gb Free Space | 62,78% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: Medion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.24 17:51:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2013.07.05 18:41:09 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Medion\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe
PRC - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.23 16:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2011.06.12 12:43:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.02.24 03:04:54 | 003,402,760 | ---- | M] (Pegatron Corporation) -- C:\Program Files (x86)\PHotkey\POSD.exe
PRC - [2011.02.24 03:04:50 | 000,819,720 | ---- | M] (Pegatron Corporation) -- C:\Program Files (x86)\PHotkey\PHotkey.exe
PRC - [2011.02.22 22:20:21 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 22:20:17 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.02.11 21:40:00 | 000,997,712 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011.02.11 21:39:58 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011.02.11 21:39:54 | 000,985,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2011.02.11 21:39:54 | 000,907,600 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010.01.13 02:36:00 | 000,117,256 | R--- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
PRC - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
PRC - [2009.12.19 00:38:18 | 000,345,608 | R--- | M] (TODO: <Company name>) -- C:\Program Files (x86)\PHotkey\HCSynApi.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY CBE\ENGINE\20.4.0.40\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.05.02 23:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011.05.02 23:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011.05.02 23:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011.04.21 18:34:16 | 001,136,640 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011.04.21 17:42:50 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.07.03 09:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.12 15:18:45 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.21 06:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.12.18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.23 16:18:42 | 000,383,128 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012.07.23 16:18:16 | 000,395,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.02 18:01:15 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.14 18:55:04 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011.06.12 12:43:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.02.22 22:20:21 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 22:20:17 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.02.11 21:40:00 | 000,997,712 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011.02.11 21:39:58 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011.02.11 21:39:54 | 000,907,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010.12.06 12:52:40 | 000,062,464 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2010.10.07 02:46:42 | 000,159,752 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.12.19 00:40:48 | 000,104,968 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.21 22:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.19 11:21:56 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013.05.23 07:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013.05.21 07:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013.05.16 07:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013.04.25 02:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013.04.16 04:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013.03.05 03:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013.03.05 03:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.14 18:47:38 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.06.12 12:43:00 | 000,027,240 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.05.17 18:27:52 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.05.17 18:27:50 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.05.13 03:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.05.13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.05.13 03:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.05.01 23:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011.04.21 18:09:26 | 000,294,912 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011.04.15 01:16:08 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011.04.13 18:30:54 | 000,207,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.04.13 18:30:50 | 000,087,552 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.16 17:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.24 11:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011.01.24 11:22:48 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011.01.24 10:56:06 | 000,274,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2010.12.01 16:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.08 15:52:14 | 000,068,608 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fspad_wlh64.sys -- (fspad_wlh64)
DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.07.07 15:58:12 | 000,142,848 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tinspusb.sys -- (USBTINSP)
DRV:64bit: - [2010.01.22 11:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.05.31 18:58:18 | 001,393,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013.05.23 07:19:56 | 002,098,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130710.022\ex64.sys -- (NAVEX15)
DRV - [2013.05.23 07:19:56 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130710.022\eng64.sys -- (NAVENG)
DRV - [2013.05.07 16:44:54 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130710.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.08.18 03:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.18 03:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.23 16:18:42 | 000,072,856 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009.09.11 23:11:46 | 000,014,344 | R--- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKCU\..\SearchScopes,DefaultScope = {D08E7588-A9FD-42CB-B1AF-CDD633771742}
IE - HKCU\..\SearchScopes\{D08E7588-A9FD-42CB-B1AF-CDD633771742}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNC_enDE393
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll (Wolfram Research, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.20 21:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.07.24 20:42:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2013.05.08 18:44:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.03 09:21:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.03 09:21:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.25 19:08:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.20 21:53:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.07.03 09:21:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.07.03 09:21:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.06.25 19:08:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.10.08 17:41:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Extensions
[2012.10.23 16:24:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\ang92zen.default-1350741882842\extensions
[2012.10.25 17:28:29 | 000,002,321 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\mozilla\firefox\profiles\ang92zen.default-1350741882842\searchplugins\dictcc.xml
[2012.11.25 14:33:25 | 000,000,983 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\mozilla\firefox\profiles\ang92zen.default-1350741882842\searchplugins\ponseu--englisch--deutsch.xml
[2012.11.25 14:33:59 | 000,000,991 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\mozilla\firefox\profiles\ang92zen.default-1350741882842\searchplugins\ponseu--franzsisch--deutsch.xml
[2012.10.23 15:08:31 | 000,001,330 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\mozilla\firefox\profiles\ang92zen.default-1350741882842\searchplugins\wikipedia-en.xml
[2012.12.12 21:02:48 | 000,001,997 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\mozilla\firefox\profiles\ang92zen.default-1350741882842\searchplugins\wolframalpha.xml
[2012.10.23 15:07:40 | 000,002,057 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\mozilla\firefox\profiles\ang92zen.default-1350741882842\searchplugins\youtube-videosuche.xml
[2013.07.03 09:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.07.03 09:21:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007.03.10 01:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
[2010.03.31 11:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll
[2010.04.08 13:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPSibelius.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Wolfram Mathematica (Enabled) = C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google-Suche = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\
CHR - Extension: Google Mail = C:\Users\Medion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Download-Version\TrayServer.exe (MAGIX AG)
O4 - HKCU..\Run: [EPSON SX430 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /FU "C:\Users\Medion\AppData\Local\Temp\E_S45F9.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Medion\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Medion\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlock.lnk = C:\Program Files (x86)\Qlock\qlock.exe ()
O4 - Startup: C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk = C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B48483C1-9D0F-41C1-AA32-E95742AED389}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Medion\AppData\Roaming\cache.dat) - C:\Users\Medion\AppData\Roaming\cache.dat ()
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.24 13:06:41 | 000,000,053 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{504dcfc4-1ea4-11e1-ac18-bc7737bd3890}\Shell - "" = AutoRun
O33 - MountPoints2\{504dcfc4-1ea4-11e1-ac18-bc7737bd3890}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.24 21:52:01 | 000,000,000 | ---D | C] -- C:\Users\Medion\Desktop\desktop
[2013.07.07 14:52:33 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\{3B0F4FA9-65DF-4D9B-A6FB-5E7FD8BDDDA2}
[2013.07.05 17:56:36 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SunSkyJet Sceneries
[2013.07.05 17:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SunSkyJet Sceneries
[2013.07.05 15:31:31 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\Splashtop
[2013.07.05 15:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2013.07.05 15:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
[2013.07.05 15:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013.07.05 15:20:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013.07.05 15:19:52 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\SHAPE
[2013.07.04 20:45:46 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\{EB2E31E3-1540-4A38-AD3C-CB63FF6594F2}
[2013.07.04 20:44:38 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\{3931ECBF-6D11-4F2E-A286-589EDB9912D6}
[2013.07.04 19:54:38 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\{F8720D52-9E5A-47C5-B476-A32B8A4A43DB}
[2013.07.04 19:49:39 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\{659EC5E4-5D5E-4751-98CE-B8FE68A733A5}
[2013.07.04 19:48:29 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\{D154E200-6138-4A1E-B091-3390AE590BAF}
[2013.07.03 20:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2013.07.03 20:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blender Foundation
[2013.07.03 15:05:48 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Golly
[2013.07.03 09:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.07.01 17:31:11 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\{4385E8EA-76DC-4EE3-93B7-EA7F41133A6B}
[2013.06.30 21:56:12 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\{24AF7DD8-41E5-4DD6-9483-48857E0CC44F}
[2013.06.30 18:57:15 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\{68A4A78E-7BBA-464C-9E2D-206E722499CD}
[2013.06.30 14:57:06 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\{5EF25F91-535B-4AC8-AB66-D2D0AFCBCDA6}
[2013.06.30 14:08:39 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\{E25DB3D4-1010-4AC7-B5B3-1EB7BB9D633A}
[2013.06.29 10:26:26 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\{497B49E3-F028-4261-8428-B67751C4F0D3}
[2013.06.27 17:57:30 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\{43A19F0E-18CA-48A6-BD60-59143DDD5753}
[2013.06.27 11:11:00 | 000,000,000 | ---D | C] -- C:\output
[2013.06.27 11:10:38 | 000,000,000 | ---D | C] -- C:\WAV To MP3
[2013.06.27 11:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WAV To MP3
[2013.06.25 19:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.06.25 17:16:42 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\gtk-2.0
[2013.06.25 16:04:40 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Local\gegl-0.2
[2013.06.25 16:04:40 | 000,000,000 | ---D | C] -- C:\Users\Medion\.gimp-2.8
[2013.06.25 16:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Medion\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Medion\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Medion\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Medion\AppData\Local\bass.dll
[1 C:\Users\Medion\Documents\*.tmp files -> C:\Users\Medion\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.24 22:18:51 | 000,000,000 | ---- | M] () -- C:\Users\Medion\defogger_reenable
[2013.07.24 22:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.24 22:12:10 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.07.24 22:08:00 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job
[2013.07.24 20:59:54 | 001,649,556 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.24 20:59:54 | 000,710,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.24 20:59:54 | 000,663,248 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.24 20:59:54 | 000,154,554 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.24 20:59:54 | 000,126,378 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.24 20:46:51 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.24 20:46:51 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.24 20:39:29 | 000,000,004 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\cache.ini
[2013.07.24 20:39:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.24 20:38:44 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.24 20:37:04 | 466,919,423 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.11 12:48:20 | 000,002,320 | ---- | M] () -- C:\{815CB476-51C0-46F4-A67E-B4FC2C96F54B}
[2013.07.11 12:43:17 | 000,002,304 | ---- | M] () -- C:\{7F3717A1-6CC0-46BA-9926-2F48A274832E}
[2013.07.08 22:01:48 | 000,000,845 | ---- | M] () -- C:\Users\Medion\.recently-used.xbel
[2013.07.05 00:09:09 | 000,029,689 | ---- | M] () -- C:\Users\Medion\AppData\Local\recently-used.xbel
[2013.07.03 17:46:46 | 000,001,462 | ---- | M] () -- C:\Users\Medion\AppData\Local\RecConfig.xml
[2013.06.26 07:19:53 | 000,683,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Users\Medion\Documents\*.tmp files -> C:\Users\Medion\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.24 22:18:51 | 000,000,000 | ---- | C] () -- C:\Users\Medion\defogger_reenable
[2013.07.11 12:48:14 | 000,002,320 | ---- | C] () -- C:\{815CB476-51C0-46F4-A67E-B4FC2C96F54B}
[2013.07.11 12:43:15 | 000,002,304 | ---- | C] () -- C:\{7F3717A1-6CC0-46BA-9926-2F48A274832E}
[2013.07.11 09:33:05 | 000,000,004 | ---- | C] () -- C:\Users\Medion\AppData\Roaming\cache.ini
[2013.07.08 22:01:48 | 000,000,845 | ---- | C] () -- C:\Users\Medion\.recently-used.xbel
[2013.07.05 00:09:09 | 000,029,689 | ---- | C] () -- C:\Users\Medion\AppData\Local\recently-used.xbel
[2013.06.25 16:03:41 | 000,000,896 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013.03.22 23:16:10 | 000,001,462 | ---- | C] () -- C:\Users\Medion\AppData\Local\RecConfig.xml
[2013.03.08 20:59:04 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2012.04.19 20:55:29 | 000,002,189 | ---- | C] () -- C:\Users\Medion\AppData\Local\TempfixPerms.vbs
[2012.02.24 18:36:05 | 012,702,607 | ---- | C] () -- C:\Users\Medion\gs905w32.exe
[2012.02.14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.02.14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.02.14 18:44:24 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.14 17:59:56 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.01.27 21:29:18 | 000,151,552 | ---- | C] () -- C:\Users\Medion\AppData\Roaming\cache.dat
[2012.01.12 21:08:40 | 000,000,470 | ---- | C] () -- C:\Windows\{682E39A0-0576-4422-8328-3B7E56346653}_WiseFW.ini
[2012.01.12 21:00:37 | 000,000,292 | ---- | C] () -- C:\Windows\{AC59B86B-4E39-47C8-B79A-3EC33B86FB47}_WiseFW.ini
[2011.12.03 00:33:45 | 000,054,965 | ---- | C] () -- C:\Users\Medion\.cxpg61prf.dat
[2011.12.01 20:47:38 | 000,000,032 | ---- | C] () -- C:\Users\Medion\.simfy
[2011.11.20 21:04:24 | 000,219,912 | ---- | C] () -- C:\Windows\hpoins40.dat
[2011.11.09 16:21:22 | 000,000,173 | ---- | C] () -- C:\Users\Medion\AppData\Local\msmathematics.qat.Medion
[2011.10.11 21:32:19 | 000,007,602 | ---- | C] () -- C:\Users\Medion\AppData\Local\Resmon.ResmonCfg
[2011.10.11 11:25:18 | 001,623,836 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Medion\AppData\Local\lame_enc.dll
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Medion\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Medion\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Medion\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Medion\AppData\Local\ogg.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Medion\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2009.01.16 22:37:16 | 000,122,880 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\models\b742f\nwa\n.dll
[2008.02.03 17:03:20 | 000,122,880 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\models\b744\nwa\n.dll
[2009.02.23 23:18:22 | 000,024,108 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\cyn\l.wav
[2009.02.23 23:18:22 | 000,025,708 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\cyn\n.wav
[2009.02.23 23:18:24 | 000,028,844 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\cyn\u.wav
[2009.02.23 23:18:26 | 000,023,084 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\jsn\l.wav
[2009.02.23 23:18:26 | 000,029,996 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\jsn\n.wav
[2009.02.23 23:18:26 | 000,027,564 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\jsn\u.wav
[2009.02.23 23:18:28 | 000,020,124 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\ken\l.wav
[2009.02.23 23:18:28 | 000,036,204 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\ken\n.wav
[2009.02.23 23:18:30 | 000,030,828 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\ken\u.wav
[2009.01.08 18:45:16 | 000,016,448 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\kji\l.wav
[2009.02.23 23:18:32 | 000,026,412 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\kji\n.wav
[2009.02.23 23:18:32 | 000,030,592 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\kji\u.wav
[2009.01.08 18:46:34 | 000,020,268 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\nao\l.wav
[2009.02.23 23:18:34 | 000,029,164 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\nao\n.wav
[2009.02.23 23:18:34 | 000,029,420 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\nao\u.wav
[2009.02.23 23:18:36 | 000,023,212 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\nil\l.wav
[2009.02.23 23:18:36 | 000,033,068 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\nil\n.wav
[2009.02.23 23:18:38 | 000,028,332 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\nil\u.wav
[2009.02.23 23:18:40 | 000,021,996 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\ori\l.wav
[2009.02.23 23:18:40 | 000,031,788 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\ori\n.wav
[2009.02.23 23:18:40 | 000,029,876 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\ori\u.wav
[2009.02.23 23:18:42 | 000,022,284 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\ptr\l.wav
[2009.02.23 23:18:42 | 000,028,844 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\ptr\n.wav
[2009.01.08 18:52:18 | 000,032,620 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\ptr\u.wav
[2009.02.23 23:18:46 | 000,023,052 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\sam\l.wav
[2009.02.23 23:18:46 | 000,029,292 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\sam\n.wav
[2009.02.23 23:18:46 | 000,028,972 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\sam\u.wav
[2009.02.23 23:18:48 | 000,020,396 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\sgm\l.wav
[2009.02.23 23:18:48 | 000,029,484 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\sgm\n.wav
[2009.01.08 18:54:46 | 000,026,188 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\sgm\u.wav
[2009.02.23 23:18:50 | 000,019,084 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\tks\l.wav
[2009.02.23 23:18:50 | 000,026,732 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3234927510-3741295895-1315667407-1002\$RB2R1KZ\voice\tks\n.wav
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.07.03 15:28:55 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\.minecraft
[2012.01.21 08:59:55 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\AnvSoft
[2011.10.09 16:49:10 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Ashampoo
[2013.07.06 21:14:30 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Audacity
[2011.11.12 12:17:49 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Das Fussball Studio
[2013.07.24 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Dropbox
[2012.09.29 18:17:04 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoft
[2012.09.29 18:16:56 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.07.03 15:12:35 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Golly
[2013.07.03 10:04:00 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\gtk-2.0
[2012.02.11 19:32:34 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Guitar Pro 6
[2013.02.21 19:42:10 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\IrfanView
[2013.01.13 01:22:50 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\MAGIX
[2012.02.21 13:35:10 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\NeatImage SL 64
[2012.08.27 18:00:15 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\NesterSoft
[2011.12.12 13:57:09 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Notepad++
[2012.03.03 16:46:28 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Planetside Software
[2011.10.06 11:54:16 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Protector Suite
[2013.02.20 21:27:56 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Qlock
[2013.02.19 21:01:15 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\RaimaRadioPro
[2013.07.05 15:21:23 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\SHAPE
[2011.10.09 17:23:48 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Simfy
[2013.07.06 00:13:13 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Spotify
[2013.03.16 16:35:03 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\SWI-Prolog
[2012.04.19 20:59:17 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Texas Instruments
[2011.10.09 17:15:10 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Thunderbird
[2012.08.14 22:24:44 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\TI-Nspire
[2012.03.03 16:46:29 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\uk.co.planetside
[2013.06.14 18:17:16 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Virtuali
[2013.03.11 09:12:45 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\YCanPDF
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:74603393

< End of report >
         
EXTRAS.txt

Code:
ATTFilter
OTL Extras logfile created on: 24.07.2013 21:53:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 3,77 Gb Available Physical Memory | 63,71% Memory free
11,82 Gb Paging File | 9,91 Gb Available in Paging File | 83,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 657,54 Gb Total Space | 232,44 Gb Free Space | 35,35% Space Free | Partition Type: NTFS
Drive D: | 37,99 Gb Total Space | 14,71 Gb Free Space | 38,71% Space Free | Partition Type: NTFS
Drive E: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 14,92 Gb Total Space | 9,37 Gb Free Space | 62,78% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: Medion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B4A74C0-2122-4BC3-8709-4A50F248524C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{130A1178-2C54-47A1-830D-60CCCDEA1A55}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{1458946F-9421-4515-986D-E83D0F5270A1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{157435B6-BAED-4466-99FB-2BDB016B5AF4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{18A70EE0-8005-42DD-AD2F-C8A230555170}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1F0522DF-BEB1-4F5B-8E61-85465B93BACF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2F5C08BA-978C-4F8E-9FB2-C14A37DF61BE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{41F71D5F-F153-47E1-8762-7C249EBA8C5B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{43CF9C69-36A1-487E-B620-8BFE082ABA28}" = rport=138 | protocol=17 | dir=out | app=system | 
"{44E6EB04-AB1E-4B7E-83C7-7C59B65BAC72}" = lport=137 | protocol=17 | dir=in | app=system | 
"{55506EFF-A787-4AE0-A980-67A351EA3FA2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{70AC47BF-1C56-4686-B33A-5605DE31FA55}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{78166960-4E26-4D2E-B722-693423D71767}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9531490A-A8C8-45B1-8824-E05FC3177F97}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9F29848F-EECE-482C-8614-202A7AB9F5A7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A41D8949-7021-4875-9A4E-78643D333714}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A8BB76F2-CB2D-4AF3-B6A8-D349447DF206}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B16B5AB2-699B-445D-8A19-6BF4C5DD6708}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B8FBBD4A-5DB3-4633-9B76-58D8AA08D29D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C705205B-0127-4B99-AD31-221D77830CCD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CEA582F4-86B4-4266-BF7A-A37F1E55C878}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D6E54423-EB46-48E7-94E3-5D167B5F1481}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E8C7EBAA-EBFC-4A15-8A6C-A44FAA2DC083}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FF8C5157-3F09-492F-BE5A-75F377C9C02A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000DD130-D07A-46EE-9090-4B6169330079}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{049D100E-515D-487B-85B4-3F56A98543E4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{064020DF-ADB8-448B-9FA6-78335BCF6388}" = protocol=17 | dir=in | app=c:\users\medion\appdata\roaming\dropbox\bin\dropbox.exe | 
"{07D76B14-8B3E-4D1B-98DB-8B720566CE5C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1CF3DE60-C495-4CA2-A821-AF6AF1031E22}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe | 
"{1F57C898-9D95-4705-9BDC-B9364EDEA3C8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe | 
"{2240F9CC-E6F4-44BA-B86F-929F2678776E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{24BD0133-6FD1-48EF-BC51-469BB7EDB280}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{24EE4471-F3F1-441F-A060-F7C0B39E24BE}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe | 
"{26BFDC61-9CA7-40A3-A485-C43B5F0A7197}" = protocol=17 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas\ti-nspirecas.exe | 
"{2E2EC6E2-910B-42AE-AEF8-DDDCA302054F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2ED199FB-EDC1-41E5-A00B-DB23DEEA7D27}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{31D7B987-AE7F-4834-95E7-47F82984C917}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{355F2640-5358-4241-950E-4AFE287945ED}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe | 
"{3E98E1D4-86CE-49F0-933E-912CFE984023}" = protocol=6 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas\jre\bin\java.exe | 
"{41BC6FDD-C548-4AD3-84A7-5596DE2C18BD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{427B175B-1032-4686-90D7-D499DD899B26}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{42D8C790-D231-4764-B53C-57BAEFB0D978}" = protocol=6 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas\ti-nspirecas.exe | 
"{4E416BD9-4143-4BC0-9FE8-448F9197B45F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{50032720-98B0-4AF9-9BA1-95CFD0572329}" = protocol=17 | dir=in | app=c:\program files (x86)\ti education\ti-nspire cas\jre\bin\java.exe | 
"{634D7564-23FC-4E85-BBF0-707AA02E08FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{66163B9A-83D2-4B82-A502-F8031429080D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{661A49C0-6BF2-4B25-828F-388AA4DDECD9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{67DE0572-6416-401F-99F0-48CCCE542F7E}" = protocol=6 | dir=out | app=system | 
"{68DF53CA-A3A5-4715-94B5-E0A9A1FD4EC3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | 
"{6A1B3B71-8A13-4F9A-88DD-5B5E11BAB718}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6FF37F45-5A0F-4214-9BBE-3A251AA4629B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7414B3EA-3B68-440D-BB33-06A73D131D6C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{74847A2F-0C45-469F-90E1-C790D45F69A6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cities in motion\cities in motion.exe | 
"{7806A57D-DBE3-45C7-A381-234D071C1EFD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\ti shared\commlib\1\jre\bin\java.exe | 
"{785187E2-1B46-4A5A-A88E-F3D9C27E9F70}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{797B2BCF-9204-4ABA-8CD7-78CB17B1B685}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{7C438476-C614-48ED-BF08-3518477FB69A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7FCAA79D-D461-4DC0-A579-5DF863382D06}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{82E3FDE6-D7A8-42DA-BF39-59B378C6BD94}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{846138C9-09B4-4A1A-89AD-21EC72FB8A30}" = protocol=6 | dir=in | app=c:\users\medion\appdata\roaming\dropbox\bin\dropbox.exe | 
"{88093A2D-D66B-4C10-B2A7-466D4DE9795C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{892B0130-D26D-47B0-9B46-0C881434B419}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{8C9491F3-A15F-41A1-88F3-53B43F997C71}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{8EBED883-1388-41CB-B43E-CE0D1968E0F4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{9863BBC8-93ED-45C7-BFF2-1233A1DEBDC4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{9864DBD4-891A-41A3-AC1A-E1AC0E93BD81}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9A739404-ADB5-4E12-941D-14BA1ED19196}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{A6E50963-A19E-4694-B99F-C3E58769E724}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A9FB1BDF-727B-4F62-934F-A268308CFD90}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe | 
"{AAF9B5FD-0254-49F5-B837-E0E30A4123B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B0B15B77-5896-4136-82FC-D19A5882D927}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{C1BDF5EF-448B-4C1D-AF41-C37982548C0C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{C8593284-8050-4AFF-85F1-01FD937BB63F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C9AF6567-DA5D-493A-BE28-4C9A3A4D91F9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{CCDDABA3-80D0-4236-B6C6-D85D8C2D3876}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CE787727-E790-4FE8-9053-272D8F2EED5E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D0CB58CF-CB91-4DF3-B167-CAAE7949BAE1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D7F04BF1-2234-4B1C-8A58-6DFFC4CDBE48}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{E86A3DA0-EC02-40D9-BBBF-560797BE6287}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cities in motion\cities in motion.exe | 
"{EDBC73F4-8DA6-4588-A408-7255EFF3BD86}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F3D7F9FD-DE7A-426A-AC41-51D1E1EE8DB5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{F5280259-17A0-4B9D-969F-B82340659A9A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{F9FBA81A-577A-46B7-9895-1637897AB193}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{FAB58C94-B0C2-4481-9EAB-3BBECA6469C2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FD0ED79B-FDAE-4D3D-9B1E-352F0F0FFA1E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{FD2BF0B3-2933-486E-8BE7-08D3D8D7F729}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{39F56587-DFA9-439B-838E-297C0E40C40A}" = Terragen 2 Free Edition
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{A0E106D2-4815-4B7A-BAA7-7E21B530CFB4}" = Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
"{A2585A63-ADD2-3F54-9819-125E680CC7E1}" = Microsoft .NET Framework 4.5 DEU Language Pack
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.48
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.48
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.3.6
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BF30D9F5-23B6-4E1C-B580-C9CDBA2CD894}" = Protector Suite 2011
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D3836C5E-6824-4C9F-9B45-09C989B13EF6}" = VR-pulse Installer
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-Bit)
"{EC1369CF-15BD-4FAF-BA84-65E4788C682E}" = AMI VR-pulse OS Switcher
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"A-WIN-Extras 8.0.4 2609412_is1" = Mathematica Extras 8.0 (2609412)
"Blender" = Blender
"CCleaner" = CCleaner
"EPSON SX430 Series" = EPSON SX430 Series Printer Uninstall
"GIMP-2_is1" = GIMP 2.8.6
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Neat Image Standalone_is1" = Neat Image v7.1.0 Demo Standalone
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"SWI-Prolog" = SWI-Prolog (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"[Sound Mod] Reality Sound Mod (RSM) for Cities In Motion 1.0.10" = [Sound Mod] Reality Sound Mod (RSM) for Cities In Motion 1.0.10
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0DD706AF-B542-438C-999E-B30C7F625C8D}" = Intel(R) WiDi
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6 Demo
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{494420A9-5F25-457B-9BBF-228E6A73B94B}" = MAGIX Speed burnR (MSI)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5ED9E38C-9A96-49D8-89B3-92E278003FCF}" = PTP
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{68F7BAB5-36FF-450C-BC57-38BBEAC84010}" = A320 Pilot in Command
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DB27D3-FE05-4227-AF5A-11CD101ECF09}" = Corel Graphics - Windows Shell Extension
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F45E76-E897-42CA-A9FE-5F56817D875C}" = Locomotion
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EF276E0-1D97-4B9D-BB29-013165F567CA}" = MAGIX Video deluxe 17 Premium Download-Version
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1" = Foto-Mosaik-Edda Standard V6.7.12231.1
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5B5ADC2-AE6B-4C15-851D-45A4F99E2234}" = Just Flight World Airliners v1.00
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC59B86B-4E39-47C8-B79A-3EC33B86FB47}" = Connectivity Library and TI-Nspire™ handheld drivers
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B4009EBB-0818-454F-A6E8-BBAAAEEF89E6}" = TI-Diagnostics Tool
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7C5EA94-B96A-41F5-BE95-25D78B486678}" = Splashtop Streamer
"{B834524D-C302-F626-87D6-5E7352FBE502}" = simfy
"{B8F4A45C-581C-4707-8EF2-2B9E6722270C}" = SketchUp 8
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BD3BD375-0E7A-48D0-9117-69A5C7DED63E}" = RollerCoaster Tycoon 2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}" = MAGIX Screenshare
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E7CC4B85-DC2F-463F-8FEB-E7398E25C19A}" = Microsoft Flight Simulator X Service Pack 2
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECD9B590-821B-4618-99E5-01830BC8F076}" = BlueStacks
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F804CEB4-747E-46D5-B8AB-C56E3BAF27D9}_is1" = Das Fussball Studio 8.5.1
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9A22114-5177-4E63-B715-CF3B6EC873A3}" = Just Flight FSTraffic 2002 v1.00
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.3.3
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Boeing 744 All-in-one Pack V.1.0" = Boeing 744 All-in-one Pack V.1.0
"Bridge It_is1" = Bridge It 1.2
"Cities of Earth 3D Screensaver_is1" = Cities of Earth 3D Screensaver v. 2.1
"DVD-lab_is1" = DVD-lab 1.3.1
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"Fraps" = Fraps
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"FreePascal_is1" = Free Pascal 2.6.0
"FSDreamTeam ZurichX_is1" = FSDreamTeam ZurichX 2.5.3
"FsMovMapServer" = FsMovMapServer
"GeoGebra" = GeoGebra
"Google Chrome" = Google Chrome
"GPL Ghostscript 9.05" = GPL Ghostscript
"Hentai3D2-146.001" = thriXXX Hentai3D2-146.001
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"IrfanView" = IrfanView (remove only)
"MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Download-Version
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Thunderbird 17.0.7 (x86 de)" = Mozilla Thunderbird 17.0.7 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"M-WIN-D 8.0.4 2609533_is1" = Wolfram CDF Player (M-WIN-D 8.0.4 2609533)
"NIS" = Norton Internet Security CBE
"Notepad++" = Notepad++
"notionCUBE MindMap 2013 2013" = notionCUBE MindMap 2013
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PDF To Excel Converter_is1" = PDF To Excel Converter V2.0
"ProInst" = Intel PROSet Wireless
"Qlock" = Qlock Pro
"RarmaRadio_is1" = RarmaRadio 2.69
"RollerCoaster Tycoon Setup" = Roll
"Simfy" = simfy
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"Splashtop Software Updater" = Splashtop Software Updater
"Steam App 73010" = Cities in Motion
"TIMELEFT3_is1" = TimeLeft
"TI-Nspire CAS Student Software" = TI-Nspire CAS Student Software
"WAV To MP3_is1" = WAV To MP3 V2
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mixxx (1.10.1)" = Mixxx 1.10.1
"Spotify" = Spotify
"STANLY Track" = STANLY Track
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.07.2013 22:26:54 | Computer Name = Medion-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
 Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
 state)
 
Error - 08.07.2013 07:46:35 | Computer Name = Medion-PC | Source = Microsoft-Windows-Defrag | ID = 257
Description = 
 
Error - 08.07.2013 17:34:10 | Computer Name = Medion-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 14.0.6129.5000 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: bf8    Startzeit: 01ce7c2270c14a32    Endzeit: 15    Anwendungspfad: 
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE    Berichts-ID: 150c7da2-e816-11e2-ae36-bc7737bd3890

 
Error - 09.07.2013 04:41:26 | Computer Name = Medion-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
 Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
 state)
 
Error - 24.07.2013 10:58:24 | Computer Name = Medion-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
 Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
 state)
 
Error - 24.07.2013 12:14:04 | Computer Name = Medion-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567,
 Zeitstempel: 0x4d672ee4  Name des fehlerhaften Moduls: msvcrt.dll, Version: 7.0.7601.17744,
 Zeitstempel: 0x4eeb033f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000001049
ID
 des fehlerhaften Prozesses: 0x70c  Startzeit der fehlerhaften Anwendung: 0x01ce8888aa5e1572
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\system32\msvcrt.dll  Berichtskennung: 0ebbac3a-f47c-11e2-968f-bc7737bd3890
 
Error - 24.07.2013 12:14:25 | Computer Name = Medion-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
 Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
 state)
 
Error - 24.07.2013 14:19:17 | Computer Name = Medion-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
 Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
 state)
 
Error - 24.07.2013 14:28:20 | Computer Name = Medion-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 24.07.2013 14:39:32 | Computer Name = Medion-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
 Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
 state)
 
[ Media Center Events ]
Error - 16.10.2011 13:15:20 | Computer Name = Medion-PC | Source = MCUpdate | ID = 0
Description = 19:15:20 - Fehler beim Herstellen der Internetverbindung.  19:15:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.10.2011 13:15:31 | Computer Name = Medion-PC | Source = MCUpdate | ID = 0
Description = 19:15:25 - Fehler beim Herstellen der Internetverbindung.  19:15:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.10.2011 14:15:36 | Computer Name = Medion-PC | Source = MCUpdate | ID = 0
Description = 20:15:36 - Fehler beim Herstellen der Internetverbindung.  20:15:36 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.10.2011 14:15:42 | Computer Name = Medion-PC | Source = MCUpdate | ID = 0
Description = 20:15:41 - Fehler beim Herstellen der Internetverbindung.  20:15:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.10.2011 11:20:33 | Computer Name = Medion-PC | Source = MCUpdate | ID = 0
Description = 17:20:33 - Fehler beim Herstellen der Internetverbindung.  17:20:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.10.2011 11:20:46 | Computer Name = Medion-PC | Source = MCUpdate | ID = 0
Description = 17:20:38 - Fehler beim Herstellen der Internetverbindung.  17:20:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.10.2011 12:20:51 | Computer Name = Medion-PC | Source = MCUpdate | ID = 0
Description = 18:20:51 - Fehler beim Herstellen der Internetverbindung.  18:20:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.10.2011 12:20:57 | Computer Name = Medion-PC | Source = MCUpdate | ID = 0
Description = 18:20:56 - Fehler beim Herstellen der Internetverbindung.  18:20:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.10.2011 14:29:01 | Computer Name = Medion-PC | Source = MCUpdate | ID = 0
Description = 20:29:01 - Fehler beim Herstellen der Internetverbindung.  20:29:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 19.10.2011 14:30:39 | Computer Name = Medion-PC | Source = MCUpdate | ID = 0
Description = 20:30:02 - Fehler beim Herstellen der Internetverbindung.  20:30:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 24.07.2013 14:34:29 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.07.2013 14:34:29 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 24.07.2013 14:34:34 | Computer Name = Medion-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\System32\IWMSSvc.dll  Fehlercode: 21  
 
Error - 24.07.2013 14:34:39 | Computer Name = Medion-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 24.07.2013 14:34:41 | Computer Name = Medion-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 24.07.2013 14:39:32 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
Error - 24.07.2013 14:39:57 | Computer Name = Medion-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 24.07.2013 14:58:45 | Computer Name = Medion-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 24.07.2013 14:58:46 | Computer Name = Medion-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 24.07.2013 14:58:47 | Computer Name = Medion-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
 
< End of report >
         


Ich bin sehr verzweifelt und bin mir sicher, dass dieses Forum genau der richtige Ort ist, um professionelle Hilfe zu erhalten. Vielen Dank für die Hilfe schon mal im Vorraus.

Liebe Grüße

Alt 25.07.2013, 11:47   #2
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner 2.07 - Standard

GVU-Trojaner 2.07



Hi,

also momentan bootet er nicht?

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 25.07.2013, 17:37   #3
MD11
 
GVU-Trojaner 2.07 - Standard

GVU-Trojaner 2.07



Danke für die schnelle Unterstützung!
Hier ist der FRST Log.



FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2013
Ran by SYSTEM on 25-07-2013 17:14:45
Running from K:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11817576 2011-04-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2209896 2011-04-18] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [x]
HKLM\...\Run: [PSQLLauncher] - C:\Program Files\Protector Suite\launcher.exe [84816 2010-12-09] (UPEK Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2028328 2010-01-22] (Synaptics Incorporated)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
HKLM-x32\...\Run: [NUSB3MON] - "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] - "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CLMLServer] - "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [107816 2010-08-03] (CyberLink)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [TrayServer] - C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Download-Version\TrayServer.exe [90112 2008-08-07] (MAGIX AG)
HKU\Default\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]
HKU\Default User\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]
HKU\Medion\...\Run: [Spotify Web Helper] - "C:\Users\Medion\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-07-05] (Spotify Ltd)
HKU\Medion\...\Run: [EPSON SX430 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE /FU "C:\Users\Medion\AppData\Local\Temp\E_S45F9.tmp" /EF "HKCU" [126 2013-04-29] () <===== ATTENTION
HKU\Medion\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Medion\...\Winlogon: [Shell] explorer.exe,C:\Users\Medion\AppData\Roaming\cache.dat <==== ATTENTION 
HKU\UpdatusUser\...\RunOnce: [Screensaver] - C:\Windows\Web\Wallpaper\MEDION\start.vbs [x]
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [239720 2011-06-12] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [200808 2011-06-12] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
Startup: C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qlock.lnk
ShortcutTarget: qlock.lnk -> C:\Program Files (x86)\Qlock\qlock.exe ()
Startup: C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk
ShortcutTarget: TimeLeft.lnk -> C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.)

==================== Services (Whitelisted) =================

S2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [395416 2012-07-23] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [383128 2012-07-23] (BlueStack Systems, Inc.)
S2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [159752 2010-10-06] ()
S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
S2 NIS; C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-12-14] ()
S4 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [62464 2010-12-06] ()
S2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe" [x]
S2 SSUService; C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130702.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [72856 2012-07-23] (BlueStack Systems)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [72856 2012-07-23] (BlueStack Systems)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-17] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-17] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-17] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130710.001\IDSvia64.sys [513184 2013-05-07] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130710.001\IDSvia64.sys [513184 2013-05-07] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130710.022\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130710.022\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130710.022\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130710.022\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2010-07-07] (Texas Instruments)
S3 ALSysIO; \??\C:\Users\Medion\AppData\Local\Temp\ALSysIO64.sys [x]
S3 RSUSBVSTOR; System32\Drivers\RTSUVSTOR.sys [x]
S3 uxddrv; \??\F:\uxddrv64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-25 17:13 - 2013-07-25 17:13 - 00000000 ____D C:\FRST
2013-07-24 12:18 - 2013-07-24 12:18 - 00000000 _____ C:\Users\Medion\defogger_reenable
2013-07-11 02:48 - 2013-07-11 02:48 - 00002320 _____ C:\{815CB476-51C0-46F4-A67E-B4FC2C96F54B}
2013-07-11 02:43 - 2013-07-11 02:43 - 00002304 _____ C:\{7F3717A1-6CC0-46BA-9926-2F48A274832E}
2013-07-10 23:33 - 2013-07-24 16:41 - 00000004 _____ C:\Users\Medion\AppData\Roaming\cache.ini
2013-07-08 12:01 - 2013-07-08 12:01 - 00000845 _____ C:\Users\Medion\.recently-used.xbel
2013-07-08 11:34 - 2013-07-08 11:34 - 03159660 _____ C:\Users\Medion\Downloads\Präsentation_Deutsch_Abitur_Patrick Agte.pptx
2013-07-07 04:52 - 2013-07-07 04:52 - 00000000 ____D C:\Users\Medion\AppData\Local\{3B0F4FA9-65DF-4D9B-A6FB-5E7FD8BDDDA2}
2013-07-05 07:56 - 2013-07-05 07:56 - 00003132 _____ C:\Windows\System32\Tasks\{4B8889CD-8951-488E-A798-2C1839B2697A}
2013-07-05 05:48 - 2013-07-05 05:48 - 00000282 _____ C:\SSUUpdater.log
2013-07-05 05:31 - 2013-07-05 05:33 - 00000000 ____D C:\Users\Medion\AppData\Local\Splashtop
2013-07-05 05:29 - 2013-07-05 05:31 - 00000000 ____D C:\ProgramData\Splashtop
2013-07-05 05:20 - 2013-07-05 05:20 - 00000000 ____D C:\Program Files\Bonjour
2013-07-05 05:20 - 2013-07-05 05:20 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-05 05:19 - 2013-07-05 05:21 - 00000000 ____D C:\Users\Medion\AppData\Roaming\SHAPE
2013-07-04 14:09 - 2013-07-04 14:09 - 00029689 _____ C:\Users\Medion\AppData\Local\recently-used.xbel
2013-07-04 10:45 - 2013-07-04 10:45 - 00000000 ____D C:\Users\Medion\AppData\Local\{EB2E31E3-1540-4A38-AD3C-CB63FF6594F2}
2013-07-04 10:44 - 2013-07-04 10:44 - 00000000 ____D C:\Users\Medion\AppData\Local\{3931ECBF-6D11-4F2E-A286-589EDB9912D6}
2013-07-04 09:54 - 2013-07-04 09:54 - 00000000 ____D C:\Users\Medion\AppData\Local\{F8720D52-9E5A-47C5-B476-A32B8A4A43DB}
2013-07-04 09:49 - 2013-07-04 09:49 - 00000000 ____D C:\Users\Medion\AppData\Local\{659EC5E4-5D5E-4751-98CE-B8FE68A733A5}
2013-07-04 09:48 - 2013-07-04 09:48 - 00000000 ____D C:\Users\Medion\AppData\Local\{D154E200-6138-4A1E-B091-3390AE590BAF}
2013-07-03 10:41 - 2013-07-03 10:41 - 00000000 ____D C:\Program Files (x86)\Blender Foundation
2013-07-03 05:05 - 2013-07-03 05:12 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Golly
2013-07-02 23:21 - 2013-07-02 23:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-01 07:31 - 2013-07-01 07:31 - 00000000 ____D C:\Users\Medion\AppData\Local\{4385E8EA-76DC-4EE3-93B7-EA7F41133A6B}
2013-06-30 11:56 - 2013-06-30 11:56 - 00000000 ____D C:\Users\Medion\AppData\Local\{24AF7DD8-41E5-4DD6-9483-48857E0CC44F}
2013-06-30 08:57 - 2013-06-30 08:57 - 00000000 ____D C:\Users\Medion\AppData\Local\{68A4A78E-7BBA-464C-9E2D-206E722499CD}
2013-06-30 04:57 - 2013-06-30 04:57 - 00000000 ____D C:\Users\Medion\AppData\Local\{5EF25F91-535B-4AC8-AB66-D2D0AFCBCDA6}
2013-06-30 04:08 - 2013-06-30 04:08 - 00000000 ____D C:\Users\Medion\AppData\Local\{E25DB3D4-1010-4AC7-B5B3-1EB7BB9D633A}
2013-06-29 00:26 - 2013-06-29 00:26 - 00000000 ____D C:\Users\Medion\AppData\Local\{497B49E3-F028-4261-8428-B67751C4F0D3}
2013-06-27 07:57 - 2013-06-27 07:57 - 00000000 ____D C:\Users\Medion\AppData\Local\{43A19F0E-18CA-48A6-BD60-59143DDD5753}
2013-06-27 01:11 - 2013-06-27 01:11 - 00000000 ____D C:\output
2013-06-27 01:10 - 2013-06-27 01:10 - 00000000 ____D C:\WAV To MP3
2013-06-25 09:08 - 2013-06-25 10:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-25 07:16 - 2013-07-04 14:06 - 00000000 ____D C:\Users\Medion\AppData\Local\gtk-2.0
2013-06-25 06:04 - 2013-07-04 14:09 - 00000000 ____D C:\Users\Medion\.gimp-2.8
2013-06-25 06:04 - 2013-06-25 06:04 - 00000000 ____D C:\Users\Medion\AppData\Local\gegl-0.2
2013-06-25 06:02 - 2013-06-25 06:03 - 00000000 ____D C:\Program Files\GIMP 2

==================== One Month Modified Files and Folders =======

2013-07-25 17:13 - 2013-07-25 17:13 - 00000000 ____D C:\FRST
2013-07-24 16:42 - 2011-10-06 01:41 - 01181563 _____ C:\Windows\WindowsUpdate.log
2013-07-24 16:41 - 2013-07-10 23:33 - 00000004 _____ C:\Users\Medion\AppData\Roaming\cache.ini
2013-07-24 16:41 - 2009-07-13 20:45 - 00016752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-24 16:41 - 2009-07-13 20:45 - 00016752 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-24 16:40 - 2011-06-19 09:00 - 00710150 _____ C:\Windows\System32\perfh007.dat
2013-07-24 16:40 - 2011-06-19 09:00 - 00154554 _____ C:\Windows\System32\perfc007.dat
2013-07-24 16:40 - 2009-07-13 21:13 - 01649556 _____ C:\Windows\System32\PerfStringBackup.INI
2013-07-24 16:34 - 2011-11-14 04:49 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Dropbox
2013-07-24 16:33 - 2011-10-22 09:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-24 16:33 - 2011-10-12 06:58 - 2012148146 _____ C:\Windows\MEMORY.DMP
2013-07-24 16:33 - 2011-10-12 06:58 - 00000000 ____D C:\Windows\Minidump
2013-07-24 16:33 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-24 16:33 - 2009-07-13 20:51 - 00151436 _____ C:\Windows\setupact.log
2013-07-24 16:17 - 2012-03-30 23:22 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-24 16:12 - 2011-10-22 09:32 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-24 16:08 - 2011-11-20 12:08 - 00000314 _____ C:\Windows\Tasks\DMEPeriodicTask.job
2013-07-24 12:18 - 2013-07-24 12:18 - 00000000 _____ C:\Users\Medion\defogger_reenable
2013-07-24 12:18 - 2011-10-06 01:52 - 00000000 ____D C:\users\Medion
2013-07-24 08:14 - 2013-05-24 12:06 - 00000000 ____D C:\Users\Medion\AppData\Local\CrashDumps
2013-07-18 09:49 - 2010-11-20 19:47 - 00178550 _____ C:\Windows\PFRO.log
2013-07-11 02:48 - 2013-07-11 02:48 - 00002320 _____ C:\{815CB476-51C0-46F4-A67E-B4FC2C96F54B}
2013-07-11 02:43 - 2013-07-11 02:43 - 00002304 _____ C:\{7F3717A1-6CC0-46BA-9926-2F48A274832E}
2013-07-11 00:07 - 2012-06-27 03:55 - 00000000 ____D C:\Users\Medion\Dokumente
2013-07-10 23:11 - 2011-11-14 04:52 - 00000000 ___RD C:\Users\Medion\Dropbox
2013-07-09 15:14 - 2012-08-27 08:02 - 00000000 ____D C:\Users\Medion\AppData\Local\BlueStacks
2013-07-09 14:14 - 2012-08-27 08:02 - 00000000 ____D C:\Users\Medion\AppData\Local\BlueStacksSetup
2013-07-08 12:12 - 2011-10-09 10:10 - 00000000 ____D C:\Users\Medion\.gimp-2.6
2013-07-08 12:01 - 2013-07-08 12:01 - 00000845 _____ C:\Users\Medion\.recently-used.xbel
2013-07-08 11:34 - 2013-07-08 11:34 - 03159660 _____ C:\Users\Medion\Downloads\Präsentation_Deutsch_Abitur_Patrick Agte.pptx
2013-07-07 04:52 - 2013-07-07 04:52 - 00000000 ____D C:\Users\Medion\AppData\Local\{3B0F4FA9-65DF-4D9B-A6FB-5E7FD8BDDDA2}
2013-07-06 11:14 - 2011-11-16 04:45 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Audacity
2013-07-05 14:13 - 2012-03-22 04:32 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Spotify
2013-07-05 07:56 - 2013-07-05 07:56 - 00003132 _____ C:\Windows\System32\Tasks\{4B8889CD-8951-488E-A798-2C1839B2697A}
2013-07-05 05:48 - 2013-07-05 05:48 - 00000282 _____ C:\SSUUpdater.log
2013-07-05 05:33 - 2013-07-05 05:31 - 00000000 ____D C:\Users\Medion\AppData\Local\Splashtop
2013-07-05 05:31 - 2013-07-05 05:29 - 00000000 ____D C:\ProgramData\Splashtop
2013-07-05 05:21 - 2013-07-05 05:19 - 00000000 ____D C:\Users\Medion\AppData\Roaming\SHAPE
2013-07-05 05:20 - 2013-07-05 05:20 - 00000000 ____D C:\Program Files\Bonjour
2013-07-05 05:20 - 2013-07-05 05:20 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-07-05 04:00 - 2012-03-07 10:19 - 00000000 ____D C:\Users\Medion\Documents\VirtualDJ
2013-07-04 14:09 - 2013-07-04 14:09 - 00029689 _____ C:\Users\Medion\AppData\Local\recently-used.xbel
2013-07-04 14:09 - 2013-06-25 06:04 - 00000000 ____D C:\Users\Medion\.gimp-2.8
2013-07-04 14:06 - 2013-06-25 07:16 - 00000000 ____D C:\Users\Medion\AppData\Local\gtk-2.0
2013-07-04 10:45 - 2013-07-04 10:45 - 00000000 ____D C:\Users\Medion\AppData\Local\{EB2E31E3-1540-4A38-AD3C-CB63FF6594F2}
2013-07-04 10:44 - 2013-07-04 10:44 - 00000000 ____D C:\Users\Medion\AppData\Local\{3931ECBF-6D11-4F2E-A286-589EDB9912D6}
2013-07-04 09:54 - 2013-07-04 09:54 - 00000000 ____D C:\Users\Medion\AppData\Local\{F8720D52-9E5A-47C5-B476-A32B8A4A43DB}
2013-07-04 09:49 - 2013-07-04 09:49 - 00000000 ____D C:\Users\Medion\AppData\Local\{659EC5E4-5D5E-4751-98CE-B8FE68A733A5}
2013-07-04 09:48 - 2013-07-04 09:48 - 00000000 ____D C:\Users\Medion\AppData\Local\{D154E200-6138-4A1E-B091-3390AE590BAF}
2013-07-04 07:07 - 2011-10-22 09:32 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-04 07:07 - 2011-10-22 09:32 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-03 20:51 - 2012-05-02 12:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-03 10:43 - 2012-01-16 14:07 - 00000000 ___RD C:\Users\Medion\Desktop\Anderes
2013-07-03 10:41 - 2013-07-03 10:41 - 00000000 ____D C:\Program Files (x86)\Blender Foundation
2013-07-03 07:46 - 2013-03-22 13:16 - 00001462 _____ C:\Users\Medion\AppData\Local\RecConfig.xml
2013-07-03 05:28 - 2011-10-22 09:05 - 00000000 ____D C:\Users\Medion\AppData\Roaming\.minecraft
2013-07-03 05:12 - 2013-07-03 05:05 - 00000000 ____D C:\Users\Medion\AppData\Roaming\Golly
2013-07-03 01:06 - 2012-03-22 04:35 - 00000000 ____D C:\Users\Medion\AppData\Local\Spotify
2013-07-03 00:04 - 2011-10-30 06:12 - 00000000 ____D C:\Users\Medion\AppData\Roaming\gtk-2.0
2013-07-02 23:21 - 2013-07-02 23:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-01 07:31 - 2013-07-01 07:31 - 00000000 ____D C:\Users\Medion\AppData\Local\{4385E8EA-76DC-4EE3-93B7-EA7F41133A6B}
2013-06-30 11:56 - 2013-06-30 11:56 - 00000000 ____D C:\Users\Medion\AppData\Local\{24AF7DD8-41E5-4DD6-9483-48857E0CC44F}
2013-06-30 08:57 - 2013-06-30 08:57 - 00000000 ____D C:\Users\Medion\AppData\Local\{68A4A78E-7BBA-464C-9E2D-206E722499CD}
2013-06-30 04:57 - 2013-06-30 04:57 - 00000000 ____D C:\Users\Medion\AppData\Local\{5EF25F91-535B-4AC8-AB66-D2D0AFCBCDA6}
2013-06-30 04:08 - 2013-06-30 04:08 - 00000000 ____D C:\Users\Medion\AppData\Local\{E25DB3D4-1010-4AC7-B5B3-1EB7BB9D633A}
2013-06-29 00:26 - 2013-06-29 00:26 - 00000000 ____D C:\Users\Medion\AppData\Local\{497B49E3-F028-4261-8428-B67751C4F0D3}
2013-06-27 07:57 - 2013-06-27 07:57 - 00000000 ____D C:\Users\Medion\AppData\Local\{43A19F0E-18CA-48A6-BD60-59143DDD5753}
2013-06-27 01:11 - 2013-06-27 01:11 - 00000000 ____D C:\output
2013-06-27 01:10 - 2013-06-27 01:10 - 00000000 ____D C:\WAV To MP3
2013-06-26 12:47 - 2012-01-20 13:28 - 00000000 ____D C:\Users\Medion\AppData\Local\Windows Live
2013-06-25 21:19 - 2009-07-13 20:45 - 00683288 _____ C:\Windows\System32\FNTCACHE.DAT
2013-06-25 10:50 - 2013-06-25 09:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-06-25 08:34 - 2011-10-06 01:53 - 00209832 _____ C:\Users\Medion\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-25 06:04 - 2013-06-25 06:04 - 00000000 ____D C:\Users\Medion\AppData\Local\gegl-0.2
2013-06-25 06:03 - 2013-06-25 06:02 - 00000000 ____D C:\Program Files\GIMP 2

Files to move or delete:
====================
C:\Users\Medion\gs905w32.exe
C:\Users\Medion\AppData\Roaming\cache.dat
C:\Users\Medion\AppData\Roaming\cache.ini

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-23 22:44:45
Restore point made on: 2013-06-29 00:26:13
Restore point made on: 2013-07-01 02:28:28
Restore point made on: 2013-07-05 05:28:41
Restore point made on: 2013-07-09 14:39:27
Restore point made on: 2013-07-24 13:31:12

==================== Memory info =========================== 

Percentage of memory in use: 12%
Total physical RAM: 6055.05 MB
Available physical RAM: 5286.23 MB
Total Pagefile: 6053.25 MB
Available Pagefile: 5303.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:657.54 GB) (Free:231.1 GB) NTFS (Disk=0 Partition=2)
Drive d: (Recover) (Fixed) (Total:37.99 GB) (Free:14.71 GB) NTFS (Disk=0 Partition=4)
Drive k: (USB DISK) (Removable) (Total:14.92 GB) (Free:9.37 GB) FAT32 (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: F9D747CA)
Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=658 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=40 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2013-07-24 13:23

==================== End Of Log ============================
         
--- --- ---

--- --- ---
EDIT:

Nachdem ich den Computer mal testweise normal gestartet hatte ist es mir nochmals gelungen durch diese ("Programme müssen noch geschlossen werden" beim Herunterfahren von Windows 7) Funktion (mit Hife der Kurznotizen) Zugriff auf den Desktop zu erlangen. Heißt das, dass der Schädling schon heruntergefahren ist?

Vergessen zu erwähnen hatte ich, dass der Bildschirm erstmals am Vormittag des 11.07. blockiert wurde.
__________________
__________________

Alt 26.07.2013, 09:06   #4
schrauber
/// the machine
/// TB-Ausbilder
 

GVU-Trojaner 2.07 - Standard

GVU-Trojaner 2.07



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKU\Medion\...\Winlogon: [Shell] explorer.exe,C:\Users\Medion\AppData\Roaming\cache.dat <==== ATTENTION 
C:\Users\Medion\AppData\Roaming\cache.dat
C:\Users\Medion\AppData\Roaming\cache.ini
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.


neu booten, freuen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu GVU-Trojaner 2.07
bho, bluestacks, bonjour, computer, converter, desktop, ebay, error, euro, excel, festplatte, firefox, flash player, frage, gvu 2.07, home, install.exe, mozilla, mp3, nvpciflt.sys, plug-in, realtek, registry, scan, security, sketchup, software, spotify web helper, svchost.exe, symantec, system, trojaner, win 7 64 bit, win7 64bit, windows



Zum Thema GVU-Trojaner 2.07 - Hallo liebe Helfer, wie die Meisten hier bin auch ich neu hier und habe gleich ein Anliegen. Wahrscheinlich habe ich schon einige Fehler gemacht, die aber jetzt passiert sind. Was - GVU-Trojaner 2.07...
Archiv
Du betrachtest: GVU-Trojaner 2.07 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.