Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Malwarebytes findet PUP.funmoods in Registry

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.04.2012, 19:04   #1
flaaghuhn
 
Malwarebytes findet PUP.funmoods in Registry - Standard

Malwarebytes findet PUP.funmoods in Registry



Guten Abend,

ich habe heute mein System mit Malwarebytes Anti-Malware durchsucht und es hat gleich vier infizierte Objekte in der Registry gefunden, alle mit der Bezeichnung "PUP.funmoods". Ich habe natürlich diese Einträge gleich mit Malwarebytes gelöscht, jedoch würde ich gerne wissen, ob das echte Schädlinge sind oder nur Adware (bzw. das Programm dahinter)? Sollte ich noch etwas unternehmen, damit mein PC wieder 100% clean wird (wie er vorher war)?
Für jede Antwort bin ich dankbar.

Mein System:

Win7 64 Bit
Virenschutz: Avast Free Anti-Virus 7

Im Anhang sind die Logfiles von DDS und Malwarebytes.

Grüße,

flaaghuhn

Alt 25.04.2012, 11:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes findet PUP.funmoods in Registry - Standard

Malwarebytes findet PUP.funmoods in Registry



Zitat:
Malwarebytes findet PUP.funmoods in Registry
Das kommt, wenn man Funmoods installiert, eine sinnfreie bis schädliche Browsererweiterung nur um ein paar Smilies mehr in Facebook zu haben

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________

__________________

Alt 25.04.2012, 15:26   #3
flaaghuhn
 
Malwarebytes findet PUP.funmoods in Registry - Standard

Malwarebytes findet PUP.funmoods in Registry



Na ja, solche Dinger habe ich halt nie willentlich installiert^^.

Ich habe recht viele Logs von Malwarebytes, weil ich damit immer wieder meinen PC scanne - soll ich wirklich alle posten? Gefunden wurde sonst nie etwas.

Grüße,

flaaghuhn
__________________

Alt 25.04.2012, 15:42   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes findet PUP.funmoods in Registry - Standard

Malwarebytes findet PUP.funmoods in Registry



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 25.04.2012, 22:52   #5
flaaghuhn
 
Malwarebytes findet PUP.funmoods in Registry - Standard

Malwarebytes findet PUP.funmoods in Registry



Okay, nach 4,5 Stunden ist der Scan endlich mal fertig - ist das normal, dass es so extrem lange gedauert hat? Na ja, gefunden hat es nichts.

Grüße,

flaaghuhn

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f60571956ad2ec48aeb0ba232b53dcae
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-25 05:10:17
# local_time=2012-04-25 07:10:17 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 256 87003663 0 0
# compatibility_mode=8192 67108863 100 0 509 509 0 0
# scanned=664
# found=0
# cleaned=0
# scan_time=4
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f60571956ad2ec48aeb0ba232b53dcae
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-25 09:39:16
# local_time=2012-04-25 11:39:16 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5893 16776573 100 94 3932 87003739 0 0
# compatibility_mode=8192 67108863 100 0 585 585 0 0
# scanned=268311
# found=0
# cleaned=0
# scan_time=16066
         


Alt 26.04.2012, 09:26   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes findet PUP.funmoods in Registry - Standard

Malwarebytes findet PUP.funmoods in Registry



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> Malwarebytes findet PUP.funmoods in Registry

Alt 26.04.2012, 13:00   #7
flaaghuhn
 
Malwarebytes findet PUP.funmoods in Registry - Standard

Malwarebytes findet PUP.funmoods in Registry



1.)
Windows funktioniert im normalen Modus eigentlich so, wie es sein sollte.

Seit dem ich aber die neue LibreOffice Version installiert habe, kann ich auf meine Dokumente nicht mehr per Doppelklick aufs Icon öffnen, da kommt eine Fehlermeldung ("Der angeforderte Vorgang erfordert erhöhte Rechte"), aber ich denke kaum, dass es von Malware verursacht wird (Wenn ich z.B. Wordpad befehle, .odt Dateien zu öffnen, dann klappt es auch per Doppelklick, und in LibreOffice lassen sich die Dateien auch normal öffnen, nur geht halt der Doppelklick aufs Icon nicht -> Fehlermeldung). Dabei bin ich aber als Administrator eingeloggt.

2.)
Im Startmenü vermisse ich nichts, unter "Alle Programme" gibt es nur zwei leere Ordner: "Autostart" und "Freemake".

Alt 26.04.2012, 15:59   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes findet PUP.funmoods in Registry - Standard

Malwarebytes findet PUP.funmoods in Registry



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.04.2012, 17:29   #9
flaaghuhn
 
Malwarebytes findet PUP.funmoods in Registry - Standard

Malwarebytes findet PUP.funmoods in Registry



Okay, habe ich gemacht. Die Logfiles muss ich wohl in verschiedenen Beiträgen posten, da ich jetzt keine Dateien mehr anhängen kann.

Logfile vom normalen Scan:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.04.2012 18:07:42 - Run 2
OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,89% Memory free
7,98 Gb Paging File | 5,37 Gb Available in Paging File | 67,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 905,41 Gb Total Space | 681,30 Gb Free Space | 75,25% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 19,26 Gb Free Space | 77,02% Space Free | Partition Type: NTFS
Drive E: | 5,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: RH-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.26 17:25:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.04.21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.20 19:16:51 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.02.14 17:37:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.15 01:22:28 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.15 17:18:14 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.03.31 05:37:10 | 000,221,184 | ---- | M] () -- C:\Windows\system\cm106eye.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.04.20 19:16:48 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.04.20 19:16:46 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012.04.20 19:16:44 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.04.20 19:16:42 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.04.20 19:16:40 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2011.03.31 05:37:10 | 000,491,520 | ---- | M] () -- C:\Windows\system\cmau106.dll
MOD - [2011.03.31 05:37:10 | 000,221,184 | ---- | M] () -- C:\Windows\system\cm106eye.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.06 05:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.20 19:16:51 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.04.13 22:32:27 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.05 15:50:08 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.14 17:37:59 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.15 17:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.07 02:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 02:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 02:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 02:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 02:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 02:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.06 05:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.12.06 04:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.17 19:40:50 | 000,093,712 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.31 05:37:23 | 001,307,648 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.03.09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eu.ask.com/web?l=dis&o=16552&gct=hp&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=2491552175464200&p2=^A9T^YYYYYY^YY^DE
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 11 16 23 F6 E7 CC 01  [binary data]
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\..\SearchScopes,DefaultScope = {8F6E9A62-677B-4386-BBA9-DCCFAE0FA647}
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\..\SearchScopes\{8F6E9A62-677B-4386-BBA9-DCCFAE0FA647}: "URL" = hxxp://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = hxxp://eu.ask.com/web?l=dis&o=16552&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=2491552175464200&p2=^A9T^YYYYYY^YY^DE&q={searchTerms}
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\..\SearchScopes\{C346F459-10D6-4C3F-84C9-08F57493FBF2}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.116.0: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.24 12:28:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.21 23:25:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.14 23:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.04.25 17:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yf79f88y.default\extensions
[2012.01.16 19:44:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yf79f88y.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.21 00:01:05 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yf79f88y.default\extensions\ffxtlbr@funmoods.com
[2012.02.21 00:01:04 | 000,001,798 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\yf79f88y.default\searchplugins\funmoods.xml
[2012.04.21 23:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.24 12:28:36 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YF79F88Y.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YF79F88Y.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YF79F88Y.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YF79F88Y.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.16 14:53:20 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: avast! WebRep = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Google Mail = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42847496-B284-445A-B872-6729C5DB2D9E}: NameServer = 82.145.9.8 89.246.64.8
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2007.10.25 01:29:17 | 000,000,000 | ---D | M] - E:\autorun -- [ CDFS ]
O32 - AutoRun File - [2007.07.19 16:53:44 | 000,000,058 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007.10.25 00:11:40 | 004,318,432 | R--- | M] (Crytek) - E:\AutoRunCD.exe -- [ CDFS ]
O33 - MountPoints2\{b9805b12-3ef5-11e1-96ad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b9805b12-3ef5-11e1-96ad-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRunCD.exe -- [2007.10.25 00:11:40 | 004,318,432 | R--- | M] (Crytek)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.26 17:25:23 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.04.26 15:53:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{B8503599-2A33-4B31-9B97-526F2CBB2CDD}
[2012.04.26 15:51:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{6227BB1E-88CE-414B-875C-57B4A6C2C652}
[2012.04.26 15:32:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{5EBE63F6-A160-44E2-BC70-5B23AFB37059}
[2012.04.26 15:32:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\{060B7087-E2F7-4A00-B25E-26159C3A3EB9}
[2012.04.26 15:16:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012.04.26 15:16:40 | 000,000,000 | ---D | C] -- C:\Fraps
[2012.04.26 13:47:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LibreOffice
[2012.04.26 13:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.5
[2012.04.26 13:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 3.5
[2012.04.25 19:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.04.25 17:48:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.04.25 17:48:03 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.04.25 17:48:03 | 000,224,136 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.04.25 17:48:03 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.04.25 17:48:03 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.04.25 17:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.04.25 17:46:44 | 000,264,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.04.25 17:46:44 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.04.25 17:46:44 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.04.25 17:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.04.21 23:25:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.21 23:25:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.04.20 21:34:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Chromium
[2012.04.20 19:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012.04.20 19:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Hi-Rez Studios
[2012.04.20 19:20:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hi-Rez Studios
[2012.04.20 18:44:24 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\SecuROM
[2012.04.20 18:18:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012.04.20 18:15:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012.04.14 02:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
[2012.04.14 02:57:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Resource Hacker
[2012.04.13 03:03:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\IsolatedStorage
[2012.04.12 15:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2012.04.12 03:03:37 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.04.12 03:03:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.04.12 03:03:35 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.04.12 03:03:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.04.12 03:03:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.04.12 03:03:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.04.12 03:03:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.04.12 03:03:33 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.04.12 03:03:33 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.04.12 03:03:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.04.12 03:03:31 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.04.12 03:03:13 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.04.12 03:03:13 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.04.12 03:03:12 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.04.12 03:00:56 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012.04.12 03:00:55 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012.04.12 03:00:50 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.04.11 23:35:33 | 000,000,000 | ---D | C] -- C:\Users\***\riotsGamesLogs
[2012.04.11 18:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.04.11 18:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.04.11 15:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmNationsForever
[2012.04.11 15:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmNationsForever
[2012.04.09 02:38:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LolClient
[2012.04.08 22:54:19 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012.04.08 22:54:19 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012.04.08 22:54:18 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012.04.08 22:40:06 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012.04.08 22:40:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012.04.08 21:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012.04.04 19:35:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\My Games
[2012.04.04 19:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\2K Games
[2012.04.04 19:14:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.04.02 12:32:19 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.02 12:24:18 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.01 19:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bloodshed Dev-C++
[2012.04.01 18:38:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\codeblocks
[2012.04.01 18:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks
[2012.04.01 18:09:19 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Dev-Cpp
[2012.04.01 18:08:56 | 000,000,000 | ---D | C] -- C:\Dev-Cpp
[2012.04.01 18:03:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.04.01 18:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2012.04.01 18:03:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.04.01 18:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2012.03.30 19:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.03.30 19:45:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.26 17:56:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.26 17:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.26 17:25:32 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.04.26 16:20:11 | 000,010,818 | ---- | M] () -- C:\Users\***\Documents\Mein Film.wlmp
[2012.04.26 16:09:49 | 077,702,368 | ---- | M] () -- C:\Users\***\Desktop\Blops Skillshooting.wmv
[2012.04.26 15:16:45 | 000,000,572 | ---- | M] () -- C:\Users\***\Desktop\Fraps.lnk
[2012.04.26 14:56:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.26 13:51:23 | 000,011,324 | ---- | M] () -- C:\Users\***\Documents\Blog 01 12.03.12.odt
[2012.04.26 13:45:35 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012.04.26 13:25:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 13:25:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.26 13:18:25 | 000,307,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.04.26 13:18:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.26 13:18:08 | 3214,233,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.25 17:47:51 | 000,224,136 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.04.25 17:47:51 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.04.25 17:47:51 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.04.25 17:47:50 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012.04.25 17:47:50 | 000,567,696 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.04.25 17:46:36 | 000,264,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012.04.25 17:46:36 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012.04.25 17:46:36 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012.04.25 17:46:35 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.04.25 17:46:35 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.04.23 18:13:28 | 000,012,685 | ---- | M] () -- C:\Users\***\Documents\Drehbuch - Letzer Ausweg Religion.odt
[2012.04.23 00:21:24 | 000,000,173 | ---- | M] () -- C:\Users\***\AppData\Local\msmathematics.qat.***
[2012.04.21 23:25:55 | 000,001,053 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.20 18:18:58 | 001,561,054 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.20 18:18:58 | 000,667,012 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.04.20 18:18:58 | 000,627,194 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.04.20 18:18:58 | 000,135,778 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.04.20 18:18:58 | 000,111,430 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.04.20 18:17:18 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.20 18:17:14 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.04.20 18:17:10 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.04.17 15:37:49 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.04.14 19:58:42 | 000,002,268 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.04.13 22:32:27 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.04.13 22:32:27 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.04.13 22:32:20 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.04.12 03:06:00 | 001,526,806 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.04.08 22:19:32 | 000,019,665 | ---- | M] () -- C:\Users\***\Documents\Blog 03 08.04.2012.odt
[2012.04.08 19:50:34 | 000,011,709 | ---- | M] () -- C:\Users\***\Documents\Blog 03 25.03.12.odt
[2012.04.05 02:09:19 | 000,027,495 | ---- | M] () -- C:\Users\***\Documents\Verfassung.graphml
[2012.04.04 16:17:23 | 000,000,180 | ---- | M] () -- C:\Users\***\cinderella2-user.properties
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.31 22:44:47 | 000,025,500 | ---- | M] () -- C:\Users\***\Documents\Drehbuch - Die Jugend am Abgrund.odt
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.26 16:09:00 | 077,702,368 | ---- | C] () -- C:\Users\***\Desktop\Blops Skillshooting.wmv
[2012.04.26 15:49:42 | 000,010,818 | ---- | C] () -- C:\Users\***\Documents\Mein Film.wlmp
[2012.04.26 15:16:45 | 000,000,572 | ---- | C] () -- C:\Users\***\Desktop\Fraps.lnk
[2012.04.26 13:45:35 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012.04.23 18:13:27 | 000,012,685 | ---- | C] () -- C:\Users\***\Documents\Drehbuch - Letzer Ausweg Religion.odt
[2012.04.20 18:17:10 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.04.08 22:19:30 | 000,019,665 | ---- | C] () -- C:\Users\***\Documents\Blog 03 08.04.2012.odt
[2012.04.05 02:09:19 | 000,027,495 | ---- | C] () -- C:\Users\***\Documents\Verfassung.graphml
[2012.04.02 12:24:24 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.24 14:05:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.23 23:03:58 | 000,000,412 | ---- | C] () -- C:\Users\***\AppData\Roaming\All CPU Meter_Settings.ini
[2012.03.06 19:14:04 | 000,000,530 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.02 23:56:52 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2012.03.02 23:56:42 | 000,001,210 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2012.03.02 23:56:32 | 000,003,059 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2012.03.02 23:56:32 | 000,001,085 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2012.02.24 18:30:15 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2012.02.11 20:18:49 | 000,006,656 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.20 20:27:56 | 000,001,476 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml
[2012.01.15 20:35:22 | 000,000,173 | ---- | C] () -- C:\Users\***\AppData\Local\msmathematics.qat.***
[2012.01.15 15:04:27 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.01.15 15:04:24 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.01.14 23:43:44 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2012.01.14 23:39:57 | 000,019,488 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2012.01.14 23:39:56 | 001,561,054 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.06 04:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.12.06 04:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 01:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.31 05:37:10 | 000,000,964 | ---- | C] () -- C:\Windows\cm106.ini
 
========== LOP Check ==========
 
[2012.04.21 19:47:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.02.07 21:44:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics
[2012.04.01 19:08:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dev-Cpp
[2012.04.20 13:23:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.02.13 20:06:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.02.13 20:06:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.04.11 23:31:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameMaker
[2012.02.01 21:22:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.04.26 13:47:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice
[2012.04.09 02:38:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LolClient
[2012.04.01 18:17:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.02.10 15:32:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.01.15 14:12:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Origin
[2012.02.10 17:23:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.02.23 13:58:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pokerth
[2012.03.03 00:17:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RotMG.Production
[2012.02.11 20:23:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Solveig Multimedia
[2012.04.11 18:58:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.02.21 00:07:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2012.03.23 15:37:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\yWorks
[2012.04.11 20:02:22 | 000,000,000 | ---D | M] -- C:\Users\***H\AppData\Roaming\.minecraft
[2012.04.06 13:17:45 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.04.2012 18:07:42 - Run 2
OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 52,89% Memory free
7,98 Gb Paging File | 5,37 Gb Available in Paging File | 67,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 905,41 Gb Total Space | 681,30 Gb Free Space | 75,25% Space Free | Partition Type: NTFS
Drive D: | 25,00 Gb Total Space | 19,26 Gb Free Space | 77,02% Space Free | Partition Type: NTFS
Drive E: | 5,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{153C0FD7-E670-4572-8C71-4FC9ACFD4A1A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{21483B2D-4E69-41F2-9187-27298DA69C87}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3D0F76DE-4557-43D1-A899-F8B0500ED51F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{515CDD51-7955-4BD6-A25F-F7C217D48960}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6C3B9F5C-8380-4133-9C9D-376BDE9E7D61}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{6FFAE0A0-55DB-4A4A-A5CC-D5AA053C2638}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7DBAA3C1-D6C5-4B37-9856-3BD1BC386612}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7E414E29-2FE5-4364-AF8E-F158E99914D2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{83D87029-BA02-407D-8D78-145B32FDE385}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B49659FF-9865-41C5-A68E-8C6BD8486F4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BAC2E2FE-B3BA-4FC8-923E-90DC5589185E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{EAD73776-F520-4C49-8199-3971AC4FDA21}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FB667122-6E7E-41C2-A27E-61B9323F27F6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005CCA91-7C4E-453B-86E6-60986E4DBA1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0168A664-9DB3-4B27-B714-32B35CD66BDF}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{0521559D-97F5-4B6F-9926-69E27361E45C}" = protocol=6 | dir=out | app=system | 
"{08F2B64B-F71E-454F-A318-B325D2779023}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{1166DD5A-ECFE-4FDB-A954-840C82B1E8BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{12CE71E3-6222-4AF9-87C5-01408025C9C5}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{1319BF58-1B26-407F-A422-76E59F1AC015}" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"{14DE6E41-91CE-46E4-A89A-10DA75F86A41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{172ECA33-00E9-4021-A95B-060143B9C314}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{2AF09565-5102-4410-9009-20C7036729A9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{2CD00C56-A80D-44C1-B713-FF19173393FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{2DAD5CE0-A99E-4853-B734-A1588CAC56BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe | 
"{320B0550-02DC-4F66-BE42-54660DE655FC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{369BE4FC-1604-4592-A46A-80143A8D5C3D}" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe | 
"{36F2B22D-AEE5-4630-91CC-D3B7D7CC564C}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{398357D0-B56A-4D9C-8173-E29C0B6D3EE2}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{3A9D4838-EA54-4CE8-851C-95B9BBDFA496}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{3AFF7186-3227-4A1A-BD5A-A14A0F760789}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\king_of_the_dark\counter-strike source\hl2.exe | 
"{439A3D7B-6D5C-463C-A8CE-CD72A6F9878F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{4653E739-B9D6-4BE3-A274-50981C9D44EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{47615818-8182-48D0-8E98-FC02811FB7FC}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{482B21C2-C1A9-4DA6-9FAA-95D031B41C68}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe | 
"{48CA08A0-E598-4854-99E8-D7CF1A3341BA}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{499EFEB2-D82E-4EE2-8227-4C71264E0886}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | 
"{4C2CD035-59BA-4894-BD79-B7FE553615BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{4CB19721-A2DE-4BCE-BCF1-E0AF8960747E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{5143AB4D-0D93-4089-8226-59B090DD4224}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{51934C45-23F2-4686-83CE-5CCEAB29F126}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"{51BC32CF-A7F9-4AE7-8F8B-ABC2EE474BF7}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"{531BADBE-1C9F-4A77-8CD5-0BCF1958C24C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{53BBB79B-3F0F-435C-A74D-C891F082F00A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{55192D7F-A00C-4EE1-B1A1-6EF0BDD5C351}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe | 
"{5C1FA738-396E-43AD-BC8B-5FF59946FA55}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6621F89A-E01C-4961-B295-EF23F78D55F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | 
"{66C50222-2AA5-4EF6-A19D-3E8E5C5BB889}" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe | 
"{67E5D43C-20A5-43C2-9863-BFE46E1E002E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsxhd\launcher.exe | 
"{6826EFF8-9BFD-4736-87F0-B2FFDDDD07FE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{6E3B2B2B-A176-4A42-96A2-9060ED78C104}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\king_of_the_dark\counter-strike source\hl2.exe | 
"{71602CB9-18FC-4195-A884-E3E50B82DF3F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{728D45CF-500A-4346-B3CC-820FF336F5ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\support\ea help\electronic_arts_technical_support.htm | 
"{7474C726-9EED-486A-B797-82B590E30B11}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{74EBD407-6084-415F-B6BD-AD88CCC125AC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{79AB43D3-69A6-4A91-AD28-35F7565A7559}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{7BCC43BC-D4B7-4FEE-98B9-0B2E6B124B70}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{7BF8C8F9-4C6C-4197-A2A8-4401178C8D66}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{7DE6A1D9-0691-4283-8269-5DB4E8B073D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe | 
"{7E205046-3A9D-47D7-AC44-758B0CD1C2C4}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{82795455-07AB-4EF0-B9AC-4CAC8C4CB5A1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{832E8F3E-3676-49AF-B11D-B87BD12F9325}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8596C370-1201-4020-8766-046A2FA8C7AD}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"{85BD09A3-B85F-44C9-98BF-7522C47F115C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{85C26BEC-DC45-4D63-B552-E7836AB91231}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{85EBF4E5-91C9-45BB-BF9A-C03FD87B34AA}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe | 
"{8B01D029-48E2-446E-A866-849037F378D3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{8BD9730E-EE8E-44B0-B91B-0481B3A9E194}" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"{901DA16E-AF62-4E72-AC83-0A35B54FD5E3}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{91E3B3AD-52D9-4BDD-A96D-73C7A3290F5E}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{94F4CFFC-43E0-47A9-8A3D-6A8862C9467C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"{9742CCB8-5A45-4A7A-8C20-A94689FCA9A6}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{9AF7EDE5-1072-4604-9484-C72DFF40B3C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wormsxhd\launcher.exe | 
"{9E7FEE9B-832F-4769-83E7-A6D615E42809}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{A27023B1-E0CD-4F58-9B34-107F436DC16F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A339A3A7-2D31-400B-AA25-9EB6274D899C}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{A34249F8-26AC-46BE-822E-793A1094F98A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A3A0D55A-D4E1-4F5A-B94E-D07962CF9770}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{A581A37C-FEC6-4470-BE5B-9B202B41F5AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{AB5E2B5B-6727-42F6-98D7-4BD51A5D9D6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AD8CB3F5-08F4-400C-9848-8F194412C2CD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40kwa.exe | 
"{AEE3AE9F-4C7D-4ABD-B044-0E162756BF45}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe | 
"{B16B187A-04AA-4DC3-A315-6A6226DE8254}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysis.exe | 
"{B32556B4-5227-48D0-972B-056224C1F97F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{B398EC8D-16D0-4FB3-89B6-E3B33992C55E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{B73B1B58-58BA-4010-9382-FA5E84772EC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BA21E153-DC04-4160-80DD-93EE12AD02F3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin64\crysisdedicatedserver.exe | 
"{BBEF4AEB-0353-44E3-AA03-4ECC3BC518B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{BD65B859-31FB-44D0-A5BE-50E7C4729A48}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{BD6DDD12-157B-4526-95A4-22EC9A31660C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{C091F68E-BDC1-476F-9D01-BE227EC78B66}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"{C49B1053-C4A7-4433-914A-955DF211D41C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{CD96534D-6434-4651-BF0B-0CC4CEAB12D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe | 
"{CE5474B8-EA1F-4B29-B9DC-6D7C20C47C96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CEA3BAA9-2C0C-4E3C-AB6E-55BCAC6275E8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D2EE11F2-0499-43AF-A2C9-D4341928C84D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis\bin32\crysis.exe | 
"{D4A2006A-8294-493B-8767-3B1AEB782FAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"{D6994DAE-D364-4BFB-B6EC-B1789ACA879B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{D7149CF0-F70C-463D-9B82-64DA3943488D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\defcon\defcon.exe | 
"{E07232B4-516A-4E90-AC13-CD0D1EFCA40F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe | 
"{E24D50CB-37D9-4A14-8718-0875022EFDD6}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{E4B511FC-7F14-4025-9A3D-3FC3E8093844}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{ED5586C6-2F24-4DDD-8E5B-71BFDC7FEC00}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EE1D54C2-3D19-48E3-9297-487597CD1FDC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dead space\dead space.exe | 
"{EF4AC209-76C9-4EA5-8713-F96FFA89F13A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe | 
"{F0691CD9-EBDA-4F04-811C-65F0D98D078E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war gold\w40k.exe | 
"{F124B8FB-23AD-4D79-A26F-69D818CC04F0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{F3882A5F-3951-44FD-99AB-F577B4D25A0B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{FAED8E1E-9AB2-4861-92B1-BE5479244B69}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war dark crusade\darkcrusade.exe | 
"{FE9D5C68-E0C2-4FA2-B2A4-1E17A62BF723}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{FFE9EE51-1D39-468D-B282-2ACCAB75549C}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"TCP Query User{10D2D198-A362-4D3E-BDBA-6DCD1EEED914}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{46198B5E-0ABC-4AC7-B06E-0F7B6CF6888C}C:\program files (x86)\yworks\yed\yed.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yworks\yed\yed.exe | 
"TCP Query User{465C7D16-4B80-4F0C-ABCF-F53C53E7B36D}C:\program files (x86)\steam\steamapps\king_of_the_dark\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\king_of_the_dark\counter-strike source\hl2.exe | 
"TCP Query User{46C0469E-2FC0-4C79-A0C8-CF2E19E50584}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{5A80683F-3A9C-4B4B-8833-168BD7B146E8}C:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"TCP Query User{800FAE8F-8B4E-4B52-A9E7-A13963504AC4}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{94BF903E-9F96-4385-8A1A-F2D69A7C5054}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"TCP Query User{D1B709E8-1F30-4DCD-86B2-80FD40D8EB93}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe | 
"TCP Query User{E1D58AC8-07C5-4967-B41B-747EC148BCCE}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{E61EFB94-1C7E-4AFD-AC1D-3BA3B5BF5095}C:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"TCP Query User{ED5F1EB5-34D1-46E7-8B9C-961C258DA34C}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"UDP Query User{076EF715-59BF-4097-9676-BD2C9AC05E1C}C:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe | 
"UDP Query User{1F9BB946-C354-48C5-920D-39785B8ABAFA}C:\program files (x86)\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{6EE4F3F3-AA22-433F-BF93-7B14D2D39AFF}C:\program files (x86)\yworks\yed\yed.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yworks\yed\yed.exe | 
"UDP Query User{6F0F2220-0830-4746-B0F5-CEDA81A37584}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{8222B271-ED12-4ED7-9AF0-E0FB52D33BDC}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe | 
"UDP Query User{8AA0C72E-6E3B-47F0-AA3A-005304D9251A}C:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"UDP Query User{BF6F8719-64BA-4140-AA0E-602E6A37946C}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{C64766B3-109E-4D35-8EC1-639F77729B9F}C:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\crytek\crysis 2\bin32\crysis2.exe | 
"UDP Query User{C7EA0B11-4D30-42FA-BF1B-9BBB3361E799}C:\program files (x86)\steam\steamapps\king_of_the_dark\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\king_of_the_dark\counter-strike source\hl2.exe | 
"UDP Query User{D7EAB46B-74D0-4770-90E7-65F1689CD55D}C:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"UDP Query User{FE9E88EB-E4E6-46D6-B47E-B20E65ECF406}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC3
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417003FF}" = Java(TM) 7 Update 3 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}" = AMD Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{EF393943-0CCE-9CD9-6181-96DF4E4428EF}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"C-Media CM106 Like Sound Driver" = MEDUSA NX USB 5.1 Gaming Headset
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09D72100-CAC9-42BF-AD52-47F784C92DB6}" = LibreOffice 3.5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
"{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
"{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
"{15F52B39-04CB-4EDB-9A8C-496C4A5588E2}" = Rayman 3
"{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
"{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
"{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
"{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1" = Driver Sweeper Version 3.2.0
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
"{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
"{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
"{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
"{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = Catalyst Control Center
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
"{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
"2385-9868-7018-1536" = Cinderella2 2.6
"3309-7404-0599-8908" = yEd Graph Editor 3.9
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"GeoGebra" = GeoGebra
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Opera 11.61.1250" = Opera 11.61
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"Revo Uninstaller" = Revo Uninstaller 1.93
"StarCraft II" = StarCraft II
"Steam App 113200" = The Binding Of Isaac
"Steam App 1250" = Killing Floor
"Steam App 1522" = DEFCON Demo
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 17470" = Dead Space
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 211" = Source SDK
"Steam App 218" = Source SDK Base 2007
"Steam App 22600" = Worms Reloaded
"Steam App 240" = Counter-Strike: Source
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 40800" = Super Meat Boy
"Steam App 40810" = Super Meat Boy Editor
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42910" = Magicka
"Steam App 4560" = Company of Heroes
"Steam App 4570" = Warhammer 40,000: Dawn of War Gold Edition
"Steam App 4580" = Warhammer 40,000: Dawn of War – Dark Crusade
"Steam App 550" = Left 4 Dead 2
"Steam App 70600" = Worms Ultimate Mayhem
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 9310" = Warhammer 40,000: Dawn of War – Winter Assault
"TmNationsForever_is1" = TmNationsForever
"VLC media player" = VLC media player 2.0.0
"Warcraft III" = Warcraft III
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"XMedia Recode" = XMedia Recode 3.0.8.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GameMaker81" = GameMaker 8.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.04.2012 13:01:42 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 25.04.2012 13:10:25 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 25.04.2012 13:10:25 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 25.04.2012 13:10:30 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 25.04.2012 13:10:35 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 25.04.2012 13:10:35 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 25.04.2012 13:10:39 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 25.04.2012 13:10:39 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 26.04.2012 07:42:14 | Computer Name = *** | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 26.04.2012 09:50:36 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm MovieMaker.exe, Version 15.4.3538.513 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: dc0    Startzeit: 01cd23b0e774fb90    Endzeit: 93    Anwendungspfad: 
C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe    Berichts-ID: c9f16ee8-8fa6-11e1-ae98-4061868d1dba

 
[ System Events ]
Error - 20.04.2012 14:12:08 | Computer Name = *** | Source = bowser | ID = 8003
Description = 
 
Error - 20.04.2012 16:27:45 | Computer Name = *** | Source = bowser | ID = 8003
Description = 
 
Error - 20.04.2012 18:44:37 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 20.04.2012 18:44:37 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 21.04.2012 07:39:16 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 PnkBstrB erreicht.
 
Error - 21.04.2012 07:39:16 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PnkBstrB" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1053
 
Error - 21.04.2012 11:23:39 | Computer Name = *** | Source = bowser | ID = 8003
Description = 
 
Error - 22.04.2012 09:58:44 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Hi-Rez Studios Authenticate and Update Service erreicht.
 
Error - 25.04.2012 09:42:58 | Computer Name = *** | Source = bowser | ID = 8003
Description = 
 
Error - 25.04.2012 14:39:31 | Computer Name = *** | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
         
--- --- ---

Alt 26.04.2012, 17:32   #10
flaaghuhn
 
Malwarebytes findet PUP.funmoods in Registry - Standard

Malwarebytes findet PUP.funmoods in Registry



Es geht wohl doch. Entschuldige bitte das Doppelposting, aber ich denke, wenn ich es hochlade ist es wohl schöner für den Thread. Die Files mit der "2" nach dem Namen stehen für die Files des Custom Scans.

Alt 26.04.2012, 20:05   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes findet PUP.funmoods in Registry - Standard

Malwarebytes findet PUP.funmoods in Registry



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/web?l=dis&o=16552&gct=hp&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=2491552175464200&p2=^A9T^YYYYYY^YY^DE
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 11 16 23 F6 E7 CC 01  [binary data]
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\..\SearchScopes,DefaultScope = {8F6E9A62-677B-4386-BBA9-DCCFAE0FA647}
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\..\SearchScopes\{8F6E9A62-677B-4386-BBA9-DCCFAE0FA647}: "URL" = http://start.funmoods.com/results.php?f=4&a=make&q={searchTerms}
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\..\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}: "URL" = http://eu.ask.com/web?l=dis&o=16552&gct=sb&qsrc=2869&apn_dtid=^YYYYYY^YY^DE&apn_ptnrs=^A9T&apn_uid=2491552175464200&p2=^A9T^YYYYYY^YY^DE&q={searchTerms}
IE - HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\..\SearchScopes\{C346F459-10D6-4C3F-84C9-08F57493FBF2}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
[2012.02.21 00:01:05 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yf79f88y.default\extensions\ffxtlbr@funmoods.com
[2012.02.21 00:01:04 | 000,001,798 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\yf79f88y.default\searchplugins\funmoods.xml
[2012.04.16 14:53:20 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml
O3 - HKLM\..\Toolbar: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.04.2012, 20:50   #12
flaaghuhn
 
Malwarebytes findet PUP.funmoods in Registry - Standard

Malwarebytes findet PUP.funmoods in Registry



So, wurde durchgeführt. Ich habe jedoch leider vergessen, das Ausgesternte bei den Pfaden zu ersetzen (war halt nunmal recht spät, habe die Commands eingefügt und leider gleich auf den "Fix"-Button gedrückt, obwohl ich noch das Ausgesternte ersetzen wollte -.-). Ist das arg schlimm?^^

Ansonsten hier der Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2842318390-2146100648-1265770860-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
HKEY_USERS\S-1-5-21-2842318390-2146100648-1265770860-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2842318390-2146100648-1265770860-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2842318390-2146100648-1265770860-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8F6E9A62-677B-4386-BBA9-DCCFAE0FA647}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F6E9A62-677B-4386-BBA9-DCCFAE0FA647}\ not found.
Registry key HKEY_USERS\S-1-5-21-2842318390-2146100648-1265770860-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}\ not found.
Registry key HKEY_USERS\S-1-5-21-2842318390-2146100648-1265770860-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C346F459-10D6-4C3F-84C9-08F57493FBF2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C346F459-10D6-4C3F-84C9-08F57493FBF2}\ not found.
Folder C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yf79f88y.default\extensions\ffxtlbr@funmoods.com\ not found.
File C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\yf79f88y.default\searchplugins\funmoods.xml not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 80276366 bytes
->Temporary Internet Files folder emptied: 10462124 bytes
->Java cache emptied: 309125 bytes
->FireFox cache emptied: 1125662584 bytes
->Google Chrome cache emptied: 7505415 bytes
->Opera cache emptied: 14455840 bytes
->Flash cache emptied: 10451 bytes
 
User: ****
->Temp folder emptied: 34721 bytes
->Temporary Internet Files folder emptied: 1145968 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49073 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 558 bytes
RecycleBin emptied: 257714 bytes
 
Total Files Cleaned = 1.183,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: ***
->Flash cache emptied: 0 bytes
 
User: ***H
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.1 log created on 04262012_211823

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 26.04.2012, 21:04   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes findet PUP.funmoods in Registry - Standard

Malwarebytes findet PUP.funmoods in Registry



Ja den Fix musst du wiederholen, die Sternchen zurückeditieren
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.04.2012, 12:05   #14
flaaghuhn
 
Malwarebytes findet PUP.funmoods in Registry - Standard

Malwarebytes findet PUP.funmoods in Registry



So, den habe ich wiederholt.

Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2842318390-2146100648-1265770860-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2842318390-2146100648-1265770860-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
HKEY_USERS\S-1-5-21-2842318390-2146100648-1265770860-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2842318390-2146100648-1265770860-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2842318390-2146100648-1265770860-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8F6E9A62-677B-4386-BBA9-DCCFAE0FA647}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F6E9A62-677B-4386-BBA9-DCCFAE0FA647}\ not found.
Registry key HKEY_USERS\S-1-5-21-2842318390-2146100648-1265770860-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}\ not found.
Registry key HKEY_USERS\S-1-5-21-2842318390-2146100648-1265770860-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C346F459-10D6-4C3F-84C9-08F57493FBF2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C346F459-10D6-4C3F-84C9-08F57493FBF2}\ not found.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yf79f88y.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yf79f88y.default\extensions\ffxtlbr@funmoods.com\content\imgs folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yf79f88y.default\extensions\ffxtlbr@funmoods.com\content folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yf79f88y.default\extensions\ffxtlbr@funmoods.com folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\yf79f88y.default\searchplugins\funmoods.xml moved successfully.
File C:\Program Files (x86)\mozilla firefox\searchplugins\ask.xml not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 7010 bytes
->Temporary Internet Files folder emptied: 1957620 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62306479 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 901 bytes
 
User: ***H
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3994 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 439260 bytes
 
Total Files Cleaned = 62,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: ***
->Flash cache emptied: 0 bytes
 
User: ****
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.1 log created on 04272012_130023

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 27.04.2012, 14:08   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malwarebytes findet PUP.funmoods in Registry - Standard

Malwarebytes findet PUP.funmoods in Registry



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Malwarebytes findet PUP.funmoods in Registry
100%, adware, anhang, anti-malware, antwort, avast, clean, dahinter, einträge, free, gelöscht, guten, heute, infizierte, logfiles, malwarebytes, natürlich, programm, registry, schutz, schädlinge, system, unternehmen, wissen, würde



Ähnliche Themen: Malwarebytes findet PUP.funmoods in Registry


  1. Malwarebytes findet PUP
    Plagegeister aller Art und deren Bekämpfung - 31.07.2015 (30)
  2. Avast findet Virus und Malwarebytes findet Viren
    Plagegeister aller Art und deren Bekämpfung - 12.03.2014 (7)
  3. Win 8.1 64bit JRT & Malwarebytes melden unlöschbare Registry Einträge Seitenaufruf
    Log-Analyse und Auswertung - 05.03.2014 (10)
  4. Kaspersky findet 7 Trojaner, kann aber nur 2 verarbeiten - malwarebytes findet nichts
    Plagegeister aller Art und deren Bekämpfung - 18.12.2013 (6)
  5. AVG findet 32 Rootkits,kann sie aber nicht eliminieren ,Malwarebytes findet nichts
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (5)
  6. Malwarebytes bereibigt "PUP.Optional.xxx.A", aber AdwCleaner findet noch was in der Registry
    Log-Analyse und Auswertung - 14.10.2013 (13)
  7. Win XP - AntiMalware findet PUM.hijack.startmenu in der Registry
    Log-Analyse und Auswertung - 25.08.2013 (8)
  8. CCleaner findet Registry Einträge die ich nicht löschen kann ? InProcserver32...
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (5)
  9. Mehrere Funde von Malwarebytes: Hauptsächlich Registry keys!
    Log-Analyse und Auswertung - 15.06.2013 (25)
  10. avast findet JS:Downloader-blr, malwarebytes findet Exploit.Drop.GSA
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (6)
  11. Funde von Malwarebytes (5 REgistry Keys, 2 Files)
    Plagegeister aller Art und deren Bekämpfung - 22.12.2012 (25)
  12. AntiVir findet nichts doch Malwarebytes findet 22 infizierte Dateien
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (21)
  13. Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!
    Log-Analyse und Auswertung - 09.01.2012 (17)
  14. Trojan Hunt findet die Trojaner sinowal.727 und agent.28. Malwarebytes findet nichts?
    Plagegeister aller Art und deren Bekämpfung - 15.11.2011 (1)
  15. Malwarebytes' Anti-Malware findet PUM.Hijack.StartMenu in Registry
    Log-Analyse und Auswertung - 27.09.2011 (10)
  16. Trojaner WINDOWS Registry (?) mit malwarebytes entfernt
    Log-Analyse und Auswertung - 26.04.2011 (1)
  17. Helios findet Registry Einträge. Rootkit?
    Plagegeister aller Art und deren Bekämpfung - 16.05.2009 (0)

Zum Thema Malwarebytes findet PUP.funmoods in Registry - Guten Abend, ich habe heute mein System mit Malwarebytes Anti-Malware durchsucht und es hat gleich vier infizierte Objekte in der Registry gefunden, alle mit der Bezeichnung "PUP.funmoods". Ich habe natürlich - Malwarebytes findet PUP.funmoods in Registry...
Archiv
Du betrachtest: Malwarebytes findet PUP.funmoods in Registry auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.