Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.05.2012, 16:57   #1
MixxdKhaos
 
JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Standard

JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner



Hallo, ich benutze derzeit G Data InternetSecurity 2013.
Eben gerade hab ich einen Virenscan durchgeführt und es kam ein Virenfund bei raus.
Diesen Virus hab ich dann mit der Aktion löschen beseitigt.
Danach hab ich mit CCleaner noch meine Daten gelöscht.

Was ist das für ein Virus?
Ist er gefährlich?
Ist er nach dem löschen wirklich komplett entfernt?

Hier der Virus:
Archiv: 5FD14d01
Pfad: C:\Users\EliteKhaos\AppData\Local\Mozilla\Firefox\Profiles\fcq3glza.default\Cache\6\85
Status: Virus, Datei gelöscht
Virus: JS:Redirector-VI [Trj] (Engine B)
Objekt: {gzip}
In Archiv: C:\Users\EliteKhaos\AppData\Local\Mozilla\Firefox\Profiles\fcq3glza.default\Cache\6\85\5FD14d01
Status: Virus gefunden
Virus: JS:Redirector-VI [Trj] (Engine B)


Falls noch Fragen vorhanden sind, stellt sie mir.

MfG
MixxdKhaos

Alt 26.05.2012, 22:24   #2
kira
/// Helfer-Team
 
JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Standard

JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware von hier herunter
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • CCleaner starten
  • klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 26.05.2012, 23:20   #3
MixxdKhaos
 
JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Standard

JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner



Mit Malwarebytes hab ich schon ein Scan durchgeführt und hat nichts gefunden, keine vorhandenen Infektionen.

OTL:
OTL
Code:
ATTFilter
OTL logfile created on: 26.05.2012 23:08:16 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = ****) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: *** | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,34 Gb Available Physical Memory | 55,80% Memory free
11,98 Gb Paging File | 9,01 Gb Available in Paging File | 75,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 705,10 Gb Total Space | 560,99 Gb Free Space | 79,56% Space Free | Partition Type: NTFS
Drive L: | 225,31 Gb Total Space | 206,92 Gb Free Space | 91,84% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\EliteKhaos\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Users\EliteKhaos\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
PRC - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
PRC - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Origin\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\Origin\QtXmlPatterns4.dll ()
MOD - C:\Program Files (x86)\Origin\QtXml4.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qtiff4.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qico4.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Origin\QtGui4.dll ()
MOD - C:\Program Files (x86)\Origin\QtCore4.dll ()
MOD - C:\Program Files (x86)\Origin\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Users\EliteKhaos\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (GDFwSvc) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG)
SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AVKWCtl) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG)
SRV - (AVKService) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (CGVPNCliSrvc) -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe (AVM Berlin)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)
DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G Data Software AG)
DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)
DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)
DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)
DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys (G Data Software AG)
DRV:64bit: - (GdNetMon) -- C:\Windows\SysNative\drivers\GdNetMon64.sys (G Data Software AG)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (fwlanusb4) -- C:\Windows\SysNative\drivers\fwlanusb4.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 DC 9F F4 D5 D7 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{19DC46F4-06D1-41E4-BAB7-C4665A6707F1}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.04 19:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.22 01:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Extensions
[2012.05.21 21:14:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions
[2012.05.21 21:14:52 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.05.18 02:02:03 | 000,000,000 | ---D | M] (WOT) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.01.31 16:04:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.30 18:36:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.04 19:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.23 16:10:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.05.22 22:20:11 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.05.21 15:31:42 | 000,524,264 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.01.22 01:37:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.12 01:51:15 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.04.23 17:29:56 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2012.05.04 19:48:03 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.04 19:48:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.04 19:48:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.05.04 19:48:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.04 19:48:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.05.04 19:48:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.04 19:48:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Turn Off the Lights = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.36_0\
CHR - Extension: WOT = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.10_0\
CHR - Extension: YouTube = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: AdBlock = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.13_0\
CHR - Extension: Skype Click to Call = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\EliteKhaos\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\EliteKhaos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\EliteKhaos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDD649AA-03C7-4426-931F-D29041BF67BA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.26 19:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.05.26 17:25:24 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\Desktop\festplatte
[2012.05.24 12:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.05.24 12:17:33 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.05.24 12:17:33 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.05.24 12:17:33 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.05.24 12:17:33 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.05.24 12:17:33 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012.05.24 12:17:33 | 000,949,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.05.24 12:17:33 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.05.24 12:17:33 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.05.24 12:17:33 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.05.24 12:17:33 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012.05.24 12:17:33 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.05.24 12:17:32 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.05.24 12:17:32 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.05.24 12:17:32 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.05.24 12:17:32 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.05.24 12:17:32 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.05.24 12:17:32 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.05.24 12:17:32 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.05.24 12:17:32 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.05.24 12:17:32 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.05.24 12:17:32 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.05.24 12:17:32 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.05.24 12:17:32 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.05.24 12:17:32 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012.05.24 12:17:32 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012.05.24 12:14:35 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.05.24 12:14:34 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.05.24 12:14:34 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.05.24 12:14:34 | 002,561,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.05.24 12:14:33 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.05.24 12:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.05.24 11:37:57 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\AppData\Roaming\LolClient2
[2012.05.24 11:08:35 | 211,927,944 | ---- | C] (NVIDIA Corporation) -- C:\Users\EliteKhaos\Desktop\301.42-desktop-win7-winvista-64bit-international-whql.exe
[2012.05.22 22:20:11 | 000,010,760 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll
[2012.05.19 15:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.19 15:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.19 15:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.16 22:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.16 22:43:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.13 17:32:45 | 008,769,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.13 17:24:33 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.10 14:42:20 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.10 14:42:13 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.10 14:42:12 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.10 14:42:11 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.04 19:48:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.04 19:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.02 21:20:10 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.05.01 13:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
[2012.05.01 13:41:47 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.05.01 13:41:42 | 000,031,448 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.26 23:09:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.26 22:30:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.26 22:21:00 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.05.26 22:21:00 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.26 22:20:36 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.05.26 20:45:43 | 000,655,070 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.05.26 20:45:43 | 000,040,122 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.05.26 20:09:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.26 19:35:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.26 19:32:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.26 19:32:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.26 19:25:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.26 19:25:00 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.26 19:09:20 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.05.26 18:35:55 | 001,621,682 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.26 18:35:55 | 000,699,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.26 18:35:55 | 000,654,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.26 18:35:55 | 000,149,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.26 18:35:55 | 000,122,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.26 15:49:29 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.05.24 12:01:31 | 211,927,944 | ---- | M] (NVIDIA Corporation) -- C:\Users\EliteKhaos\Desktop\301.42-desktop-win7-winvista-64bit-international-whql.exe
[2012.05.23 14:57:05 | 000,059,768 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.05.22 22:20:38 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.05.22 22:20:12 | 000,122,744 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.05.22 22:20:12 | 000,054,136 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.05.22 22:20:11 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.05.18 22:08:04 | 006,220,854 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\geiles Spiel.bmp
[2012.05.17 21:55:59 | 000,087,641 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\398842_10150969314770259_265621635258_12348106_135464571_n.jpg
[2012.05.16 22:43:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.15 12:48:00 | 025,743,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.05.15 12:48:00 | 025,248,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.05.15 12:48:00 | 019,607,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.05.15 12:48:00 | 018,044,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.05.15 12:48:00 | 017,551,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.05.15 12:48:00 | 015,322,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.05.15 12:48:00 | 010,194,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.05.15 12:48:00 | 008,139,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.05.15 12:48:00 | 008,105,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.05.15 12:48:00 | 005,982,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.05.15 12:48:00 | 002,881,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.05.15 12:48:00 | 002,741,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.05.15 12:48:00 | 002,681,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.05.15 12:48:00 | 002,524,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.05.15 12:48:00 | 002,445,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.05.15 12:48:00 | 002,368,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.05.15 12:48:00 | 001,738,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.05.15 12:48:00 | 001,468,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012.05.15 12:48:00 | 000,949,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.05.15 12:48:00 | 000,818,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.05.15 12:48:00 | 000,364,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012.05.15 12:48:00 | 000,301,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012.05.15 12:48:00 | 000,246,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.05.15 12:48:00 | 000,202,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.05.15 12:48:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.05.15 12:48:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.05.15 12:48:00 | 000,014,324 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.05.15 11:29:46 | 002,561,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.05.15 11:29:46 | 000,118,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.05.15 11:29:46 | 000,063,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.05.15 11:29:45 | 002,621,723 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.05.15 11:29:25 | 003,149,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.05.15 11:28:42 | 006,151,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.05.15 02:21:50 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.14 21:45:56 | 000,000,219 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Dota 2.url
[2012.05.14 17:44:53 | 001,445,562 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Foto0229.jpg
[2012.05.14 17:44:50 | 001,390,320 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Foto0230.jpg
[2012.05.13 17:32:56 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.13 17:32:56 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.13 17:32:45 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.12 20:42:36 | 000,029,874 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\IMG324.jpg
[2012.05.10 16:03:41 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.06 16:46:01 | 000,049,548 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\36590_298249763590954_161202623962336_682640_1426911667_n.jpg
[2012.05.01 13:41:42 | 000,031,448 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys
[2012.05.01 13:41:32 | 000,002,134 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.04.29 13:42:32 | 002,760,171 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\IMG_1755.JPG
[2012.04.29 13:37:14 | 002,831,195 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\IMG_1754.JPG
[2012.04.28 16:02:16 | 000,045,222 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\tine4_5g.jpg
[2012.04.27 14:30:36 | 000,058,913 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\530357_367728056606143_100001068567100_984304_1770564142_n.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.26 19:09:20 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.05.26 19:08:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.26 19:08:45 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.24 12:19:01 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.05.18 22:08:04 | 006,220,854 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\geiles Spiel.bmp
[2012.05.17 21:55:59 | 000,087,641 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\398842_10150969314770259_265621635258_12348106_135464571_n.jpg
[2012.05.16 22:43:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.14 21:45:56 | 000,000,219 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Dota 2.url
[2012.05.14 17:44:24 | 001,445,562 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Foto0229.jpg
[2012.05.14 17:44:24 | 001,390,320 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Foto0230.jpg
[2012.05.13 17:24:33 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.12 20:42:22 | 000,029,874 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\IMG324.jpg
[2012.05.06 16:46:01 | 000,049,548 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\36590_298249763590954_161202623962336_682640_1426911667_n.jpg
[2012.05.01 13:41:32 | 000,002,134 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.04.29 13:39:27 | 002,831,195 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\IMG_1754.JPG
[2012.04.29 13:39:27 | 002,760,171 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\IMG_1755.JPG
[2012.04.28 16:02:16 | 000,045,222 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\tine4_5g.jpg
[2012.04.27 14:30:34 | 000,058,913 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\530357_367728056606143_100001068567100_984304_1770564142_n.jpg
[2012.03.31 15:17:49 | 000,017,408 | ---- | C] () -- C:\Users\EliteKhaos\AppData\Local\WebpageIcons.db
[2012.03.31 12:04:11 | 000,034,067 | ---- | C] () -- C:\ProgramData\1333188245.bdinstall.bin
[2012.03.31 12:00:31 | 000,105,309 | ---- | C] () -- C:\ProgramData\1333187960.bdinstall.bin
[2012.03.30 12:37:05 | 000,643,126 | ---- | C] () -- C:\ProgramData\1333101582.bdinstall.bin
[2012.03.22 18:37:29 | 000,171,408 | ---- | C] () -- C:\ProgramData\1332434173.bdinstall.bin
[2011.12.10 23:23:50 | 000,007,660 | ---- | C] () -- C:\Users\EliteKhaos\AppData\Local\Resmon.ResmonCfg
[2011.10.13 22:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.10.07 17:09:21 | 000,100,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.07.19 17:35:10 | 001,598,576 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.18 11:50:14 | 000,655,070 | ---- | C] () -- C:\Windows\SysWow64\sig.bin

< End of report >
         
Extras:
Code:
ATTFilter
OTL Extras logfile created on: 26.05.2012 23:08:17 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: *** | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,34 Gb Available Physical Memory | 55,80% Memory free
11,98 Gb Paging File | 9,01 Gb Available in Paging File | 75,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 705,10 Gb Total Space | 560,99 Gb Free Space | 79,56% Space Free | Partition Type: NTFS
Drive L: | 225,31 Gb Total Space | 206,92 Gb Free Space | 91,84% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AA84BC-DC77-47A1-9867-7527FE178BDB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{08B15CB0-A7E2-45D8-BB1D-3324FD1D0D01}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{104D41F5-757B-48D1-93C2-0228FF4BBE35}" = rport=138 | protocol=17 | dir=out | app=system | 
"{105B5D00-537D-4E07-A32C-CAF3FB4ED825}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{29C893DB-9B59-4647-ACF4-610A18D9C220}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2E90111D-A274-4987-8321-B5734178193D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{347CB284-1C35-4925-B0A0-93F5A2808155}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3ED47800-2616-41BB-ACFF-88B562673543}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50DB9B01-D717-4A34-B541-DAC3F937088C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5645A018-F8BE-45CA-AB4C-53FC00D4E8A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{58DA98F8-C638-49A2-B01D-48EE5A78E6DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5925994B-4A22-4307-BBC3-F33708C6B796}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5F2ED97F-1766-4404-8490-56F3FD47C887}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7434D30C-688C-45FF-B1B2-FB109DC6384E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8E64B1D6-86F6-40AC-BA3E-AC811E47C990}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{92C584E9-67A8-4CB0-8191-2981078C8FCE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9D3BCCFE-7E1D-43EC-84BC-A15DBE6C5DBA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9F247645-D2F6-46C1-8290-0565E7E5409C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BF85A3FC-84EA-4F5B-9440-38037884B5FA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{E10700B1-7263-458B-A776-E765EF1B5E90}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F145B88C-776F-4BB4-9FA6-AF0634ECD40E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F57DB9FA-EF95-4785-8EFC-CE15393E777B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F8C871B7-4C6E-438D-A5FD-7A78DBAE7BEC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FE0C6115-1683-4083-B011-3A952B5A0E8A}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F5A12A-64D8-4D0B-A3E0-508220EA3BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{0608386A-FF1C-4BB0-9D50-91E8F3E8E5C2}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{06429892-38E8-42F4-AEF9-324D1A19656C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{069120DA-A656-4B2F-87AC-F89BE5612D7D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0986DF7C-0647-4712-AFE2-44E03477BD72}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{0A2E75BE-038F-4649-A2E3-1F4711D6FE16}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0B5C3048-56FD-48C1-8AE7-DDFB51124D85}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0F17D666-7E48-4812-A406-4B57FCD7C717}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{144F5479-59F9-4F26-BBD2-FE6E9964A740}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{16FFAA17-C3BC-4490-A272-5BF820CB5749}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1AA5A23F-5E8D-49E1-8508-451DD1D406F8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{2136DBD1-FD25-4BE4-B170-F116D644ED9E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{24A50211-6234-4BB3-859F-F397C50EDA78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{25445A28-40B3-46EF-AAAA-20BEDB58244A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{2DFB9AAC-00C0-4DCE-B985-57074D20098E}" = protocol=6 | dir=out | app=system | 
"{315D0801-8A80-41BB-A727-BF419A7168DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe | 
"{403579AF-109C-407B-B213-3A8B6D2120EF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4233E9BB-24A6-4482-A568-2B2C48F00828}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{468B7FC7-2C0A-4544-B0B8-21820F7FEF69}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4C03B504-FDFF-488E-8EE8-8383471FDB38}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{530EE76C-6891-409E-99ED-C3C16A28F6E7}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{54D36BE8-9C4F-4342-9EBA-63F2071D3B50}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{6393E8CD-E150-4662-8571-D7DB21CD5121}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{71415946-14E9-4704-9BDC-722649CAD360}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{727157BE-7349-4A5E-ADC4-A8356876ABFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{751E5168-CAD3-46A4-B962-AA3948C06479}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{7A0AEEED-8596-4615-8291-5FD900EEFD44}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7A9D0C65-22BD-4EDF-9D10-380B14F5DDB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C915F83-76E7-4440-97B2-8E7CAEEBDF42}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{7E5D6D6C-36AC-4740-A580-FB58E826452B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{83BFC6B5-12C7-4409-99B9-60EB9AF2F18C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8DDFE914-1BB6-48D1-814A-8327146B3FAB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{938A7F02-065A-4CC2-97B5-B8E4FD75E3AA}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{957DDE6E-1516-4619-9D37-E70390BFCE82}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{9DABA9ED-7320-4F16-B6DE-7686AB888794}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe | 
"{A31B3E28-71E6-4BF4-B555-EA13B4B081C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{A5620EA6-97E3-45C3-81F8-213BAFC77F4E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A79069E5-4F4A-485F-971F-731D9DA9B369}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{AD4A092E-7636-4B46-B373-90BE438F00D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ADC44675-B783-49DD-BF21-01F932819EB7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE49FC42-B307-4021-B602-03AEE0D261F2}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{AE897A1D-53C6-4D09-994C-1CA306CCFB9F}" = protocol=6 | dir=in | app=c:\users\elitekhaos\appdata\roaming\spotify\spotify.exe | 
"{BA4D3E7C-AB85-44CC-8471-8B15C61FD750}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{BD132494-08CB-4E04-95A7-637AEAD70073}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C12FC598-9434-4D8B-8637-CC5598F42F0B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C1805C4B-D979-4009-B7C9-8A7F5598E14A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{C426BD3E-BEC2-4F89-BB52-554D971E677C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{C7441C0F-D5F4-462A-9625-6DAEB25D52C0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C8F2BB62-6064-431F-87EC-FADA908D0812}" = protocol=17 | dir=in | app=c:\users\elitekhaos\appdata\roaming\spotify\spotify.exe | 
"{C90E4F11-425E-473F-80D5-F9E21FAA976E}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{CDC58BBA-70C8-4383-AC55-980EFABD5179}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{D60716E3-7C57-4E0E-8A1C-0594C51C4D30}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D7D75846-0785-4CF7-A5A7-F0E835587956}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E418F427-48D0-4FDC-A8E0-032EBA3C2DFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E998F48D-DD3C-4ADF-94CA-C6EF84F608BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0D600D8-C675-4B5C-A814-B7EF232ED6BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5C51D08-DED6-40D2-9150-3198277C23A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F687C8BD-9166-4BF2-B1AD-F4556AF9B1D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7B5FA31-C787-4EBF-AA48-331AAB7C96B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F9454E24-7AC2-42EB-A40C-1A989C187D08}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FF0C2A15-CEA4-4068-B779-925F6C9EF6E6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series" = Canon MX360 series MP Drivers
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"1489-3350-5074-6281" = JDownloader 0.9
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"Canon MX360 series Benutzerregistrierung" = Canon MX360 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.18
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.93
"Speed Dial Utility" = Canon Kurzwahlprogramm
"Steam App 12900" = Audiosurf
"Steam App 240" = Counter-Strike: Source
"Steam App 24010" = Train Simulator 2012
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 570" = Dota 2
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"VMware_Workstation" = VMware Workstation
"WinLiveSuite" = Windows Live Essentials
"Wubi" = Ubuntu
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.05.2012 06:13:05 | Computer Name = EliteKhaos-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8097
 
Error - 26.05.2012 06:13:05 | Computer Name = EliteKhaos-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8097
 
Error - 26.05.2012 06:52:11 | Computer Name = EliteKhaos-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Steam.exe, Version: 1.0.1065.11, 
Zeitstempel: 0x4d9b89de  Name des fehlerhaften Moduls: steamclient.dll, Version: 1.38.96.20,
 Zeitstempel: 0x4fb57060  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00294ebc  ID des fehlerhaften
 Prozesses: 0x189c  Startzeit der fehlerhaften Anwendung: 0x01cd3b2d26693e6c  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Steam\Steam.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Steam\steamclient.dll  Berichtskennung: d807b892-a720-11e1-819d-bc054303d6ea
 
Error - 26.05.2012 07:53:50 | Computer Name = EliteKhaos-PC | Source = Windows Installer 3.1 | ID = 921877
Description = 
 
Error - 26.05.2012 13:09:11 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.05.2012 13:20:14 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.05.2012 13:31:27 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.05.2012 13:35:31 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.05.2012 14:51:57 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 26.05.2012 16:20:39 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ System Events ]
Error - 01.05.2012 05:16:52 | Computer Name = ***| Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?01.?05.?2012 um 01:11:45 unerwartet heruntergefahren.
 
Error - 03.05.2012 09:08:32 | Computer Name = *** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 03.05.2012 09:08:32 | Computer Name = *** | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 15.05.2012 00:51:57 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 15.05.2012 00:51:57 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 22.05.2012 08:05:26 | Computer Name = *** | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.127.390.0)
 
Error - 26.05.2012 06:49:16 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 26.05.2012 06:49:16 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 26.05.2012 12:33:32 | Computer Name = *** | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst LanmanServer erreicht.
 
Error - 26.05.2012 12:34:02 | Computer Name = ***| Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WSearch erreicht.
 
 
< End of report >
         
Install:
Code:
ATTFilter
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	12.05.2012	6,00MB	11.2.202.235
Adobe Flash Player 11 Plugin 64-bit	Adobe Systems Incorporated	12.05.2012	6,00MB	11.2.202.235
Adobe Reader X (10.1.3) - Deutsch	Adobe Systems Incorporated	12.05.2012	121,3MB	10.1.3
Amazon MP3-Downloader 1.0.9		18.03.2012		
Apple Application Support	Apple Inc.	13.10.2011	61,2MB	2.1.5
Apple Mobile Device Support	Apple Inc.	13.10.2011	24,4MB	4.0.0.96
Apple Software Update	Apple Inc.	23.07.2011	2,38MB	2.1.3.127
Audiosurf	BestGameEver	23.12.2011		
AVM FRITZ!WLAN	AVM Berlin	16.07.2011		
Battlefield 3™	Electronic Arts	07.11.2011		1.0.0.0
Battlefield: Bad Company 2	DICE	01.11.2011		
Battlelog Web Plugins	EA Digital Illusions CE AB	25.05.2012		1.118.0
Bonjour	Apple Inc.	13.10.2011	2,04MB	3.0.0.10
Canon Easy-PhotoPrint EX		11.01.2012		
Canon Easy-WebPrint EX		11.01.2012		
Canon Inkjet Printer/Scanner/Fax Extended Survey Program		11.01.2012		
Canon Kurzwahlprogramm		11.01.2012		
Canon MP Navigator EX 4.1		11.01.2012		
Canon MX360 series Benutzerregistrierung		11.01.2012		
Canon MX360 series MP Drivers		11.01.2012		
Canon My Printer		11.01.2012		
Canon Solution Menu EX		11.01.2012		
CCleaner	Piriform	31.01.2012		3.15
Counter-Strike: Source	Valve	22.07.2011		
CyberGhost VPN	CyberGhost S.R.L.	22.03.2012	59,6MB	
Dota 2		13.05.2012		
ESN Sonar	ESN Social Software AB	25.05.2012		0.70.4
Flyff	Gala Networks Europe Limited	31.03.2012		Flyff
G Data InternetSecurity 2012	G Data Software AG	30.04.2012	80,0MB	22.0.0.0
Google Chrome	Google Inc.	02.12.2011		15.0.874.121
Intel(R) Rapid Storage Technology	Intel Corporation	17.07.2011		10.1.0.1008
iTunes	Apple Inc.	15.10.2011	169,5MB	10.5.0.142
Java(TM) 6 Update 22	Oracle	20.10.2011	97,1MB	6.0.220
Java(TM) 6 Update 31	Oracle	03.04.2012	95,1MB	6.0.310
Java(TM) 7 (64-bit)	Oracle	23.09.2011	93,3MB	7.0.0
KeePass Password Safe 2.18	Dominik Reichl	24.01.2012	5,44MB	
League of Legends	Riot Games	09.09.2011		1.02.0000
Logitech G35	Logitech	31.08.2011	5,17MB	1.1.178
Logitech GamePanel Software 3.03.133	Logitech Inc.	16.07.2011	53,8MB	3.03.133
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	15.05.2012	18,0MB	1.61.0.1400
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	16.07.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	16.07.2011	2,94MB	4.0.30319
Microsoft .NET Framework 4 Extended	Microsoft Corporation	18.07.2011	52,0MB	4.0.30319
Microsoft Silverlight	Microsoft Corporation	18.05.2012	50,7MB	5.1.10411.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	26.07.2011	1,70MB	3.1.0000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	16.07.2011	0,77MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	20.10.2011	0,23MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	26.07.2011	0,77MB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	07.11.2011	0,23MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	16.07.2011	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	26.07.2011	0,59MB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	29.09.2011	13,8MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	29.09.2011	15,0MB	10.0.40219
Mozilla Firefox 12.0 (x86 de)	Mozilla	03.05.2012	41,3MB	12.0
Mozilla Maintenance Service	Mozilla	03.05.2012	0,21MB	12.0
NVIDIA 3D Vision Controller-Treiber 301.42	NVIDIA Corporation	23.05.2012		301.42
NVIDIA 3D Vision Treiber 301.42	NVIDIA Corporation	23.05.2012		301.42
NVIDIA Grafiktreiber 301.42	NVIDIA Corporation	23.05.2012		301.42
NVIDIA HD-Audiotreiber 1.3.16.0	NVIDIA Corporation	23.05.2012		1.3.16.0
NVIDIA PhysX-Systemsoftware 9.12.0213	NVIDIA Corporation	23.05.2012		9.12.0213
NVIDIA Update 1.8.15	NVIDIA Corporation	23.05.2012		1.8.15
OpenOffice.org 3.3	OpenOffice.org	20.10.2011	415MB	3.3.9567
Origin	Electronic Arts, Inc.	25.05.2012		8.6.0.357
PunkBuster Services	Even Balance, Inc.	25.05.2012		0.991
QuickTime	Apple Inc.	05.09.2011	73,0MB	7.70.80.34
Realtek Ethernet Controller Driver	Realtek	16.07.2011		7.41.216.2011
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	16.07.2011		6.0.1.6285
Renesas Electronics USB 3.0 Host Controller Driver	Renesas Electronics Corporation	16.07.2011	1,01MB	2.0.34.0
Revo Uninstaller 1.93	VS Revo Group	30.03.2012		1.93
Skype Click to Call	Skype Technologies S.A.	22.01.2012	14,4MB	5.6.8442
Skype™ 5.6	Skype Technologies S.A.	22.01.2012	19,5MB	5.6.110
Spotify	Spotify AB	04.05.2012		0.8.3.222.g317ab79d
Steam	Valve Corporation	20.07.2011	42,3MB	1.0.0.0
System Requirements Lab CYRI	Husdawg, LLC	19.09.2011	0,45MB	4.4.26.0
TeamSpeak 3 Client	TeamSpeak Systems GmbH	16.07.2011		
TeamViewer 7	TeamViewer	14.03.2012		7.0.12799
Train Simulator 2012	RailSimulator.com	23.12.2011		
Ubuntu	Ubuntu	02.02.2012		11.10-rev241
VLC media player 1.1.11	VideoLAN	23.07.2011		1.1.11
VMware Workstation	VMware, Inc	03.09.2011	3.333MB	7.1.4.16648
Windows Live Essentials	Microsoft Corporation	27.07.2011		15.4.3538.0513
WinRAR 4.01 (64-Bit)	win.rar GmbH	27.07.2011		4.01.0
Xfire (remove only)		18.07.2011
         
Ich hoffe Sie können mir helfen.
__________________

Alt 27.05.2012, 20:47   #4
kira
/// Helfer-Team
 
JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Standard

JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner



Systemreinigung und Prüfung:

1.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :
Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{19DC46F4-06D1-41E4-BAB7-C4665A6707F1}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.05.04 19:48:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.04 19:48:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.05.04 19:48:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.04 19:48:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.04 19:48:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
[2012.05.26 23:09:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.26 20:09:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Deinen Thread.

2.
Tipps (unabhängig davon ob man den Internet Explorer benutzt oder nicht!):
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Wie kann ich den Cache im Internet Explorer leeren?

3.
reinige dein System mit CCleaner:
  • "CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

4.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
    Achte darauf, eventuell angebotene Toolbar nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar (falls nötig), entfernen.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

6.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

7.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 28.05.2012, 03:54   #5
MixxdKhaos
 
JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Standard

JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner



Hallo, ist der oben genannte Virus eigentlich gefährlich? Klaut er Passwörter, muss ich also alle meine Passwörter ändern? Muss ich mir Sorgen machen?

Mit Eset, wie später zu sehen ist hat sich was neues gefunden.
Der Name: Win32/Toolbar.Widgi application
Ist die Bedrohung gefährlich? Was macht sie?
Hat sich anscheind bei der Installation von dem PDFCreator mit installiert.

Kommen wir zu den Logs:

OTL Log nach dem Fixen:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19DC46F4-06D1-41E4-BAB7-C4665A6707F1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19DC46F4-06D1-41E4-BAB7-C4665A6707F1}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\*\Downloads\cmd.bat deleted successfully.
C:\Users\*\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: *
->Temp folder emptied: 4419107 bytes
->Temporary Internet Files folder emptied: 9569807 bytes
->Java cache emptied: 43173586 bytes
->FireFox cache emptied: 284205203 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2365 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 551590 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 2892562448 bytes
 
Total Files Cleaned = 3.085,00 mb
 
 
OTL by OldTimer - Version 3.2.43.1 log created on 05272012_233052

Files\Folders moved on Reboot...
C:\Users\*\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2252.log moved successfully.

Registry entries deleted on Reboot...
         
Log nach dem Virenscan von SUPERAntiSpyware:

Code:
ATTFilter
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 05/28/2012 bei 01:03 AM

Version der Applikation : 5.0.1150

Version der Kern-Datenbank : 8650
Version der Spur-Datenbank : 6462

Scan Art       : kompletter Scann
Totale Scann-Zeit : 00:59:29

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Gescannte Speicherelemente  : 621
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 69471
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente     : 83177
Erfasste Datei-Elemente   : 0
         
Hier der Log vom Eset-Scan, wo auch die oben genannte Malware zufinden ist:

Code:
ATTFilter
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5ce57cafc23a404889150bd2976c5ea6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-28 01:22:34
# local_time=2012-05-28 03:22:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=4096 16777215 100 0 4971789 4971789 0 0
# compatibility_mode=5893 16776573 100 94 94844 89791113 0 0
# compatibility_mode=8192 67108863 100 0 479 479 0 0
# scanned=200143
# found=1
# cleaned=1
# scan_time=6891
C:\Users\*\Downloads\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi application (deleted - quarantined)	00000000000000000000000000000000	C
         
Und zu guter letzt der neuste OTL Log:

OTL:
Code:
ATTFilter
OTL logfile created on: 28.05.2012 03:37:30 - Run 2
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\*\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: * | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,41 Gb Available Physical Memory | 56,84% Memory free
11,98 Gb Paging File | 9,33 Gb Available in Paging File | 77,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 705,10 Gb Total Space | 564,91 Gb Free Space | 80,12% Space Free | Partition Type: NTFS
Drive L: | 225,31 Gb Total Space | 206,92 Gb Free Space | 91,84% Space Free | Partition Type: NTFS
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.26 23:06:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\EliteKhaos\Downloads\OTL.exe
PRC - [2012.05.26 19:35:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.05 09:00:59 | 000,932,528 | ---- | M] () -- C:\Users\EliteKhaos\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.05.04 19:48:02 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.05 05:21:03 | 000,985,592 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.04.05 04:46:46 | 001,538,040 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.27 06:13:00 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.01.27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2011.03.25 23:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.03.25 23:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011.03.25 23:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.22 03:00:00 | 002,105,344 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 03:00:00 | 000,376,832 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2010.10.05 09:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2010.07.27 02:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2009.08.13 17:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2012.05.13 17:24:33 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.05.10 16:08:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 16:08:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.10 16:08:02 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.10 16:07:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.10 16:07:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 16:07:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 16:07:46 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 16:07:42 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.05 09:00:59 | 000,932,528 | ---- | M] () -- C:\Users\EliteKhaos\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012.05.04 19:48:02 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.26 19:35:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.26 12:49:01 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.13 17:32:58 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.04 19:48:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.05 04:46:46 | 001,538,040 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.30 05:09:49 | 001,765,352 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.27 06:01:07 | 002,006,872 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.01.27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.11.28 23:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV - [2011.07.05 12:28:46 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.25 23:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.25 23:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.25 23:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.10.22 03:00:00 | 000,376,832 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.07.27 02:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.26 15:49:29 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.05.23 14:57:05 | 000,059,768 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.05.22 22:20:38 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.05.22 22:20:12 | 000,122,744 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.05.22 22:20:12 | 000,054,136 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.05.22 22:20:11 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.05.01 13:41:42 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.25 23:43:06 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.25 23:43:04 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.25 23:41:18 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.25 23:41:08 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.16 17:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.02.10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.22 03:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4)
DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.09.29 11:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010.09.29 11:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010.02.25 18:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.07.14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 DC 9F F4 D5 D7 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.04 19:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.22 01:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Extensions
[2012.05.21 21:14:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions
[2012.05.21 21:14:52 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.05.18 02:02:03 | 000,000,000 | ---D | M] (WOT) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.01.31 16:04:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.30 18:36:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.04 19:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.23 16:10:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.05.22 22:20:11 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.05.21 15:31:42 | 000,524,264 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.01.22 01:37:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.12 01:51:15 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.04.23 17:29:56 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2012.05.04 19:48:03 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.04 19:48:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Turn Off the Lights = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.36_0\
CHR - Extension: WOT = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.10_0\
CHR - Extension: YouTube = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: AdBlock = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.13_0\
CHR - Extension: Skype Click to Call = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\EliteKhaos\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\EliteKhaos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\EliteKhaos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDD649AA-03C7-4426-931F-D29041BF67BA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.27 23:57:46 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.27 23:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.05.27 23:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.05.27 23:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.05.27 23:30:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.26 23:24:55 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.05.26 19:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.05.26 17:25:24 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\Desktop\festplatte
[2012.05.24 12:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.05.24 12:17:33 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.05.24 12:17:33 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.05.24 12:17:33 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.05.24 12:17:33 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.05.24 12:17:33 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012.05.24 12:17:33 | 000,949,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.05.24 12:17:33 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.05.24 12:17:33 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.05.24 12:17:33 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.05.24 12:17:33 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012.05.24 12:17:33 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.05.24 12:17:32 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.05.24 12:17:32 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.05.24 12:17:32 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.05.24 12:17:32 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.05.24 12:17:32 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.05.24 12:17:32 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.05.24 12:17:32 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.05.24 12:17:32 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.05.24 12:17:32 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.05.24 12:17:32 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.05.24 12:17:32 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.05.24 12:17:32 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.05.24 12:17:32 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012.05.24 12:17:32 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012.05.24 12:14:35 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.05.24 12:14:34 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.05.24 12:14:34 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.05.24 12:14:34 | 002,561,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.05.24 12:14:33 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.05.24 12:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.05.24 11:37:57 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\AppData\Roaming\LolClient2
[2012.05.24 11:08:35 | 211,927,944 | ---- | C] (NVIDIA Corporation) -- C:\Users\EliteKhaos\Desktop\301.42-desktop-win7-winvista-64bit-international-whql.exe
[2012.05.22 22:20:11 | 000,010,760 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll
[2012.05.19 15:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.19 15:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.19 15:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.16 22:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.16 22:43:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.13 17:32:45 | 008,769,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.13 17:24:33 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.10 14:42:20 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.10 14:42:13 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.10 14:42:12 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.10 14:42:11 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.04 19:48:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.04 19:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.02 21:20:10 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.05.01 13:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
[2012.05.01 13:41:47 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.05.01 13:41:42 | 000,031,448 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.28 03:30:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.28 00:01:21 | 000,655,710 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.05.28 00:01:21 | 000,040,134 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.05.27 23:56:32 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.27 23:49:10 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.27 23:49:10 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.27 23:41:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.27 23:41:45 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.27 23:39:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.27 22:47:11 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.05.27 22:47:11 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.27 22:46:55 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.05.27 19:45:13 | 041,216,684 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Sido lol.wav
[2012.05.27 12:53:47 | 000,458,606 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\465571_3423174138330_1239520431_50875516_367152366_o.jpg
[2012.05.26 23:24:55 | 000,001,264 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Revo Uninstaller.lnk
[2012.05.26 19:35:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.26 19:09:20 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.05.26 18:35:55 | 001,621,682 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.26 18:35:55 | 000,699,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.26 18:35:55 | 000,654,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.26 18:35:55 | 000,149,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.26 18:35:55 | 000,122,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.26 15:49:29 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.05.24 12:01:31 | 211,927,944 | ---- | M] (NVIDIA Corporation) -- C:\Users\EliteKhaos\Desktop\301.42-desktop-win7-winvista-64bit-international-whql.exe
[2012.05.23 14:57:05 | 000,059,768 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.05.22 22:20:38 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.05.22 22:20:12 | 000,122,744 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.05.22 22:20:12 | 000,054,136 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.05.22 22:20:11 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.05.18 22:08:04 | 006,220,854 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\geiles Spiel.bmp
[2012.05.17 21:55:59 | 000,087,641 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\398842_10150969314770259_265621635258_12348106_135464571_n.jpg
[2012.05.16 22:43:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.15 12:48:00 | 025,743,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.05.15 12:48:00 | 025,248,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.05.15 12:48:00 | 019,607,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.05.15 12:48:00 | 018,044,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.05.15 12:48:00 | 017,551,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.05.15 12:48:00 | 015,322,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.05.15 12:48:00 | 010,194,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.05.15 12:48:00 | 008,139,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.05.15 12:48:00 | 008,105,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.05.15 12:48:00 | 005,982,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.05.15 12:48:00 | 002,881,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.05.15 12:48:00 | 002,741,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.05.15 12:48:00 | 002,681,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.05.15 12:48:00 | 002,524,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.05.15 12:48:00 | 002,445,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.05.15 12:48:00 | 002,368,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.05.15 12:48:00 | 001,738,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.05.15 12:48:00 | 001,468,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012.05.15 12:48:00 | 000,949,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.05.15 12:48:00 | 000,818,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.05.15 12:48:00 | 000,364,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012.05.15 12:48:00 | 000,301,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012.05.15 12:48:00 | 000,246,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.05.15 12:48:00 | 000,202,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.05.15 12:48:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.05.15 12:48:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.05.15 12:48:00 | 000,014,324 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.05.15 11:29:46 | 002,561,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.05.15 11:29:46 | 000,118,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.05.15 11:29:46 | 000,063,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.05.15 11:29:45 | 002,621,723 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.05.15 11:29:25 | 003,149,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.05.15 11:28:42 | 006,151,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.05.15 02:21:50 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.14 21:45:56 | 000,000,219 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Dota 2.url
[2012.05.14 17:44:53 | 001,445,562 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Foto0229.jpg
[2012.05.14 17:44:50 | 001,390,320 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Foto0230.jpg
[2012.05.13 17:32:56 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.13 17:32:56 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.13 17:32:45 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.12 20:42:36 | 000,029,874 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\IMG324.jpg
[2012.05.10 16:03:41 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.06 16:46:01 | 000,049,548 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\36590_298249763590954_161202623962336_682640_1426911667_n.jpg
[2012.05.01 13:41:42 | 000,031,448 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys
[2012.05.01 13:41:32 | 000,002,134 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.04.28 16:02:16 | 000,045,222 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\tine4_5g.jpg
 
========== Files Created - No Company Name ==========
 
[2012.05.27 23:56:32 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.05.27 19:41:38 | 041,216,684 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Sido lol.wav
[2012.05.27 12:53:47 | 000,458,606 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\465571_3423174138330_1239520431_50875516_367152366_o.jpg
[2012.05.26 19:09:20 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.05.26 19:08:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.26 19:08:45 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.24 12:19:01 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.05.18 22:08:04 | 006,220,854 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\geiles Spiel.bmp
[2012.05.17 21:55:59 | 000,087,641 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\398842_10150969314770259_265621635258_12348106_135464571_n.jpg
[2012.05.16 22:43:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.14 21:45:56 | 000,000,219 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Dota 2.url
[2012.05.14 17:44:24 | 001,445,562 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Foto0229.jpg
[2012.05.14 17:44:24 | 001,390,320 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Foto0230.jpg
[2012.05.13 17:24:33 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.12 20:42:22 | 000,029,874 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\IMG324.jpg
[2012.05.06 16:46:01 | 000,049,548 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\36590_298249763590954_161202623962336_682640_1426911667_n.jpg
[2012.05.01 13:41:32 | 000,002,134 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.04.28 16:02:16 | 000,045,222 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\tine4_5g.jpg
[2012.03.31 15:17:49 | 000,017,408 | ---- | C] () -- C:\Users\EliteKhaos\AppData\Local\WebpageIcons.db
[2012.03.31 12:04:11 | 000,034,067 | ---- | C] () -- C:\ProgramData\1333188245.bdinstall.bin
[2012.03.31 12:00:31 | 000,105,309 | ---- | C] () -- C:\ProgramData\1333187960.bdinstall.bin
[2012.03.30 12:37:05 | 000,643,126 | ---- | C] () -- C:\ProgramData\1333101582.bdinstall.bin
[2012.03.22 18:37:29 | 000,171,408 | ---- | C] () -- C:\ProgramData\1332434173.bdinstall.bin
[2011.12.10 23:23:50 | 000,007,660 | ---- | C] () -- C:\Users\EliteKhaos\AppData\Local\Resmon.ResmonCfg
[2011.10.13 22:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.10.07 17:09:21 | 000,100,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.07.19 17:35:10 | 001,598,576 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.18 11:50:14 | 000,655,710 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
 
========== LOP Check ==========
 
[2012.03.09 20:52:55 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\.minecraft
[2012.03.19 21:46:21 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Amazon
[2012.01.22 20:46:19 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Canon
[2012.03.25 22:42:25 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\DVDVideoSoft
[2011.07.17 21:19:59 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.23 20:28:13 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\gtk-2.0
[2012.01.25 21:12:07 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\KeePass
[2011.09.01 14:29:36 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Leadertech
[2011.09.11 16:16:39 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\LolClient
[2012.05.24 11:37:57 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\LolClient2
[2011.10.21 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\OpenOffice.org
[2011.12.03 17:09:52 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Opera
[2011.11.08 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Origin
[2012.03.30 12:06:52 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\QuickScan
[2012.01.28 01:22:32 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\redsn0w
[2012.05.27 21:22:35 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Spotify
[2012.03.15 22:05:51 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\TeamViewer
[2012.03.10 20:42:19 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Teeworlds
[2012.05.27 23:40:05 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\TS3Client
[2012.05.14 13:48:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
OTL Extras:

Code:
ATTFilter
OTL Extras logfile created on: 28.05.2012 03:37:30 - Run 2
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\*\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: * | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,41 Gb Available Physical Memory | 56,84% Memory free
11,98 Gb Paging File | 9,33 Gb Available in Paging File | 77,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 705,10 Gb Total Space | 564,91 Gb Free Space | 80,12% Space Free | Partition Type: NTFS
Drive L: | 225,31 Gb Total Space | 206,92 Gb Free Space | 91,84% Space Free | Partition Type: NTFS
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AA84BC-DC77-47A1-9867-7527FE178BDB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{08B15CB0-A7E2-45D8-BB1D-3324FD1D0D01}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{104D41F5-757B-48D1-93C2-0228FF4BBE35}" = rport=138 | protocol=17 | dir=out | app=system | 
"{105B5D00-537D-4E07-A32C-CAF3FB4ED825}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{29C893DB-9B59-4647-ACF4-610A18D9C220}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2E90111D-A274-4987-8321-B5734178193D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{347CB284-1C35-4925-B0A0-93F5A2808155}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3ED47800-2616-41BB-ACFF-88B562673543}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50DB9B01-D717-4A34-B541-DAC3F937088C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5645A018-F8BE-45CA-AB4C-53FC00D4E8A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{58DA98F8-C638-49A2-B01D-48EE5A78E6DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5925994B-4A22-4307-BBC3-F33708C6B796}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5F2ED97F-1766-4404-8490-56F3FD47C887}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7434D30C-688C-45FF-B1B2-FB109DC6384E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8E64B1D6-86F6-40AC-BA3E-AC811E47C990}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{92C584E9-67A8-4CB0-8191-2981078C8FCE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9D3BCCFE-7E1D-43EC-84BC-A15DBE6C5DBA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9F247645-D2F6-46C1-8290-0565E7E5409C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BF85A3FC-84EA-4F5B-9440-38037884B5FA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{E10700B1-7263-458B-A776-E765EF1B5E90}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F145B88C-776F-4BB4-9FA6-AF0634ECD40E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F57DB9FA-EF95-4785-8EFC-CE15393E777B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F8C871B7-4C6E-438D-A5FD-7A78DBAE7BEC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FE0C6115-1683-4083-B011-3A952B5A0E8A}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F5A12A-64D8-4D0B-A3E0-508220EA3BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{0608386A-FF1C-4BB0-9D50-91E8F3E8E5C2}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{06429892-38E8-42F4-AEF9-324D1A19656C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{069120DA-A656-4B2F-87AC-F89BE5612D7D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0986DF7C-0647-4712-AFE2-44E03477BD72}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{0A2E75BE-038F-4649-A2E3-1F4711D6FE16}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0B5C3048-56FD-48C1-8AE7-DDFB51124D85}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0F17D666-7E48-4812-A406-4B57FCD7C717}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{144F5479-59F9-4F26-BBD2-FE6E9964A740}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{16FFAA17-C3BC-4490-A272-5BF820CB5749}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1AA5A23F-5E8D-49E1-8508-451DD1D406F8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{2136DBD1-FD25-4BE4-B170-F116D644ED9E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{24A50211-6234-4BB3-859F-F397C50EDA78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{25445A28-40B3-46EF-AAAA-20BEDB58244A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{2DFB9AAC-00C0-4DCE-B985-57074D20098E}" = protocol=6 | dir=out | app=system | 
"{315D0801-8A80-41BB-A727-BF419A7168DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe | 
"{403579AF-109C-407B-B213-3A8B6D2120EF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4233E9BB-24A6-4482-A568-2B2C48F00828}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{468B7FC7-2C0A-4544-B0B8-21820F7FEF69}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4C03B504-FDFF-488E-8EE8-8383471FDB38}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{530EE76C-6891-409E-99ED-C3C16A28F6E7}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{54D36BE8-9C4F-4342-9EBA-63F2071D3B50}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{6393E8CD-E150-4662-8571-D7DB21CD5121}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{71415946-14E9-4704-9BDC-722649CAD360}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{727157BE-7349-4A5E-ADC4-A8356876ABFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{751E5168-CAD3-46A4-B962-AA3948C06479}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{7A0AEEED-8596-4615-8291-5FD900EEFD44}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7A9D0C65-22BD-4EDF-9D10-380B14F5DDB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C915F83-76E7-4440-97B2-8E7CAEEBDF42}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{7E5D6D6C-36AC-4740-A580-FB58E826452B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{83BFC6B5-12C7-4409-99B9-60EB9AF2F18C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8DDFE914-1BB6-48D1-814A-8327146B3FAB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{938A7F02-065A-4CC2-97B5-B8E4FD75E3AA}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{957DDE6E-1516-4619-9D37-E70390BFCE82}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{9DABA9ED-7320-4F16-B6DE-7686AB888794}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe | 
"{A31B3E28-71E6-4BF4-B555-EA13B4B081C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{A5620EA6-97E3-45C3-81F8-213BAFC77F4E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A79069E5-4F4A-485F-971F-731D9DA9B369}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{AD4A092E-7636-4B46-B373-90BE438F00D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ADC44675-B783-49DD-BF21-01F932819EB7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE49FC42-B307-4021-B602-03AEE0D261F2}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{AE897A1D-53C6-4D09-994C-1CA306CCFB9F}" = protocol=6 | dir=in | app=c:\users\elitekhaos\appdata\roaming\spotify\spotify.exe | 
"{BA4D3E7C-AB85-44CC-8471-8B15C61FD750}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{BD132494-08CB-4E04-95A7-637AEAD70073}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C12FC598-9434-4D8B-8637-CC5598F42F0B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C1805C4B-D979-4009-B7C9-8A7F5598E14A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{C426BD3E-BEC2-4F89-BB52-554D971E677C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{C7441C0F-D5F4-462A-9625-6DAEB25D52C0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C8F2BB62-6064-431F-87EC-FADA908D0812}" = protocol=17 | dir=in | app=c:\users\elitekhaos\appdata\roaming\spotify\spotify.exe | 
"{C90E4F11-425E-473F-80D5-F9E21FAA976E}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{CDC58BBA-70C8-4383-AC55-980EFABD5179}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{D60716E3-7C57-4E0E-8A1C-0594C51C4D30}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D7D75846-0785-4CF7-A5A7-F0E835587956}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E418F427-48D0-4FDC-A8E0-032EBA3C2DFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E998F48D-DD3C-4ADF-94CA-C6EF84F608BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0D600D8-C675-4B5C-A814-B7EF232ED6BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5C51D08-DED6-40D2-9150-3198277C23A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F687C8BD-9166-4BF2-B1AD-F4556AF9B1D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7B5FA31-C787-4EBF-AA48-331AAB7C96B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F9454E24-7AC2-42EB-A40C-1A989C187D08}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FF0C2A15-CEA4-4068-B779-925F6C9EF6E6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series" = Canon MX360 series MP Drivers
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVMWLANCLI" = AVM FRITZ!WLAN
"Canon MX360 series Benutzerregistrierung" = Canon MX360 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"Speed Dial Utility" = Canon Kurzwahlprogramm
"Steam App 12900" = Audiosurf
"Steam App 240" = Counter-Strike: Source
"Steam App 24010" = Train Simulator 2012
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 570" = Dota 2
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"VMware_Workstation" = VMware Workstation
"WinLiveSuite" = Windows Live Essentials
"Wubi" = Ubuntu
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.05.2012 16:20:39 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.05.2012 03:58:21 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.05.2012 05:03:50 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.05.2012 07:12:58 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.05.2012 07:46:58 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.05.2012 08:26:01 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.05.2012 14:46:59 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.05.2012 15:00:07 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.05.2012 16:46:59 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 27.05.2012 19:19:44 | Computer Name = EliteKhaos-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\EliteKhaos\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 15.05.2012 00:51:57 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 22.05.2012 08:05:26 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.127.390.0)
 
Error - 26.05.2012 06:49:16 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 26.05.2012 06:49:16 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 26.05.2012 12:33:32 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst LanmanServer erreicht.
 
Error - 26.05.2012 12:34:02 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WSearch erreicht.
 
Error - 26.05.2012 17:41:57 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 27.05.2012 17:30:52 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 27.05.2012 19:16:51 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst LanmanServer erreicht.
 
Error - 27.05.2012 19:17:21 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WSearch erreicht.
 
 
< End of report >
         
Mir ist aufgefallen, das wenn ich Origin starte (weiß nicht obs nur da ist), das sich mein Computer kurzzeitig aufhängt, ist bis jetzt schätzungsweise 3 mal aufgetreten. Kann aber auch andere Gründe haben.
Kann aber auch daran liegen das mein RAM, durch ein Spiel komplett ausgelastet war und somit sich mein PC aufgehängt hat.

MfG
MixxdKhaos


Geändert von MixxdKhaos (28.05.2012 um 04:24 Uhr)

Alt 28.05.2012, 03:57   #6
MixxdKhaos
 
JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Standard

JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner



Ausversehen Doppelpost.

Löschen bitte.

Ich habe eben "Glary Utilities" installiert.
Daraufhin hab ich ein neuen OTL Scan gemacht.
Falls benötigt hier der Log:

OTL:

Code:
ATTFilter
OTL logfile created on: 28.05.2012 13:51:02 - Run 3
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\*\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: * | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,67 Gb Available Physical Memory | 77,87% Memory free
11,98 Gb Paging File | 9,69 Gb Available in Paging File | 80,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 705,10 Gb Total Space | 566,58 Gb Free Space | 80,36% Space Free | Partition Type: NTFS
Drive L: | 225,31 Gb Total Space | 206,92 Gb Free Space | 91,84% Space Free | Partition Type: NTFS
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.26 23:06:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\EliteKhaos\Downloads\OTL.exe
PRC - [2012.05.26 19:35:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.04.05 05:21:03 | 000,985,592 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.04.05 04:46:46 | 001,538,040 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.27 06:13:00 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.01.27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2011.03.25 23:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.03.25 23:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011.03.25 23:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.22 03:00:00 | 002,105,344 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 03:00:00 | 000,376,832 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2010.10.05 09:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2010.07.27 02:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2009.08.13 17:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.10 16:08:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 16:08:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.10 16:08:02 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.10 16:07:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.10 16:07:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 16:07:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 16:07:46 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 16:07:42 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.26 19:35:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.26 12:49:01 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.13 17:32:58 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.04 19:48:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.05 04:46:46 | 001,538,040 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.30 05:09:49 | 001,765,352 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.27 06:01:07 | 002,006,872 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.01.27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.11.28 23:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.07.05 12:28:46 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.25 23:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.25 23:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.25 23:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.10.22 03:00:00 | 000,376,832 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.07.27 02:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.26 15:49:29 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.05.23 14:57:05 | 000,059,768 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.05.22 22:20:38 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.05.22 22:20:12 | 000,122,744 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.05.22 22:20:12 | 000,054,136 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.05.22 22:20:11 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.05.01 13:41:42 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.25 23:43:06 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.25 23:43:04 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.25 23:41:18 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.25 23:41:08 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.16 17:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.02.10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.22 03:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4)
DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.09.29 11:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010.09.29 11:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010.02.25 18:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.07.14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 DC 9F F4 D5 D7 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.04 19:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.22 01:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Extensions
[2012.05.21 21:14:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions
[2012.05.21 21:14:52 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.05.18 02:02:03 | 000,000,000 | ---D | M] (WOT) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.01.31 16:04:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.30 18:36:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.04 19:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.23 16:10:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.05.22 22:20:11 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.05.21 15:31:42 | 000,524,264 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.01.22 01:37:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.12 01:51:15 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.04.23 17:29:56 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2012.05.04 19:48:03 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.04 19:48:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Turn Off the Lights = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.36_0\
CHR - Extension: WOT = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.10_0\
CHR - Extension: YouTube = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: AdBlock = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.13_0\
CHR - Extension: Skype Click to Call = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\EliteKhaos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\EliteKhaos\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDD649AA-03C7-4426-931F-D29041BF67BA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.28 12:07:07 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\AppData\Roaming\GlarySoft
[2012.05.28 12:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2012.05.28 12:05:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2012.05.27 23:30:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.26 23:24:55 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.05.26 19:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.05.26 17:25:24 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\Desktop\festplatte
[2012.05.24 12:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.05.24 12:17:33 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.05.24 12:17:33 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.05.24 12:17:33 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.05.24 12:17:33 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.05.24 12:17:33 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012.05.24 12:17:33 | 000,949,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.05.24 12:17:33 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.05.24 12:17:33 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.05.24 12:17:33 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.05.24 12:17:33 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012.05.24 12:17:33 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.05.24 12:17:32 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.05.24 12:17:32 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.05.24 12:17:32 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.05.24 12:17:32 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.05.24 12:17:32 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.05.24 12:17:32 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.05.24 12:17:32 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.05.24 12:17:32 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.05.24 12:17:32 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.05.24 12:17:32 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.05.24 12:17:32 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.05.24 12:17:32 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.05.24 12:17:32 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012.05.24 12:17:32 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012.05.24 12:14:35 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.05.24 12:14:34 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.05.24 12:14:34 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.05.24 12:14:34 | 002,561,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.05.24 12:14:33 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.05.24 12:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.05.24 11:37:57 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\AppData\Roaming\LolClient2
[2012.05.24 11:08:35 | 211,927,944 | ---- | C] (NVIDIA Corporation) -- C:\Users\EliteKhaos\Desktop\301.42-desktop-win7-winvista-64bit-international-whql.exe
[2012.05.22 22:20:11 | 000,010,760 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll
[2012.05.19 15:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.19 15:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.19 15:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.16 22:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.16 22:43:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.13 17:32:45 | 008,769,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.13 17:24:33 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.10 14:42:20 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.10 14:42:13 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.10 14:42:12 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.10 14:42:11 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.04 19:48:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.04 19:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.02 21:20:10 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.05.01 13:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
[2012.05.01 13:41:47 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.05.01 13:41:42 | 000,031,448 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.28 13:30:44 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.28 13:30:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.28 12:05:42 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.05.28 12:05:41 | 000,001,066 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Glary Utilities.lnk
[2012.05.28 11:50:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.28 11:50:26 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.28 11:42:58 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.28 11:03:14 | 000,656,985 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.05.28 11:03:14 | 000,040,170 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.05.27 23:39:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.27 22:47:11 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.05.27 22:47:11 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.27 22:46:55 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.05.27 19:45:13 | 041,216,684 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Sido lol.wav
[2012.05.27 12:53:47 | 000,458,606 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\465571_3423174138330_1239520431_50875516_367152366_o.jpg
[2012.05.26 23:24:55 | 000,001,264 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Revo Uninstaller.lnk
[2012.05.26 19:35:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.26 19:09:20 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.05.26 18:35:55 | 001,621,682 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.26 18:35:55 | 000,699,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.26 18:35:55 | 000,654,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.26 18:35:55 | 000,149,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.26 18:35:55 | 000,122,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.26 15:49:29 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.05.24 12:01:31 | 211,927,944 | ---- | M] (NVIDIA Corporation) -- C:\Users\EliteKhaos\Desktop\301.42-desktop-win7-winvista-64bit-international-whql.exe
[2012.05.23 14:57:05 | 000,059,768 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.05.22 22:20:38 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.05.22 22:20:12 | 000,122,744 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.05.22 22:20:12 | 000,054,136 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.05.22 22:20:11 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.05.18 22:08:04 | 006,220,854 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\geiles Spiel.bmp
[2012.05.17 21:55:59 | 000,087,641 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\398842_10150969314770259_265621635258_12348106_135464571_n.jpg
[2012.05.16 22:43:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.15 12:48:00 | 025,743,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.05.15 12:48:00 | 025,248,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.05.15 12:48:00 | 019,607,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.05.15 12:48:00 | 018,044,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.05.15 12:48:00 | 017,551,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.05.15 12:48:00 | 015,322,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.05.15 12:48:00 | 010,194,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.05.15 12:48:00 | 008,139,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.05.15 12:48:00 | 008,105,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.05.15 12:48:00 | 005,982,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.05.15 12:48:00 | 002,881,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.05.15 12:48:00 | 002,741,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.05.15 12:48:00 | 002,681,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.05.15 12:48:00 | 002,524,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.05.15 12:48:00 | 002,445,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.05.15 12:48:00 | 002,368,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.05.15 12:48:00 | 001,738,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.05.15 12:48:00 | 001,468,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012.05.15 12:48:00 | 000,949,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.05.15 12:48:00 | 000,818,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.05.15 12:48:00 | 000,364,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012.05.15 12:48:00 | 000,301,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012.05.15 12:48:00 | 000,246,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.05.15 12:48:00 | 000,202,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.05.15 12:48:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.05.15 12:48:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.05.15 12:48:00 | 000,014,324 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.05.15 11:29:46 | 002,561,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.05.15 11:29:46 | 000,118,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.05.15 11:29:46 | 000,063,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.05.15 11:29:45 | 002,621,723 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.05.15 11:29:25 | 003,149,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.05.15 11:28:42 | 006,151,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.05.15 02:21:50 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.14 21:45:56 | 000,000,219 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Dota 2.url
[2012.05.14 17:44:53 | 001,445,562 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Foto0229.jpg
[2012.05.14 17:44:50 | 001,390,320 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Foto0230.jpg
[2012.05.13 17:32:56 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.13 17:32:56 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.13 17:32:45 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.12 20:42:36 | 000,029,874 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\IMG324.jpg
[2012.05.10 16:03:41 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.06 16:46:01 | 000,049,548 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\36590_298249763590954_161202623962336_682640_1426911667_n.jpg
[2012.05.01 13:41:42 | 000,031,448 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys
[2012.05.01 13:41:32 | 000,002,134 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.04.28 16:02:16 | 000,045,222 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\tine4_5g.jpg
 
========== Files Created - No Company Name ==========
 
[2012.05.28 12:05:42 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.05.28 12:05:41 | 000,001,066 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Glary Utilities.lnk
[2012.05.27 19:41:38 | 041,216,684 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Sido lol.wav
[2012.05.27 12:53:47 | 000,458,606 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\465571_3423174138330_1239520431_50875516_367152366_o.jpg
[2012.05.26 19:09:20 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.05.26 19:08:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.26 19:08:45 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.24 12:19:01 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.05.18 22:08:04 | 006,220,854 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\geiles Spiel.bmp
[2012.05.17 21:55:59 | 000,087,641 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\398842_10150969314770259_265621635258_12348106_135464571_n.jpg
[2012.05.16 22:43:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.14 21:45:56 | 000,000,219 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Dota 2.url
[2012.05.14 17:44:24 | 001,445,562 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Foto0229.jpg
[2012.05.14 17:44:24 | 001,390,320 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Foto0230.jpg
[2012.05.13 17:24:33 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.12 20:42:22 | 000,029,874 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\IMG324.jpg
[2012.05.06 16:46:01 | 000,049,548 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\36590_298249763590954_161202623962336_682640_1426911667_n.jpg
[2012.05.01 13:41:32 | 000,002,134 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.04.28 16:02:16 | 000,045,222 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\tine4_5g.jpg
[2012.03.31 15:17:49 | 000,017,408 | ---- | C] () -- C:\Users\EliteKhaos\AppData\Local\WebpageIcons.db
[2012.03.31 12:04:11 | 000,034,067 | ---- | C] () -- C:\ProgramData\1333188245.bdinstall.bin
[2012.03.31 12:00:31 | 000,105,309 | ---- | C] () -- C:\ProgramData\1333187960.bdinstall.bin
[2012.03.30 12:37:05 | 000,643,126 | ---- | C] () -- C:\ProgramData\1333101582.bdinstall.bin
[2012.03.22 18:37:29 | 000,171,408 | ---- | C] () -- C:\ProgramData\1332434173.bdinstall.bin
[2011.12.10 23:23:50 | 000,007,660 | ---- | C] () -- C:\Users\EliteKhaos\AppData\Local\Resmon.ResmonCfg
[2011.10.13 22:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.10.07 17:09:21 | 000,100,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.07.19 17:35:10 | 001,598,576 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.18 11:50:14 | 000,656,985 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
 
========== LOP Check ==========
 
[2012.03.09 20:52:55 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\.minecraft
[2012.03.19 21:46:21 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Amazon
[2012.01.22 20:46:19 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Canon
[2012.03.25 22:42:25 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\DVDVideoSoft
[2011.07.17 21:19:59 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.28 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\GlarySoft
[2011.08.23 20:28:13 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\gtk-2.0
[2012.01.25 21:12:07 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\KeePass
[2011.09.01 14:29:36 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Leadertech
[2011.09.11 16:16:39 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\LolClient
[2012.05.24 11:37:57 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\LolClient2
[2011.10.21 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\OpenOffice.org
[2011.12.03 17:09:52 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Opera
[2011.11.08 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Origin
[2012.03.30 12:06:52 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\QuickScan
[2012.01.28 01:22:32 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\redsn0w
[2012.05.27 21:22:35 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Spotify
[2012.03.15 22:05:51 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\TeamViewer
[2012.03.10 20:42:19 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Teeworlds
[2012.05.27 23:40:05 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\TS3Client
[2012.05.28 12:05:42 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012.05.14 13:48:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         

OTL Extras:

Code:
ATTFilter
OTL Extras logfile created on: 28.05.2012 13:51:02 - Run 3
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\*\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: * | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,67 Gb Available Physical Memory | 77,87% Memory free
11,98 Gb Paging File | 9,69 Gb Available in Paging File | 80,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 705,10 Gb Total Space | 566,58 Gb Free Space | 80,36% Space Free | Partition Type: NTFS
Drive L: | 225,31 Gb Total Space | 206,92 Gb Free Space | 91,84% Space Free | Partition Type: NTFS
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AA84BC-DC77-47A1-9867-7527FE178BDB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{08B15CB0-A7E2-45D8-BB1D-3324FD1D0D01}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{104D41F5-757B-48D1-93C2-0228FF4BBE35}" = rport=138 | protocol=17 | dir=out | app=system | 
"{105B5D00-537D-4E07-A32C-CAF3FB4ED825}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{29C893DB-9B59-4647-ACF4-610A18D9C220}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2E90111D-A274-4987-8321-B5734178193D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{347CB284-1C35-4925-B0A0-93F5A2808155}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3ED47800-2616-41BB-ACFF-88B562673543}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50DB9B01-D717-4A34-B541-DAC3F937088C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5645A018-F8BE-45CA-AB4C-53FC00D4E8A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{58DA98F8-C638-49A2-B01D-48EE5A78E6DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5925994B-4A22-4307-BBC3-F33708C6B796}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5F2ED97F-1766-4404-8490-56F3FD47C887}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7434D30C-688C-45FF-B1B2-FB109DC6384E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8E64B1D6-86F6-40AC-BA3E-AC811E47C990}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{92C584E9-67A8-4CB0-8191-2981078C8FCE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9D3BCCFE-7E1D-43EC-84BC-A15DBE6C5DBA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9F247645-D2F6-46C1-8290-0565E7E5409C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BF85A3FC-84EA-4F5B-9440-38037884B5FA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{E10700B1-7263-458B-A776-E765EF1B5E90}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F145B88C-776F-4BB4-9FA6-AF0634ECD40E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F57DB9FA-EF95-4785-8EFC-CE15393E777B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F8C871B7-4C6E-438D-A5FD-7A78DBAE7BEC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FE0C6115-1683-4083-B011-3A952B5A0E8A}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F5A12A-64D8-4D0B-A3E0-508220EA3BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{0608386A-FF1C-4BB0-9D50-91E8F3E8E5C2}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{06429892-38E8-42F4-AEF9-324D1A19656C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{069120DA-A656-4B2F-87AC-F89BE5612D7D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0986DF7C-0647-4712-AFE2-44E03477BD72}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{0A2E75BE-038F-4649-A2E3-1F4711D6FE16}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0B5C3048-56FD-48C1-8AE7-DDFB51124D85}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0F17D666-7E48-4812-A406-4B57FCD7C717}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{144F5479-59F9-4F26-BBD2-FE6E9964A740}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{16FFAA17-C3BC-4490-A272-5BF820CB5749}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1AA5A23F-5E8D-49E1-8508-451DD1D406F8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{2136DBD1-FD25-4BE4-B170-F116D644ED9E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{24A50211-6234-4BB3-859F-F397C50EDA78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{25445A28-40B3-46EF-AAAA-20BEDB58244A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{2DFB9AAC-00C0-4DCE-B985-57074D20098E}" = protocol=6 | dir=out | app=system | 
"{315D0801-8A80-41BB-A727-BF419A7168DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe | 
"{403579AF-109C-407B-B213-3A8B6D2120EF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4233E9BB-24A6-4482-A568-2B2C48F00828}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{468B7FC7-2C0A-4544-B0B8-21820F7FEF69}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4C03B504-FDFF-488E-8EE8-8383471FDB38}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{530EE76C-6891-409E-99ED-C3C16A28F6E7}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{54D36BE8-9C4F-4342-9EBA-63F2071D3B50}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{6393E8CD-E150-4662-8571-D7DB21CD5121}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{71415946-14E9-4704-9BDC-722649CAD360}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{727157BE-7349-4A5E-ADC4-A8356876ABFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{751E5168-CAD3-46A4-B962-AA3948C06479}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{7A0AEEED-8596-4615-8291-5FD900EEFD44}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7A9D0C65-22BD-4EDF-9D10-380B14F5DDB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C915F83-76E7-4440-97B2-8E7CAEEBDF42}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{7E5D6D6C-36AC-4740-A580-FB58E826452B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{83BFC6B5-12C7-4409-99B9-60EB9AF2F18C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8DDFE914-1BB6-48D1-814A-8327146B3FAB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{938A7F02-065A-4CC2-97B5-B8E4FD75E3AA}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{957DDE6E-1516-4619-9D37-E70390BFCE82}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{9DABA9ED-7320-4F16-B6DE-7686AB888794}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe | 
"{A31B3E28-71E6-4BF4-B555-EA13B4B081C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{A5620EA6-97E3-45C3-81F8-213BAFC77F4E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A79069E5-4F4A-485F-971F-731D9DA9B369}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{AD4A092E-7636-4B46-B373-90BE438F00D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ADC44675-B783-49DD-BF21-01F932819EB7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE49FC42-B307-4021-B602-03AEE0D261F2}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{AE897A1D-53C6-4D09-994C-1CA306CCFB9F}" = protocol=6 | dir=in | app=c:\users\elitekhaos\appdata\roaming\spotify\spotify.exe | 
"{BA4D3E7C-AB85-44CC-8471-8B15C61FD750}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{BD132494-08CB-4E04-95A7-637AEAD70073}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C12FC598-9434-4D8B-8637-CC5598F42F0B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C1805C4B-D979-4009-B7C9-8A7F5598E14A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{C426BD3E-BEC2-4F89-BB52-554D971E677C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{C7441C0F-D5F4-462A-9625-6DAEB25D52C0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C8F2BB62-6064-431F-87EC-FADA908D0812}" = protocol=17 | dir=in | app=c:\users\elitekhaos\appdata\roaming\spotify\spotify.exe | 
"{C90E4F11-425E-473F-80D5-F9E21FAA976E}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{CDC58BBA-70C8-4383-AC55-980EFABD5179}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{D60716E3-7C57-4E0E-8A1C-0594C51C4D30}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D7D75846-0785-4CF7-A5A7-F0E835587956}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E418F427-48D0-4FDC-A8E0-032EBA3C2DFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E998F48D-DD3C-4ADF-94CA-C6EF84F608BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0D600D8-C675-4B5C-A814-B7EF232ED6BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5C51D08-DED6-40D2-9150-3198277C23A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F687C8BD-9166-4BF2-B1AD-F4556AF9B1D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7B5FA31-C787-4EBF-AA48-331AAB7C96B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F9454E24-7AC2-42EB-A40C-1A989C187D08}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FF0C2A15-CEA4-4068-B779-925F6C9EF6E6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series" = Canon MX360 series MP Drivers
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVMWLANCLI" = AVM FRITZ!WLAN
"Canon MX360 series Benutzerregistrierung" = Canon MX360 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"Glary Utilities_is1" = Glary Utilities 2.45.0.1481
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"Speed Dial Utility" = Canon Kurzwahlprogramm
"Steam App 12900" = Audiosurf
"Steam App 240" = Counter-Strike: Source
"Steam App 24010" = Train Simulator 2012
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 570" = Dota 2
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"VMware_Workstation" = VMware Workstation
"WinLiveSuite" = Windows Live Essentials
"Wubi" = Ubuntu
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.05.2012 07:13:30 | Computer Name = EliteKhaos-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6147
 
Error - 28.05.2012 07:13:30 | Computer Name = EliteKhaos-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6147
 
Error - 28.05.2012 07:13:31 | Computer Name = EliteKhaos-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.05.2012 07:13:31 | Computer Name = EliteKhaos-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7145
 
Error - 28.05.2012 07:13:31 | Computer Name = EliteKhaos-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7145
 
Error - 28.05.2012 07:13:32 | Computer Name = EliteKhaos-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.05.2012 07:13:32 | Computer Name = EliteKhaos-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8143
 
Error - 28.05.2012 07:13:32 | Computer Name = EliteKhaos-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8143
 
Error - 28.05.2012 07:13:33 | Computer Name = EliteKhaos-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 28.05.2012 07:13:33 | Computer Name = EliteKhaos-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9189
 
[ System Events ]
Error - 22.05.2012 08:05:26 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.127.390.0)
 
Error - 26.05.2012 06:49:16 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 26.05.2012 06:49:16 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 26.05.2012 12:33:32 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst LanmanServer erreicht.
 
Error - 26.05.2012 12:34:02 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WSearch erreicht.
 
Error - 26.05.2012 17:41:57 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 27.05.2012 17:30:52 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 27.05.2012 19:16:51 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst LanmanServer erreicht.
 
Error - 27.05.2012 19:17:21 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst WSearch erreicht.
 
Error - 28.05.2012 06:12:00 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "G Data Personal Firewall" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
 
< End of report >
         
Danke im Voraus.

MfG
MixxdKhaos

Geändert von MixxdKhaos (28.05.2012 um 04:09 Uhr)

Alt 29.05.2012, 09:08   #7
kira
/// Helfer-Team
 
JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Standard

JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner



Zitat:
Zitat von MixxdKhaos Beitrag anzeigen
Ich habe eben "Glary Utilities" installiert.
Entschuldige den Ausdruck, musst Du jeder Müll downloaden, den im Internet entgeltfrei angeboten werden?
außerdem nochmal zur Erinnerung:
Zitat:
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.


__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 29.05.2012, 14:06   #8
MixxdKhaos
 
JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Standard

JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner



Zitat:
Zitat von kira Beitrag anzeigen
Entschuldige den Ausdruck, musst Du jeder Müll downloaden, den im Internet entgeltfrei angeboten werden?
außerdem nochmal zur Erinnerung:

Ja, ich habs gerade wieder deinstalliert, weil das Programm schön wichtige Registry-Einträge für die Gdata Firewall gelöscht hat, jetzt muss ich Gdata neu installieren.

Jetzt hat mein GData bei OTL einen Virus gefunden.
Was soll das, dass in dieser Datei ein Virus versteckt ist?
Ist der Virus schlimm?
Bin ich jetzt damit infiziert?
Was stellt der Virus an?

Warum wird die Datei überhaupt als Virus erkannt?

Hier der Virenfund:

Objekt: OTL.exe
Pfad: C:\Users\*\Downloads
Status: Datei in Quarantäne verschoben
Virus: Win32:Malware-gen (Engine B)

Alt 30.05.2012, 15:37   #9
kira
/// Helfer-Team
 
JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Standard

JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner



das OTL ist 100%ig sauber!

Zur Info:
1.
Um die Frage nach einem Computerimmunsystem zu klären, benötigt man an erster Stelle eine Definition zur Unterscheidung von computereigenen und computerfremden Prozessen. Des weiteren müssen Methoden ersonnen werden, die das Aufspüren und Eliminieren gefährlicher, fremder Aktivität ermöglicht. Außerdem bedarf es einer Speicherung von früheren Virentypenmustern, einer Methode zum Erkennen neuer Infektionen und einer Methode zum Schutz gegen Autoimmunreaktionen. (Dieser Fall träte beispielsweise ein, wenn das Immunsystem nicht erkennt, daß sich ein User mal von einem andern Platz als seinem üblichen sich Zugang zum System verschafft.)
Die Unterscheidung zwischen computereigenen und computerfremden Prozessen muß einige legitime Änderungen des System berücksichtigen: Es muß gestattet sein, Dateien zu schreiben, neue Software zu integrieren, neue Anwender und Änderungen des Anwenderverhaltens zuzulassen. Gleichzeitig soll dieses Immunsystem aber unautorisiertes Ändern von Daten, virenbehaftete Software, unautorisierte Benutzer und Angriffe von Anwendern aus dem Systeminneren erkennen.

Die AV-Programme verwenden diverse Methoden um (neue) Malware zu entdecken,z.B. Prüfsummenverfahren,Checksumme,Heuristische Sucherfahren, etc.
Die Signaturerkennung ist die heutzutage von Antivirenprogramme hauptsächlich verwendete Technik; sie bedeutet die Analyse von Malware-Code auf bekannte "Fingerabdrücke". Dazu untersucht das Antiviren-Programm den Inhalt von Dateien auf Fragmente, die einem bekannten, in den Antivirendatenbanken als schädlich identifizierten Muster entsprechen. Wenn ein solches Muster gefunden wird, wird die infizierte Datei oder das infizierte Dateifragment als infiziert gekennzeichnet.Bei dieser Methode handelt es sich um einen reinen Vergleich...
Bei der heuristische Suche wird nach typischen Merkmalen von Viren gesucht, die oft für eine größere Anzahl von Viren zutreffen. Wird eine bestimmte Anzahl von verdächtigen Strukturen gefunden, ist die Datei verdächtig. Desweiteren gibt es die Möglichkeit der Code Emulation, bei der das Programm im Speicher simuliert wird, ohne allerdings die Kontrolle über den Rechner zu erlangen. Hierbei kann u.A. festgestellt werden, ob der Virus verschlüsselt ist oder welche Interruptfunktionen der Virus genau aufruft. Die heuristische Suche findet unbekannte wie bekannte Viren, kann allerdings Falschmeldungen in "schlecht" programmierten Programmen erzeugen.

Also unsere Erfahrungen haben gezeigt, so dass bis auf einige spezielle Virenscanner kann es eine Menge false positives geben

2.
Tipps und Rat - "Alarm bei Virusfund" für dich, wie du vorgehen solltest wenn ein Anti-Viren oder andere Viren-Schutz-Programm einspringt bzw Funde meldet, oder Dir eine Datei "komisch" vorkommt:
Zitat:
Man sollte NIE die Funde gleich löschen lassen, sondern "Verweigern" oder eventuell "Quarantäne" wählen! Dann kann man ja die Datei bei virustotal prüfen lassen ...warum:

Weil einige Dateien wurden als Malware eingestuft, bedeutet nicht gleich dass sie wirklich schädlich sind. Umgekehrt weil die Überprüfung einiger Arten schädlicher Dateien negative Ergebnisse gebracht haben, bedeutet nicht, dass sie so harmlos sind, wie (oft) dargestellt wird
Also sollte man mit solchen Behauptungen ("verdächtige Verhaltensmuster ") vorsichtig umgehen.
Ausserdem es gibt sehr viele verschiedene Arten von Malware, manche haben das Ziel oder/und Fähigkeiten Systemdateien zu verändern/überschreiben/zerstören. In dem Fall durch die Löschaktion, kannst das System unbrauchbar machen

Daher die von mir empfohlene Vorgehensweise:
- Bei Fundmeldungen, oder wenn Dateien, Programme usw, die Dir komisch vorkommen immer zuerst unter Eigenschaften nach Herkunft schauen, dann bei Virustotal prüfen lassen um eine zweite Meinung einzuholen
- Für weitere Vorgehen erkundige dich lieber bei Fachleuten!
► Hast du sonst noch Probleme?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 30.05.2012, 16:47   #10
MixxdKhaos
 
JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Standard

JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner



Ich würde doch schon gerne Wissen was das für ein Virus war, ob er gefährlich war, oder sonst etwas. Da habe ich doch nach deinem Post die ganzen Logs hineinkopiert.
Ist mein PC jetzt Virenfrei, oder ist da immer noch was drauf?
Hat der Virus mir Passwörter geklaut oder sonst etwas?
Auf was muss ich achten?
Was war mit dem Virus von Eset, mit dem Widgi-Toolbar.

Ich hätte gerne ein paar neue Information, zu dem Virus und meinem System bezüglich, ob dieses noch infiziert ist.


Kann ja eventuell sein das du gerade noch die Logs überprüfst, wenn ja sag mir bitte bescheid.

Wenn ich danach bescheid kriege würde ich dir gerne noch Fragen zu AV-Programmen stellen (eventuell Privat).

Alt 30.05.2012, 17:28   #11
kira
/// Helfer-Team
 
JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Standard

JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner



warum keine Antwort auf meine Frage:
Zitat:
Zitat von kira Beitrag anzeigen
► Hast du sonst noch Probleme?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 30.05.2012, 19:48   #12
MixxdKhaos
 
JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Standard

JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner



Ja, wie soll ich sagen?
Ich hab keine wirklich "richtigen" Probleme erkennen können.
Es ist eigentlich alles so wie immer, mir fällt nichts direkt auf.

Was wären denn Probleme die einem so auffallen können?

Mir fällt folgendes auf:
Wenn ich mein PC neustarte und einfach nur nichts mache, dann schwankt die CPU-Auslastung sogar bis 35% (ungefähr) hoch. Manchmal so oft im 20iger% Bereich.
Man hört aber auch das der Computer arbeitet.

Wenn ich mein Taskmanager beobachte und den nach der CPU-Auslastung sortieren, wenn dann zum Beispiel alles auf 0 steht, springt die CPU-Belastung manchmal auch auf zum Beispiel 21%.

Ich weiß nicht ob das normal ist, aber das ist mir eben aufgefallen das dort so Schwankungen vorhanden sind.

Was auch zu beobachten ist, das sich die CPU-Belastung bis zu 10% aufhält und dann springts kurz zu zum Beispiel 23% und schwankt wieder bis zu 10%.

Ich weiß nicht ob der PC irgendwas updated oder sonst irgendetwas im Hintergrund macht.

PS: 5-10 Minuten nach Neustart sind ebenfalls Schwankungen vorhanden.

Alt 30.05.2012, 23:58   #13
kira
/// Helfer-Team
 
JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Standard

JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner



wenn andauernd ist nicht normal. aber kurzfristig schon. z.B G Data weil ja aktiv, oder während Updates...zu viele Programme/Dienste gleichzeitig starten/laufen...usw

1.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

2.
Lade dir von hier -> TrendMicro™ HijackThis™/Version 2.0.4 herunter
Zitat:
Keine offenen Fenster, solang bis HijackThis läuft!!-> HijackThis starten-> "Do a system scan and save a logfile" klicken (kurz warten) -> das erhaltene Logfile "markieren" -> "kopieren"-> hier in deinem Thread (rechte Maustaste) "einfügen"
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 31.05.2012, 15:48   #14
MixxdKhaos
 
JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Standard

JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner



OTL Logs:

OTL:

Code:
ATTFilter
OTL logfile created on: 31.05.2012 15:23:24 - Run 5
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\*\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: * | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,07 Gb Available Physical Memory | 67,92% Memory free
11,98 Gb Paging File | 9,60 Gb Available in Paging File | 80,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 705,10 Gb Total Space | 571,59 Gb Free Space | 81,06% Space Free | Partition Type: NTFS
Drive L: | 225,31 Gb Total Space | 206,92 Gb Free Space | 91,84% Space Free | Partition Type: NTFS
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.31 15:03:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\EliteKhaos\Desktop\OTL.exe
PRC - [2012.05.26 19:35:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.04.05 05:21:03 | 000,985,592 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.04.05 04:46:46 | 001,538,040 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.27 06:13:00 | 001,470,968 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.01.27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2011.03.25 23:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011.03.25 23:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011.03.25 23:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.10.22 03:00:00 | 002,105,344 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 03:00:00 | 000,376,832 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2010.10.05 09:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe
PRC - [2010.07.27 02:44:03 | 000,137,680 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2009.08.13 17:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.10 16:08:29 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll
MOD - [2012.05.10 16:08:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 16:08:07 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.10 16:08:02 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.10 16:07:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.10 16:07:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 16:07:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 16:07:46 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 16:07:42 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV - [2012.05.26 19:35:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.26 12:49:01 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.13 17:32:58 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.04 19:48:02 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.05 04:46:46 | 001,538,040 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.30 05:09:49 | 001,765,352 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.03.29 04:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.27 06:01:07 | 002,006,872 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.01.27 05:43:33 | 000,468,472 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2011.11.28 23:38:00 | 004,229,912 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.07.05 12:28:46 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.25 23:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.25 23:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.25 23:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.03.25 22:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.10.22 03:00:00 | 000,376,832 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.07.27 02:44:03 | 000,137,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.29 20:43:32 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.05.29 15:36:25 | 000,064,376 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2012.05.29 15:36:04 | 000,122,744 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2012.05.29 15:36:03 | 000,065,912 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2012.05.29 15:36:03 | 000,054,136 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.05.29 14:49:47 | 000,031,448 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GdNetMon64.sys -- (GdNetMon)
DRV:64bit: - [2012.05.23 14:57:05 | 000,059,768 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.07.26 19:49:12 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.25 23:43:06 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.25 23:43:04 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.25 23:41:18 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.25 23:41:08 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 22:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.03.25 20:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 20:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.16 17:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.02.10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.22 03:00:00 | 001,293,824 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusb4.sys -- (fwlanusb4)
DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.09.29 11:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010.09.29 11:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010.02.25 18:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.07.14 15:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.07.01 11:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 DC 9F F4 D5 D7 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.04 19:48:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.01.22 01:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Extensions
[2012.05.28 18:43:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions
[2012.05.21 21:14:52 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.05.18 02:02:03 | 000,000,000 | ---D | M] (WOT) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.01.31 16:04:16 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.30 18:36:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\EliteKhaos\AppData\Roaming\mozilla\Firefox\Profiles\fcq3glza.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.29 15:36:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.23 16:10:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.05.29 15:36:03 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Program Files (x86)\mozilla firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
[2012.05.28 18:43:27 | 000,524,866 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.01.22 01:37:45 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.12 01:51:15 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.04.23 17:29:56 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\ELITEKHAOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FCQ3GLZA.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2012.05.04 19:48:03 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.04 19:48:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Google Translate = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Turn Off the Lights = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.36_0\
CHR - Extension: WOT = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.2.10_0\
CHR - Extension: YouTube = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: AdBlock = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.13_0\
CHR - Extension: Skype Click to Call = C:\Users\EliteKhaos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (BHO) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDD649AA-03C7-4426-931F-D29041BF67BA}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6380e7e7-b077-11e0-918d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6380e7e7-b077-11e0-918d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SYSTEM\AUTOSTRT.EXE
O33 - MountPoints2\{6380e7e7-b077-11e0-918d-806e6f6e6963}\Shell\install1\command - "" = E:\system\Elevate.exe "Start.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.31 15:03:25 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\EliteKhaos\Desktop\OTL.exe
[2012.05.29 20:43:32 | 000,106,648 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.05.29 14:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
[2012.05.29 14:49:53 | 000,064,376 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.05.29 14:49:51 | 000,122,744 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.05.29 14:49:50 | 000,054,136 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.05.29 14:49:47 | 000,065,912 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.05.29 14:49:47 | 000,031,448 | ---- | C] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys
[2012.05.29 14:49:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\G Data
[2012.05.28 18:47:58 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\AppData\Local\ElevatedDiagnostics
[2012.05.28 16:05:04 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\AppData\Roaming\Auslogics
[2012.05.28 16:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012.05.28 16:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2012.05.28 12:07:07 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\AppData\Roaming\GlarySoft
[2012.05.26 23:24:55 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.05.26 19:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.05.26 17:25:24 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\Desktop\festplatte
[2012.05.24 12:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.05.24 12:17:33 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.05.24 12:17:33 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.05.24 12:17:33 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.05.24 12:17:33 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.05.24 12:17:33 | 001,451,840 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2012.05.24 12:17:33 | 000,949,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.05.24 12:17:33 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.05.24 12:17:33 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.05.24 12:17:33 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.05.24 12:17:33 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012.05.24 12:17:33 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[2012.05.24 12:17:32 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.05.24 12:17:32 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.05.24 12:17:32 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.05.24 12:17:32 | 015,322,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.05.24 12:17:32 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.05.24 12:17:32 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.05.24 12:17:32 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.05.24 12:17:32 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.05.24 12:17:32 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.05.24 12:17:32 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.05.24 12:17:32 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.05.24 12:17:32 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.05.24 12:17:32 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012.05.24 12:17:32 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012.05.24 12:14:35 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.05.24 12:14:34 | 006,151,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.05.24 12:14:34 | 003,149,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.05.24 12:14:34 | 002,561,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.05.24 12:14:33 | 000,118,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.05.24 12:13:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.05.24 11:37:57 | 000,000,000 | ---D | C] -- C:\Users\EliteKhaos\AppData\Roaming\LolClient2
[2012.05.24 11:08:35 | 211,927,944 | ---- | C] (NVIDIA Corporation) -- C:\Users\EliteKhaos\Desktop\301.42-desktop-win7-winvista-64bit-international-whql.exe
[2012.05.22 22:20:11 | 000,010,760 | ---- | C] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll
[2012.05.19 15:50:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.19 15:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.19 15:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.16 22:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.16 22:43:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.13 17:32:45 | 008,769,696 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.13 17:24:33 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.10 14:42:20 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012.05.10 14:42:13 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.05.10 14:42:12 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.05.10 14:42:11 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.05.04 19:48:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.04 19:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.31 15:03:26 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\EliteKhaos\Desktop\OTL.exe
[2012.05.31 15:01:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 15:01:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 15:00:25 | 000,661,313 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2012.05.31 15:00:25 | 000,040,294 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2012.05.31 14:54:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.31 14:54:09 | 529,879,039 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.30 22:30:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.30 21:37:00 | 000,103,048 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\SCHRCEEN.jpg
[2012.05.29 22:00:22 | 000,105,149 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\G Data Protokoll ID 8.html
[2012.05.29 20:43:32 | 000,106,648 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2012.05.29 15:36:25 | 000,064,376 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2012.05.29 15:36:04 | 000,122,744 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2012.05.29 15:36:03 | 000,065,912 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2012.05.29 15:36:03 | 000,054,136 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2012.05.29 14:49:47 | 000,031,448 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GdNetMon64.sys
[2012.05.29 14:49:36 | 000,002,134 | ---- | M] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.05.29 14:28:18 | 000,411,144 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\AVCleaner.exe
[2012.05.28 19:31:15 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.05.28 19:31:15 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.28 19:31:00 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.05.28 16:05:01 | 000,001,246 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Auslogics Disk Defrag.lnk
[2012.05.27 23:39:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.05.27 19:45:13 | 041,216,684 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Sido lol.wav
[2012.05.27 12:53:47 | 000,458,606 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\465571_3423174138330_1239520431_50875516_367152366_o.jpg
[2012.05.26 23:24:55 | 000,001,264 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Revo Uninstaller.lnk
[2012.05.26 19:35:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.26 19:09:20 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.05.26 18:35:55 | 001,621,682 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.26 18:35:55 | 000,699,554 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.26 18:35:55 | 000,654,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.26 18:35:55 | 000,149,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.26 18:35:55 | 000,122,330 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.24 12:01:31 | 211,927,944 | ---- | M] (NVIDIA Corporation) -- C:\Users\EliteKhaos\Desktop\301.42-desktop-win7-winvista-64bit-international-whql.exe
[2012.05.23 14:57:05 | 000,059,768 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2012.05.18 22:08:04 | 006,220,854 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\geiles Spiel.bmp
[2012.05.17 21:55:59 | 000,087,641 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\398842_10150969314770259_265621635258_12348106_135464571_n.jpg
[2012.05.16 22:43:33 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.15 12:48:00 | 025,743,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.05.15 12:48:00 | 025,248,064 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.05.15 12:48:00 | 019,607,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.05.15 12:48:00 | 018,044,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.05.15 12:48:00 | 017,551,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.05.15 12:48:00 | 015,322,432 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.05.15 12:48:00 | 010,194,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.05.15 12:48:00 | 008,139,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.05.15 12:48:00 | 008,105,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.05.15 12:48:00 | 005,982,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.05.15 12:48:00 | 002,881,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.05.15 12:48:00 | 002,741,568 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.05.15 12:48:00 | 002,681,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.05.15 12:48:00 | 002,524,992 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.05.15 12:48:00 | 002,445,120 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.05.15 12:48:00 | 002,368,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.05.15 12:48:00 | 001,738,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.05.15 12:48:00 | 001,468,224 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012.05.15 12:48:00 | 000,949,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2012.05.15 12:48:00 | 000,818,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.05.15 12:48:00 | 000,364,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012.05.15 12:48:00 | 000,301,376 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012.05.15 12:48:00 | 000,246,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.05.15 12:48:00 | 000,202,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.05.15 12:48:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.05.15 12:48:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.05.15 12:48:00 | 000,014,324 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.05.15 11:29:46 | 002,561,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2012.05.15 11:29:46 | 000,118,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2012.05.15 11:29:46 | 000,063,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012.05.15 11:29:45 | 002,621,723 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.05.15 11:29:25 | 003,149,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2012.05.15 11:28:42 | 006,151,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2012.05.15 02:21:50 | 000,423,744 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.14 21:45:56 | 000,000,219 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Dota 2.url
[2012.05.14 17:44:53 | 001,445,562 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Foto0229.jpg
[2012.05.14 17:44:50 | 001,390,320 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\Foto0230.jpg
[2012.05.13 17:32:56 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.13 17:32:56 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.13 17:32:45 | 008,769,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.05.12 20:42:36 | 000,029,874 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\IMG324.jpg
[2012.05.10 16:03:41 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.06 16:46:01 | 000,049,548 | ---- | M] () -- C:\Users\EliteKhaos\Desktop\36590_298249763590954_161202623962336_682640_1426911667_n.jpg
 
========== Files Created - No Company Name ==========
 
[2012.05.30 21:37:00 | 000,103,048 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\SCHRCEEN.jpg
[2012.05.29 22:00:22 | 000,105,149 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\G Data Protokoll ID 8.html
[2012.05.29 14:49:36 | 000,002,134 | ---- | C] () -- C:\Users\Public\Desktop\G Data InternetSecurity.lnk
[2012.05.29 14:28:15 | 000,411,144 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\AVCleaner.exe
[2012.05.28 16:05:01 | 000,001,246 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Auslogics Disk Defrag.lnk
[2012.05.27 19:41:38 | 041,216,684 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Sido lol.wav
[2012.05.27 12:53:47 | 000,458,606 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\465571_3423174138330_1239520431_50875516_367152366_o.jpg
[2012.05.26 19:09:20 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2012.05.26 19:08:47 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.26 19:08:45 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.24 12:19:01 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.05.18 22:08:04 | 006,220,854 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\geiles Spiel.bmp
[2012.05.17 21:55:59 | 000,087,641 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\398842_10150969314770259_265621635258_12348106_135464571_n.jpg
[2012.05.16 22:43:33 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.05.14 21:45:56 | 000,000,219 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Dota 2.url
[2012.05.14 17:44:24 | 001,445,562 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Foto0229.jpg
[2012.05.14 17:44:24 | 001,390,320 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\Foto0230.jpg
[2012.05.13 17:24:33 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.12 20:42:22 | 000,029,874 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\IMG324.jpg
[2012.05.06 16:46:01 | 000,049,548 | ---- | C] () -- C:\Users\EliteKhaos\Desktop\36590_298249763590954_161202623962336_682640_1426911667_n.jpg
[2012.03.31 15:17:49 | 000,017,408 | ---- | C] () -- C:\Users\EliteKhaos\AppData\Local\WebpageIcons.db
[2012.03.31 12:04:11 | 000,034,067 | ---- | C] () -- C:\ProgramData\1333188245.bdinstall.bin
[2012.03.31 12:00:31 | 000,105,309 | ---- | C] () -- C:\ProgramData\1333187960.bdinstall.bin
[2012.03.30 12:37:05 | 000,643,126 | ---- | C] () -- C:\ProgramData\1333101582.bdinstall.bin
[2012.03.22 18:37:29 | 000,171,408 | ---- | C] () -- C:\ProgramData\1332434173.bdinstall.bin
[2011.12.10 23:23:50 | 000,007,660 | ---- | C] () -- C:\Users\EliteKhaos\AppData\Local\Resmon.ResmonCfg
[2011.10.13 22:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.10.07 17:09:21 | 000,100,712 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011.07.19 17:35:10 | 001,598,576 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.18 11:50:14 | 000,661,313 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
 
========== LOP Check ==========
 
[2012.03.09 20:52:55 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\.minecraft
[2012.03.19 21:46:21 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Amazon
[2012.05.28 16:05:04 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Auslogics
[2012.01.22 20:46:19 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Canon
[2012.03.25 22:42:25 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\DVDVideoSoft
[2011.07.17 21:19:59 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.28 12:07:34 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\GlarySoft
[2011.08.23 20:28:13 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\gtk-2.0
[2012.01.25 21:12:07 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\KeePass
[2011.09.01 14:29:36 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Leadertech
[2011.09.11 16:16:39 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\LolClient
[2012.05.24 11:37:57 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\LolClient2
[2011.10.21 16:29:46 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\OpenOffice.org
[2011.12.03 17:09:52 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Opera
[2011.11.08 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Origin
[2012.03.30 12:06:52 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\QuickScan
[2012.01.28 01:22:32 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\redsn0w
[2012.05.27 21:22:35 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Spotify
[2012.03.15 22:05:51 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\TeamViewer
[2012.03.10 20:42:19 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\Teeworlds
[2012.05.28 18:14:40 | 000,000,000 | ---D | M] -- C:\Users\EliteKhaos\AppData\Roaming\TS3Client
[2012.05.14 13:48:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Extras:

Code:
ATTFilter
OTL Extras logfile created on: 31.05.2012 15:23:24 - Run 5
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\*\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: * | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,07 Gb Available Physical Memory | 67,92% Memory free
11,98 Gb Paging File | 9,60 Gb Available in Paging File | 80,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 705,10 Gb Total Space | 571,59 Gb Free Space | 81,06% Space Free | Partition Type: NTFS
Drive L: | 225,31 Gb Total Space | 206,92 Gb Free Space | 91,84% Space Free | Partition Type: NTFS
 
Computer Name: * | User Name: * | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04AA84BC-DC77-47A1-9867-7527FE178BDB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{08B15CB0-A7E2-45D8-BB1D-3324FD1D0D01}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{104D41F5-757B-48D1-93C2-0228FF4BBE35}" = rport=138 | protocol=17 | dir=out | app=system | 
"{105B5D00-537D-4E07-A32C-CAF3FB4ED825}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{29C893DB-9B59-4647-ACF4-610A18D9C220}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{2E90111D-A274-4987-8321-B5734178193D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{347CB284-1C35-4925-B0A0-93F5A2808155}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3ED47800-2616-41BB-ACFF-88B562673543}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{50DB9B01-D717-4A34-B541-DAC3F937088C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5645A018-F8BE-45CA-AB4C-53FC00D4E8A4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{58DA98F8-C638-49A2-B01D-48EE5A78E6DB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5925994B-4A22-4307-BBC3-F33708C6B796}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5F2ED97F-1766-4404-8490-56F3FD47C887}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7434D30C-688C-45FF-B1B2-FB109DC6384E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8E64B1D6-86F6-40AC-BA3E-AC811E47C990}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{92C584E9-67A8-4CB0-8191-2981078C8FCE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9D3BCCFE-7E1D-43EC-84BC-A15DBE6C5DBA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9F247645-D2F6-46C1-8290-0565E7E5409C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BF85A3FC-84EA-4F5B-9440-38037884B5FA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{E10700B1-7263-458B-A776-E765EF1B5E90}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F145B88C-776F-4BB4-9FA6-AF0634ECD40E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F57DB9FA-EF95-4785-8EFC-CE15393E777B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F8C871B7-4C6E-438D-A5FD-7A78DBAE7BEC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FE0C6115-1683-4083-B011-3A952B5A0E8A}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02F5A12A-64D8-4D0B-A3E0-508220EA3BFC}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{0608386A-FF1C-4BB0-9D50-91E8F3E8E5C2}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{06429892-38E8-42F4-AEF9-324D1A19656C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{069120DA-A656-4B2F-87AC-F89BE5612D7D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0986DF7C-0647-4712-AFE2-44E03477BD72}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{0A2E75BE-038F-4649-A2E3-1F4711D6FE16}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0B5C3048-56FD-48C1-8AE7-DDFB51124D85}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0F17D666-7E48-4812-A406-4B57FCD7C717}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{144F5479-59F9-4F26-BBD2-FE6E9964A740}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{16FFAA17-C3BC-4490-A272-5BF820CB5749}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1AA5A23F-5E8D-49E1-8508-451DD1D406F8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{2136DBD1-FD25-4BE4-B170-F116D644ED9E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{24A50211-6234-4BB3-859F-F397C50EDA78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{25445A28-40B3-46EF-AAAA-20BEDB58244A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{2DFB9AAC-00C0-4DCE-B985-57074D20098E}" = protocol=6 | dir=out | app=system | 
"{315D0801-8A80-41BB-A727-BF419A7168DF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe | 
"{403579AF-109C-407B-B213-3A8B6D2120EF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4233E9BB-24A6-4482-A568-2B2C48F00828}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{468B7FC7-2C0A-4544-B0B8-21820F7FEF69}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4C03B504-FDFF-488E-8EE8-8383471FDB38}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{530EE76C-6891-409E-99ED-C3C16A28F6E7}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{54D36BE8-9C4F-4342-9EBA-63F2071D3B50}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{6393E8CD-E150-4662-8571-D7DB21CD5121}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{71415946-14E9-4704-9BDC-722649CAD360}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{727157BE-7349-4A5E-ADC4-A8356876ABFE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{751E5168-CAD3-46A4-B962-AA3948C06479}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{7A0AEEED-8596-4615-8291-5FD900EEFD44}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7A9D0C65-22BD-4EDF-9D10-380B14F5DDB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7C915F83-76E7-4440-97B2-8E7CAEEBDF42}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{7E5D6D6C-36AC-4740-A580-FB58E826452B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{83BFC6B5-12C7-4409-99B9-60EB9AF2F18C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{8DDFE914-1BB6-48D1-814A-8327146B3FAB}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{938A7F02-065A-4CC2-97B5-B8E4FD75E3AA}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{957DDE6E-1516-4619-9D37-E70390BFCE82}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{9DABA9ED-7320-4F16-B6DE-7686AB888794}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\railworks\railworks.exe | 
"{A31B3E28-71E6-4BF4-B555-EA13B4B081C2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{A5620EA6-97E3-45C3-81F8-213BAFC77F4E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A79069E5-4F4A-485F-971F-731D9DA9B369}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{AD4A092E-7636-4B46-B373-90BE438F00D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ADC44675-B783-49DD-BF21-01F932819EB7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AE49FC42-B307-4021-B602-03AEE0D261F2}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{AE897A1D-53C6-4D09-994C-1CA306CCFB9F}" = protocol=6 | dir=in | app=c:\users\elitekhaos\appdata\roaming\spotify\spotify.exe | 
"{BA4D3E7C-AB85-44CC-8471-8B15C61FD750}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{BD132494-08CB-4E04-95A7-637AEAD70073}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C12FC598-9434-4D8B-8637-CC5598F42F0B}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C1805C4B-D979-4009-B7C9-8A7F5598E14A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{C426BD3E-BEC2-4F89-BB52-554D971E677C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{C7441C0F-D5F4-462A-9625-6DAEB25D52C0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C8F2BB62-6064-431F-87EC-FADA908D0812}" = protocol=17 | dir=in | app=c:\users\elitekhaos\appdata\roaming\spotify\spotify.exe | 
"{C90E4F11-425E-473F-80D5-F9E21FAA976E}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{CDC58BBA-70C8-4383-AC55-980EFABD5179}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{D60716E3-7C57-4E0E-8A1C-0594C51C4D30}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D7D75846-0785-4CF7-A5A7-F0E835587956}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E418F427-48D0-4FDC-A8E0-032EBA3C2DFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E998F48D-DD3C-4ADF-94CA-C6EF84F608BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F0D600D8-C675-4B5C-A814-B7EF232ED6BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F5C51D08-DED6-40D2-9150-3198277C23A5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F687C8BD-9166-4BF2-B1AD-F4556AF9B1D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F7B5FA31-C787-4EBF-AA48-331AAB7C96B5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F9454E24-7AC2-42EB-A40C-1A989C187D08}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{FF0C2A15-CEA4-4068-B779-925F6C9EF6E6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX360_series" = Canon MX360 series MP Drivers
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{27607A94-33AC-4AA7-AACE-95AF6ACA3E30}" = Logitech G35
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6CC95B76-D380-46B2-9022-9353938E48BA}" = Logitech GamePanel Software 3.03.133
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{6006059E-013D-4B77-BC5C-4DD5E4A6570D}" = G Data InternetSecurity 2012
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVMWLANCLI" = AVM FRITZ!WLAN
"Canon MX360 series Benutzerregistrierung" = Canon MX360 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.17.319
"HijackThis" = HijackThis 2.0.2
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.1" = Canon MP Navigator EX 4.1
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.94
"Speed Dial Utility" = Canon Kurzwahlprogramm
"Steam App 12900" = Audiosurf
"Steam App 240" = Counter-Strike: Source
"Steam App 24010" = Train Simulator 2012
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 570" = Dota 2
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 1.1.11
"VMware_Workstation" = VMware Workstation
"WinLiveSuite" = Windows Live Essentials
"Wubi" = Ubuntu
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.05.2012 13:36:54 | Computer Name = EliteKhaos-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9236
 
Error - 28.05.2012 13:36:54 | Computer Name = EliteKhaos-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9236
 
Error - 29.05.2012 07:54:34 | Computer Name = EliteKhaos-PC | Source = GDFwSvc | ID = 0
Description = Couldn't create Object of class GDFwSvc.PacketQueueList (error code:
 0x800401f3)
 
Error - 29.05.2012 08:29:10 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "G Data AntiVirus Proxy" konnte nicht
 heruntergefahren werden.
 
Error - 29.05.2012 08:29:10 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "G Data Personal Firewall" konnte nicht
 heruntergefahren werden.
 
Error - 29.05.2012 08:29:10 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "G Data Dateisystem Wächter" konnte 
nicht heruntergefahren werden.
 
Error - 29.05.2012 08:29:10 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "G Data Scanner" konnte nicht heruntergefahren
 werden.
 
Error - 29.05.2012 08:32:57 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "G Data AntiVirus Proxy" konnte nicht
 neu gestartet werden.
 
Error - 29.05.2012 08:32:57 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "G Data Scanner" konnte nicht neu gestartet
 werden.
 
Error - 29.05.2012 08:32:57 | Computer Name = EliteKhaos-PC | Source = Microsoft-Windows-RestartManager | ID = 10007
Description = Die Anwendung oder der Dienst "G Data Scheduler" konnte nicht neu 
gestartet werden.
 
[ System Events ]
Error - 28.05.2012 06:12:00 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "G Data Personal Firewall" wurde unerwartet beendet. Dies ist
 bereits 1 Mal passiert.
 
Error - 28.05.2012 10:48:20 | Computer Name = EliteKhaos-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 28.05.2012 12:47:23 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Audio" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 28.05.2012 12:47:23 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "DHCP-Client" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 28.05.2012 12:47:23 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows-Ereignisprotokoll" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 28.05.2012 12:47:23 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Heimnetzgruppen-Anbieter" wurde unerwartet beendet. Dies
 ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 28.05.2012 12:47:23 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" wurde unerwartet beendet. 
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 28.05.2012 12:47:23 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Sicherheitscenter" wurde unerwartet beendet. Dies ist 
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 28.05.2012 12:48:23 | Computer Name = EliteKhaos-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Windows-Audio" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 29.05.2012 08:31:03 | Computer Name = EliteKhaos-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
HiJackThis:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:46:37, on 31.05.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Logitech\G35\G35.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\EliteKhaos\Downloads\HiJackThis204(4).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: BHO - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-2068484904-2886543410-424464898-1007\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2068484904-2886543410-424464898-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12517 bytes
         
MfG
MixxdKhaos

Alt 31.05.2012, 22:00   #15
kira
/// Helfer-Team
 
JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Standard

JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner



1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählenHäckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen
Code:
ATTFilter
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-2068484904-2886543410-424464898-1007\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
         
2.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!

► Wie läuft es denn jetzt?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner
aktion, appdata, cache, ccleaner, data, datei, daten, durchgeführt, entfernt, firefox, frage, fragen, fund, gdata, gefährlich, interne, js redirector vi, komplett, löschen, mozilla, scan, security, trojaner, virenfund, virenscan, virus, vorhanden, wirklich



Ähnliche Themen: JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner


  1. Trojan.RS.Redirector.BMV
    Plagegeister aller Art und deren Bekämpfung - 13.01.2015 (7)
  2. Mozilla meldet Dieser Vorgang wurde aufgrund von Einschränkungen abgebrochen, die für diesen Computer gelten, und ne Menge Mailware gefunden
    Log-Analyse und Auswertung - 22.04.2014 (2)
  3. Alle rechte meines Rechners, für Ordner, Unterordner und Dateien wurden übernohmen worden über eine Unbekanntes konto
    Überwachung, Datenschutz und Spam - 03.07.2013 (9)
  4. js:Redirector-ACH
    Plagegeister aller Art und deren Bekämpfung - 25.11.2012 (0)
  5. JS/Redirector.WH
    Log-Analyse und Auswertung - 10.08.2012 (37)
  6. js redirector.b virus
    Plagegeister aller Art und deren Bekämpfung - 29.01.2012 (17)
  7. JS/Redirector.GZ.1 - Was ist das ?
    Plagegeister aller Art und deren Bekämpfung - 19.07.2011 (1)
  8. Video aus Unterordner auf dem Desktop startet selbstständig
    Log-Analyse und Auswertung - 10.05.2011 (20)
  9. Virus => Ordner + Unterordner geleert
    Plagegeister aller Art und deren Bekämpfung - 01.03.2011 (22)
  10. JS/Redirector.455
    Plagegeister aller Art und deren Bekämpfung - 31.01.2010 (4)
  11. Trojaner: JS:Redirector-H3
    Log-Analyse und Auswertung - 25.01.2010 (4)
  12. Virenscanner funktionieren nicht mehr , Mozilla spinnt - H8RST Files gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.01.2010 (9)
  13. JS/Redirector.455
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (38)
  14. Wie? Wo? Was? JS/Redirector.455!
    Plagegeister aller Art und deren Bekämpfung - 05.11.2009 (3)
  15. Mozilla ständig Fehler:Server nicht gefunden
    Log-Analyse und Auswertung - 14.09.2009 (1)
  16. JS:Redirector H2 [tr]
    Plagegeister aller Art und deren Bekämpfung - 17.05.2009 (5)
  17. TR/Redirector.E
    Plagegeister aller Art und deren Bekämpfung - 12.11.2008 (3)

Zum Thema JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner - Hallo, ich benutze derzeit G Data InternetSecurity 2013. Eben gerade hab ich einen Virenscan durchgeführt und es kam ein Virenfund bei raus. Diesen Virus hab ich dann mit der Aktion - JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner...
Archiv
Du betrachtest: JS:Redirector-VI [Trj] gefunden im Mozilla Unterordner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.