Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner inkl. "Wasserbild"

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.07.2012, 17:28   #1
Thraciel
 
GVU Trojaner inkl. "Wasserbild" - Standard

GVU Trojaner inkl. "Wasserbild"



Hallo Gemeinde,
ich habe mir heute den allseits beliebten GVU Trojaner eingefangen.

Natürlich, wie sollte es anders sein mitten in der Prüfungszeit -.-

Bin ihn so weit wieder losgeworden, da alte Anleitungen noch funktionieren:
PC per Hauptschalter ausgeschalten, dann hat wie so oft eine Applikation das Herunterfahren verhindert. Daher konnte ich dieses mit "Abbrechen" unterbrechen und meine Registry durchsuchen. Da fiel mir dann auch eine Datei in die Hände, die im "Run" Ordner nichts verloren hat, aber im abgesicherten Modus nicht zu sehen war. Also diese gelöscht inkl. Schlüssel in der Registry.
Nach einem Scan mit Spybot S&D dann neu gestartet und siehe da, bis auf eine Fehlermeldung von einer fehlenden 0_0u_l.exe (Das angegebene Modul wurde nicht gefunden) Datei keine Spur mehr und mein Desktop ist wieder zu sehen.

Allerdings bin ich mir nicht ganz sicher ob nicht doch noch Spuren zu finden sind, daher anbei mal die zwei Logfiles:



Gibt es noch was zu tun?

Vielen Dank im Voraus!

OTL.txt
[Spoiler]OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.07.2012 16:29:51 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Andy\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 45,96% Memory free
8,00 Gb Paging File | 5,70 Gb Available in Paging File | 71,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 3,42 Gb Free Space | 7,00% Space Free | Partition Type: NTFS
Drive D: | 273,34 Gb Total Space | 252,62 Gb Free Space | 92,42% Space Free | Partition Type: NTFS
Drive E: | 322,72 Gb Total Space | 58,90 Gb Free Space | 18,25% Space Free | Partition Type: NTFS
Drive F: | 184,06 Gb Total Space | 126,53 Gb Free Space | 68,75% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 488,95 Gb Free Space | 52,49% Space Free | Partition Type: NTFS
Drive N: | 1397,26 Gb Total Space | 108,83 Gb Free Space | 7,79% Space Free | Partition Type: NTFS
 
Computer Name: THRACIEL | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Andy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Andy\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe (Facebook)
PRC - F:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - F:\Program Files (x86)\Evernote\Evernote\Evernote.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - F:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
PRC - C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe ()
PRC - F:\Program Files (x86)\3S CoDeSys\GatewayPLC\ServiceControl.exe (3S-Smart Software Solutions GmbH)
PRC - F:\Program Files (x86)\3S CoDeSys\GatewayPLC\GatewaySysTray.exe (3S-Smart Software Solutions GmbH)
PRC - F:\Program Files (x86)\3S CoDeSys\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH)
PRC - F:\Program Files (x86)\3S CoDeSys\GatewayPLC\CoDeSysControlSysTray.exe (3S-Smart Software Solutions GmbH)
PRC - F:\Program Files (x86)\3S CoDeSys\GatewayPLC\CoDeSysControlService.exe (3S-Smart Software Solutions GmbH)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software)
PRC - F:\Program Files (x86)\Mindjet\MindManager 10\MmDesignPartner.exe ()
PRC - F:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe (DT Soft Ltd)
PRC - F:\Program Files (x86)\KeePass Password Safe\KeePass.exe (Dominik Reichl)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - F:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - F:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - F:\Program Files (x86)\GmoteServer\GmoteServer.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Andy\AppData\Local\Facebook\Messenger\2.1.4554.0\CefSharp.dll ()
MOD - C:\Users\Andy\AppData\Local\Facebook\Messenger\2.1.4554.0\CefSharp.WinForms.dll ()
MOD - C:\Users\Andy\AppData\Local\Facebook\Messenger\2.1.4554.0\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - F:\Program Files (x86)\Evernote\Evernote\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\wfvie12.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\rsguiwinapi47.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\wsteu12.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\rscorewinapi47.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\wgui12.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\wcore12.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\wauff12.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\wreli12.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\rsodbc47.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\rsdcom47.dll ()
MOD - F:\Program Files (x86)\Evernote\Evernote\libtidy.dll ()
MOD - F:\Program Files (x86)\Evernote\Evernote\libxml2.dll ()
MOD - F:\Program Files (x86)\Evernote\Evernote\avformat-52.dll ()
MOD - F:\Program Files (x86)\Evernote\Evernote\avcodec-52.dll ()
MOD - F:\Program Files (x86)\Evernote\Evernote\avutil-50.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtsqlrs47.dll ()
MOD - C:\Program Files (x86)\Fieldston Software\gSyncit\gSyncit.core.dll ()
MOD - F:\Program Files (x86)\Mindjet\MindManager 10\MmDesignPartner.exe ()
MOD - F:\Program Files (x86)\Mindjet\MindManager 10\Mindjet.UsageLog.Sender.dll ()
MOD - F:\Program Files (x86)\Mindjet\MindManager 10\Mindjet.UsageLog.Common.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtcluceners47.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\phononrs47.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtwebkitrs47.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qttestrs47.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtscriptrs47.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtsvgrs47.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtguirs47.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qt3supportrs47.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtnetworkrs47.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtxmlrs47.dll ()
MOD - F:\Program Files (x86)\Buhl finance\tax Steuersoftware 2012\qtcorers47.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - F:\Program Files (x86)\GmoteServer\GmoteServer.exe ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libx264_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\avcodec-51.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libxml2-2.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libiconv-2.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libfreetype-6.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libgcrypt-11.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libfontconfig-1.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libz-1-2.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libgpg-error-0.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvorbis_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtaglib_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtheora_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtwolame_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libts_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvod_rtsp_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvout_directx_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvisual_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libty_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvobsub_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libwaveout_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvcd_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libwingdi_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtransform_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libyuy2_i420_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtelnet_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libwall_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libxtag_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libyuy2_i422_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libwav_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvoc_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtta_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvmem_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libvc1_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libwave_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libxa_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtrivial_channel_mixer_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libugly_resampler_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtrivial_resampler_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libtrivial_mixer_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libqt4_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libskins2_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmkv_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libschroedinger_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsdl_image_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libswscale_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmod_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpng_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmp4_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpostproc_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmpgatofixed32_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_ts_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libspeex_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libplaylist_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_rtp_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libspatializer_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_ps_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libportaudio_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_mp4_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libogg_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpanoramix_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsap_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librc_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_asf_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_h264_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_transcode_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_standard_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libremoteosd_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librealaudio_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libps_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmosaic_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libreal_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsubtitle_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_ogg_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librtp_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsubsdec_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_avi_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librss_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_vc1_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsubsusf_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_mpeg4video_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libopengl_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_mosaic_bridge_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmotiondetect_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpuzzle_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libnuv_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libosd_parser_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpva_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_mpegvideo_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libspudec_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsmf_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librotate_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libosdmenu_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmono_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmpeg_audio_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libscreen_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsvcdsub_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librawvid_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpsychedelic_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_duplicate_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_bridge_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstats_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libscaletempo_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libparam_eq_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libntservice_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libnsv_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_es_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libquicktime_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmpga_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsimple_channel_mixer_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libshout_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librealvideo_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librawdv_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libripple_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpodcast_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libnsc_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libnormvol_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmsn_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_gather_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_display_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libsharpen_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libscale_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librawvideo_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_wav_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libpacketizer_copy_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libnoise_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_mpjpeg_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmotionblur_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_autodel_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libshowintf_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmux_dummy_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmpgv_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_description_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libt140_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\librv32_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libstream_out_dummy_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libspdif_mixer_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblive555_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libvlccore.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libavformat_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcaca_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgnutls_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_output_shout_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libfaad_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblua_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libflac_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdvdnav_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgoom_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdshow_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdtstofloat32_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libbda_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblibmpeg2_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdvdread_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdvbsub_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libatmo_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libfreetype_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_rgb_sse2_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\libvlc.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libhttp_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libkate_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblibass_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libasf_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libavcodec_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_mms_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libavi_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libid3tag_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_http_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_rgb_mmx_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libflacsys_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcmml_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_rtmp_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liba52tofloat32_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_realrtsp_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdeinterlace_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcdda_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libblend_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaudioscrobbler_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaudio_format_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_ftp_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdirect3d_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_rgb_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libequalizer_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_filter_timeshift_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_smb_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_filter_record_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_yuy2_sse2_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libbandlimited_resampler_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libhotkeys_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libadjust_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi422_yuy2_sse2_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdmo_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libglwin32_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaraw_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libconverter_float_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgradient_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblogo_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaout_directx_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcrop_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcc_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libadpcm_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libextract_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_yuy2_mmx_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdolby_surround_decoder_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmagnify_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdummy_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_directory_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmarq_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi422_yuy2_mmx_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcinepak_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_output_udp_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi422_yuy2_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_yuy2_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdts_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblogger_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libheadphone_channel_mixer_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libexport_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcroppadd_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgaussianblur_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libfake_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liberase_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcvdsub_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libclone_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libbluescreen_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmjpeg_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgestures_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liba52_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libimage_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_output_http_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblinear_resampler_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcolorthres_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcdg_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libblendbench_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaout_file_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaiff_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdtssys_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_filter_dump_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmemcpymmxext_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmemcpymmx_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmemcpy3dn_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi422_i420_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libcanvas_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_file_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_fake_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liba52sys_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libm4a_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liblpcm_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgrey_yuv_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libgrain_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libfloat32_mixer_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdtstospdif_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libau_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libalphamask_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_udp_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_filter_bandwidth_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libm4v_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_ymga_mmx_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libh264_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdemuxdump_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libconverter_fixed_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_output_file_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libchain_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_tcp_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libinvert_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libfolder_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libdemux_cdg_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\liba52tospdif_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libi420_ymga_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libmemcpy_plugin.dll ()
MOD - F:\Program Files (x86)\GmoteServer\bin\VLC\plugins\libaccess_output_dummy_plugin.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (NgVpnMgr) -- C:\Windows\SysNative\ngvpnmgr.exe (Aventail Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (CoDeSys ServiceControl) -- F:\Program Files (x86)\3S CoDeSys\GatewayPLC\ServiceControl.exe (3S-Smart Software Solutions GmbH)
SRV - (CoDeSys Gateway V3) -- F:\Program Files (x86)\3S CoDeSys\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH)
SRV - (CoDeSys Control Win V3) -- F:\Program Files (x86)\3S CoDeSys\GatewayPLC\CoDeSysControlService.exe (3S-Smart Software Solutions GmbH)
SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (Microsoft SharePoint Workspace Audit Service) -- F:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (OpcEnum) -- C:\Windows\SysWOW64\OpcEnum.exe (OPC Foundation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (NgVpn) -- C:\Windows\SysNative\drivers\ngvpn.sys (Aventail Corporation)
DRV:64bit: - (NgLog) -- C:\Windows\SysNative\drivers\nglog.sys (Aventail Corporation)
DRV:64bit: - (NgWfp) -- C:\Windows\SysNative\drivers\ngwfp.sys (Aventail Corporation)
DRV:64bit: - (NgFilter) -- C:\Windows\SysNative\drivers\ngfilter.sys (Aventail Corporation)
DRV:64bit: - (dvdfab) -- C:\Windows\SysNative\drivers\dvdfab.sys (Fengtao Software Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Plc)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Plc)
DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (Ph3xIB64) -- C:\Windows\SysNative\drivers\Ph3xIB64.sys (NXP Semiconductors)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AmdLLD64) -- C:\Windows\SysNative\drivers\AmdLLD64.sys (Advanced Micro Devices)
DRV:64bit: - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV:64bit: - (amdide64) -- C:\Windows\SysNative\drivers\amdide64.sys (Advanced Micro Devices)
DRV - (AODDriver4.01) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\SysWOW64\drivers\snpstd3.sys (Sonix Co. Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 58 13 30 2E 58 CD 01  [binary data]
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\..\SearchScopes,DefaultScope = {5DA96EE5-A1B4-4302-8F20-4C5DEB41E74F}
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\..\SearchScopes\{5DA96EE5-A1B4-4302-8F20-4C5DEB41E74F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: F:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: F:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ptc.com/ProductViewLite: C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll (PTC)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Andy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Andy\AppData\Local\Facebook\Messenger\2.1.4554.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 20:54:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.19 20:54:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.12.08 20:05:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Extensions
[2012.07.02 08:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ykr2l8mc.default\extensions
[2012.05.17 21:26:36 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ykr2l8mc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.06.15 18:55:28 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ykr2l8mc.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012.05.18 17:31:51 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Andy\AppData\Roaming\mozilla\Firefox\Profiles\ykr2l8mc.default\extensions\ich@maltegoetz.de
[2012.01.03 11:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.02 08:38:32 | 000,525,327 | ---- | M] () (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YKR2L8MC.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011.12.08 20:07:57 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YKR2L8MC.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.04.02 15:27:06 | 000,027,841 | ---- | M] () (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YKR2L8MC.DEFAULT\EXTENSIONS\MOZREPL@HYPERSTRUCT.NET.XPI
[2012.02.06 20:57:40 | 000,088,244 | ---- | M] () (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YKR2L8MC.DEFAULT\EXTENSIONS\SENDTOPHONE@MARTINEZDELIZARRONDO.COM.XPI
[2012.02.06 20:57:40 | 000,008,470 | ---- | M] () (No name found) -- C:\USERS\ANDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YKR2L8MC.DEFAULT\EXTENSIONS\TAGEXT@MICHAELLIEBWEIN.DE.XPI
[2012.06.19 20:54:05 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.19 20:54:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.19 20:54:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.19 20:54:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.19 20:54:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.19 20:54:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.19 20:54:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Andy\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: ProductView (Enabled) = C:\Program Files (x86)\Common Files\PTC\np6_pvapplite9.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Andy\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Andy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = F:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = F:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - Extension: Google Drive = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\5.4_0\
CHR - Extension: Google Drive = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6_0\
CHR - Extension: James White = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3_0\
CHR - Extension: YouTube = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google+ Benachrichtigungen = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi\1.0.1.424_0\
CHR - Extension: Google+ Benachrichtigungen = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi\1.0.1.619_0\
CHR - Extension: Google-Suche = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Kalender = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: SENDtoREADER for Google Chrome\u2122 = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhdkebeidngpdomidhocbjgjbfbpdbdh\1.0.1_0\
CHR - Extension: Google +1-Schaltfl\u00E4che = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.1.2.424_0\
CHR - Extension: Google Maps = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.4_0\
CHR - Extension: Google Mail-Checker = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Google Mail = C:\Users\Andy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHOX64.dll (Sophos Plc)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - F:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AMD_Display]  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] F:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CoDeSysControlSysTray] F:\Program Files (x86)\3S CoDeSys\GatewayPLC\CoDeSysControlSysTray.exe (3S-Smart Software Solutions GmbH)
O4 - HKLM..\Run: [GatewaySysTray] F:\Program Files (x86)\3S CoDeSys\GatewayPLC\GatewaySysTray.exe (3S-Smart Software Solutions GmbH)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe (Sophos Plc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [DAEMON Tools Lite] F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [Facebook Update] C:\Users\Andy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe (Fieldston Software)
O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [KeePass Password Safe] F:\Program Files (x86)\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [MmDesignPartner.exe] F:\Program Files (x86)\Mindjet\MindManager 10\MmDesignPartner.exe ()
O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [Spotify Web Helper] C:\Users\Andy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [SpybotSD TeaTimer] F:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001..\Run: [Steam] F:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\calibre - E-book management.lnk = F:\Program Files (x86)\Calibre2\calibre.exe ()
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Andy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = F:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk = F:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Andy\AppData\Local\Facebook\Messenger\2.1.4554.0\FacebookMessenger.exe (Facebook)
O4 - Startup: C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GmoteServer.lnk = F:\Program Files (x86)\GmoteServer\GmoteServer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - F:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8:64bit: - Extra context menu item: An OneNote s&enden - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Bild an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Link an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Seite an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Text an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Add to Evernote 4.0 - F:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: An OneNote s&enden - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Link an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - F:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Text an MindManager senden - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - F:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - F:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @F:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @F:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp_64.dll (Sophos Plc)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82DCF2C7-9CDF-4980-9E9C-18A97D72FCF4}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 - No CLSID value found
O18:64bit: - Protocol\Filter\video/x-flv - No CLSID value found
O18 - Protocol\Filter\video/mp4 - No CLSID value found
O18 - Protocol\Filter\video/x-flv - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (Sophos Plc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Plc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - F:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.02 16:22:16 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2012.06.27 12:58:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2012.06.26 20:46:58 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\MusicBrainz
[2012.06.26 20:44:02 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\TagScanner
[2012.06.26 20:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
[2012.06.26 20:06:29 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\pdfforge
[2012.06.26 20:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.06.26 20:06:27 | 000,662,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCT2.OCX
[2012.06.26 20:06:27 | 000,095,232 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.06.26 20:06:26 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2012.06.26 20:06:26 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL
[2012.06.26 20:06:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2012.06.26 20:06:26 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2012.06.26 19:24:41 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XMind
[2012.06.26 19:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind
[2012.06.25 15:00:21 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.06.25 15:00:21 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.06.24 14:59:13 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012.06.19 14:52:24 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.19 14:52:24 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.19 14:52:23 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012.06.19 14:51:55 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012.06.19 14:51:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012.06.17 19:35:34 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Macromedia
[2012.06.17 17:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.17 17:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.06.17 17:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2012.06.17 16:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.06.17 16:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.06.17 16:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.06.15 20:16:10 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Programme
[2012.06.15 20:15:37 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Spiele
[2012.06.15 17:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2012.06.14 17:42:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.14 17:42:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.14 17:42:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.14 17:42:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.14 17:42:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.14 17:42:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.14 17:42:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.14 17:42:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.14 17:42:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.14 17:42:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.14 17:42:15 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.14 17:42:14 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.14 17:42:13 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.14 17:40:45 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.14 17:40:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.14 17:40:45 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.14 17:39:36 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.14 17:39:30 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.14 17:39:29 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.14 17:39:18 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.14 17:39:17 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.14 17:38:49 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.11 21:04:16 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\GetFoldersize
[2012.06.11 21:03:20 | 002,369,456 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.CommandBars.v13.4.2.ocx
[2012.06.11 21:03:20 | 001,005,088 | ---- | C] (Bennet-Tec Information Systems, Inc) -- C:\Windows\SysWow64\TList8.ocx
[2012.06.11 21:03:20 | 000,171,752 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtRTF2.ocx
[2012.06.11 21:03:20 | 000,086,016 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtSplitter.ocx
[2012.06.11 21:03:20 | 000,044,736 | ---- | C] (Michael Thummerer Software Design) -- C:\Windows\SysWow64\mtSubclass.dll
[2012.06.11 21:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetFoldersize
[2012.06.11 00:49:48 | 000,000,000 | ---D | C] -- C:\Users\Andy\Documents\Meine empfangenen Dateien
[2012.06.11 00:34:39 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\{273A0F53-25A5-4D73-9EEF-BC70A2D26EBB}
[2012.06.11 00:34:28 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\{F47A77FA-E564-43F9-9F4C-D5B1FAFF5FF7}
[2012.06.11 00:21:49 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Windows Live
[2012.06.11 00:21:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012.06.08 17:57:06 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Evernote
[2012.06.07 19:13:06 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\ABBYY
[2012.06.07 19:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY PDF Transformer 3.0
[2012.06.07 19:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2012.06.07 19:05:30 | 000,050,456 | ---- | C] (Tracker Software Products Ltd.) -- C:\Windows\SysNative\pxc40pma.dll
[2012.06.05 17:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hewlett-Packard
[2012.06.05 17:27:55 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2012.06.04 17:35:16 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012.06.04 17:35:16 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012.06.04 17:35:16 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012.06.04 17:35:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.06.04 17:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.06.04 17:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012.06.04 17:34:32 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Apple
[2012.06.04 17:34:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.06.04 17:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.06.04 17:33:17 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.06.04 17:33:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.06.04 17:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.06.04 17:33:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.06.03 12:28:18 | 000,000,000 | ---D | C] -- C:\Users\Andy\Documents\OpenTTD
[2012.06.03 12:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenTTD
[2012.06.03 11:11:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Railroad Tycoon 3
[1 C:\Users\Andy\Desktop\*.tmp files -> C:\Users\Andy\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.02 16:28:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001UA.job
[2012.07.02 16:26:32 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 16:26:32 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 16:22:46 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe
[2012.07.02 16:16:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.02 16:16:06 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.02 15:38:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad
[2012.07.02 15:12:16 | 000,001,879 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.02 13:57:02 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001UA.job
[2012.07.02 07:45:16 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001Core.job
[2012.07.02 07:32:12 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001Core.job
[2012.06.27 14:26:12 | 000,072,022 | ---- | M] () -- C:\Users\Andy\Desktop\DoubleFacePalm.jpg
[2012.06.26 20:44:00 | 000,000,726 | ---- | M] () -- C:\Users\Andy\Desktop\TagScanner.lnk
[2012.06.26 20:06:34 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.06.26 20:06:34 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.06.26 19:24:41 | 000,000,675 | ---- | M] () -- C:\Users\Andy\Desktop\XMind.lnk
[2012.06.24 14:59:16 | 000,001,335 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.06.17 17:57:26 | 000,001,285 | ---- | M] () -- C:\Users\Andy\Desktop\6. Semester - Verknüpfung.lnk
[2012.06.17 17:11:46 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.06.17 17:11:01 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012.06.17 16:28:55 | 000,001,577 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.17 16:24:01 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.06.17 16:24:01 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.06.17 14:57:06 | 000,554,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.15 21:27:16 | 000,001,394 | ---- | M] () -- C:\Users\Andy\Desktop\Andy Scans.lnk
[2012.06.15 19:40:06 | 000,000,764 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
[2012.06.15 06:51:42 | 000,095,232 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.06.14 18:11:29 | 001,634,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 18:11:29 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 18:11:29 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 18:11:29 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 18:11:29 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.08 17:58:34 | 000,000,773 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012.06.08 17:56:57 | 000,000,659 | ---- | M] () -- C:\Users\Andy\Desktop\Evernote.lnk
[2012.06.07 23:14:05 | 000,020,434 | ---- | M] () -- C:\Users\Andy\Documents\Rollo-Andy-Thraciel.opt
[2012.06.07 23:14:05 | 000,000,718 | ---- | M] () -- C:\Users\Andy\Documents\Rollo-AllUsers.opt
[2012.06.04 17:21:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.06.03 18:16:19 | 000,001,048 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.03 00:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012.06.03 00:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012.06.03 00:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[1 C:\Users\Andy\Desktop\*.tmp files -> C:\Users\Andy\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.02 15:12:16 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad
[2012.07.02 15:12:16 | 000,001,879 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.27 14:26:10 | 000,072,022 | ---- | C] () -- C:\Users\Andy\Desktop\DoubleFacePalm.jpg
[2012.06.26 20:46:34 | 000,000,857 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
[2012.06.26 20:44:00 | 000,000,726 | ---- | C] () -- C:\Users\Andy\Desktop\TagScanner.lnk
[2012.06.26 20:06:34 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.06.26 20:06:34 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.06.26 19:24:41 | 000,000,675 | ---- | C] () -- C:\Users\Andy\Desktop\XMind.lnk
[2012.06.17 17:57:26 | 000,001,285 | ---- | C] () -- C:\Users\Andy\Desktop\6. Semester - Verknüpfung.lnk
[2012.06.17 17:11:46 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.06.17 17:11:01 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012.06.17 17:11:01 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2012.06.17 16:28:55 | 000,001,577 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.06.15 21:27:16 | 000,001,394 | ---- | C] () -- C:\Users\Andy\Desktop\Andy Scans.lnk
[2012.06.15 19:40:06 | 000,000,764 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk
[2012.06.08 17:58:34 | 000,000,773 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012.06.08 17:56:57 | 000,000,659 | ---- | C] () -- C:\Users\Andy\Desktop\Evernote.lnk
[2012.06.05 17:54:13 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2012.06.04 17:34:31 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.06.04 17:21:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.06.03 18:16:19 | 000,001,048 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.05.06 19:16:54 | 000,000,780 | ---- | C] () -- C:\Windows\wiso.ini
[2012.05.06 14:07:31 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012.05.03 16:32:43 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.02 13:30:59 | 000,000,218 | ---- | C] () -- C:\Users\Andy\AppData\Local\recently-used.xbel
[2012.04.24 14:53:08 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012.04.24 14:53:08 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012.04.24 14:53:07 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012.04.24 14:53:07 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012.04.24 14:53:07 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012.04.20 08:56:50 | 000,005,305 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\flexadmin.xml
[2012.03.27 14:19:00 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.27 14:19:00 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.13 22:20:31 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.02.28 00:05:35 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2012.02.28 00:05:29 | 000,356,352 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2012.02.28 00:05:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2012.02.28 00:05:29 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd3.dll
[2012.02.28 00:05:29 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2012.02.28 00:05:29 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2012.02.14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.01.31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.24 21:07:36 | 000,000,032 | ---- | C] () -- C:\Users\Andy\.simfy
[2011.12.27 15:42:36 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.12.08 19:46:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.22 05:36:10 | 000,215,112 | ---- | C] () -- C:\Windows\ngmsi.dll
[2011.09.22 05:34:00 | 000,021,064 | ---- | C] () -- C:\Windows\ngutil.exe
[2011.04.09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.05.17 16:37:46 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\.minecraft
[2011.12.13 18:26:35 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Aventail
[2012.05.07 07:33:47 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Buhl Data Service
[2012.03.26 20:19:22 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\calibre
[2012.03.21 17:32:17 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Canneverbe Limited
[2012.05.05 13:29:48 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\CoDeSys
[2011.12.27 17:24:59 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Cornelsen
[2011.12.14 20:48:58 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DAEMON Tools Lite
[2012.07.02 16:27:16 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Dropbox
[2012.03.27 22:18:38 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\FreePDF
[2012.06.11 21:05:09 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\GetFoldersize
[2012.06.26 20:11:21 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\gSyncit
[2012.01.24 18:55:00 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\HTC
[2012.04.02 15:36:15 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\KeePass
[2012.04.11 18:40:20 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MAGIX
[2012.06.26 20:46:58 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MusicBrainz
[2012.05.06 13:33:38 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\MyPhoneExplorer
[2012.05.03 18:33:37 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\OnlineHelp
[2012.05.28 15:56:05 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Opera
[2012.06.26 20:09:31 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\pdfforge
[2012.06.21 07:22:09 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PTC
[2012.01.24 21:07:35 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Simfy
[2011.12.09 00:05:10 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Sinvise Systems
[2012.07.02 14:51:35 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Spotify
[2012.06.26 20:44:02 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TagScanner
[2012.03.24 11:11:43 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Titanium
[2012.07.02 07:32:12 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001Core.job
[2012.07.02 13:57:02 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001UA.job
[2012.05.28 15:35:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

[/QUOTE]
Extras.txt
Zitat:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 02.07.2012 16:29:51 - Run 1
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Andy\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 45,96% Memory free
8,00 Gb Paging File | 5,70 Gb Available in Paging File | 71,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,83 Gb Total Space | 3,42 Gb Free Space | 7,00% Space Free | Partition Type: NTFS
Drive D: | 273,34 Gb Total Space | 252,62 Gb Free Space | 92,42% Space Free | Partition Type: NTFS
Drive E: | 322,72 Gb Total Space | 58,90 Gb Free Space | 18,25% Space Free | Partition Type: NTFS
Drive F: | 184,06 Gb Total Space | 126,53 Gb Free Space | 68,75% Space Free | Partition Type: NTFS
Drive H: | 931,51 Gb Total Space | 488,95 Gb Free Space | 52,49% Space Free | Partition Type: NTFS
Drive N: | 1397,26 Gb Total Space | 108,83 Gb Free Space | 7,79% Space Free | Partition Type: NTFS
 
Computer Name: THRACIEL | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-4228586425-1612734724-1101849170-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "F:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "F:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "F:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "F:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" = 
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1996ACE0-DE22-4009-B679-191B85F20116}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1C070EDD-9DDE-4321-A403-DAEC0B9FB3D0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1FE0AD13-B630-4E73-9CCF-5D6BF7621ED5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{21618653-3123-417A-8BFB-91A216567EB5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{239AECA6-52F6-405D-B18E-0AF06A4FD2F3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2AE401FA-449B-44E6-A511-C104EBDFA646}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2BE061CB-4DC4-4EF4-97BB-A7912646183D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3637E4D6-0163-4689-90A0-B53AE1C055CB}" = lport=6004 | protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office14\outlook.exe | 
"{3808FBEE-7512-470A-B1DC-9DA25281EA65}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{43672BBD-0B52-4936-BAF5-32911E1CEE5E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{48F5DE70-C4A4-4EA7-8428-94F71F5F872B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{50B7902F-D065-4D85-AA73-92A3F7D02BAF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5A3EBFE3-D5B4-4422-8E54-CAFF4E88FE11}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{612FEFB4-69DF-40AD-B78F-3B5164B6823A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{88C5A028-C372-42D6-AC4D-25676FBC17F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AA2C77F2-0282-456A-A74B-7FEB515E90D1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AEC73A32-A264-4B0E-80DE-51B5DA118437}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BF02BF43-0690-48B4-82F6-AA170229ABE0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CD6FF0EF-77F4-4125-9179-A8049B4B6D8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D4F8DB27-932C-486E-9BD6-D36E902324D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F4E2DE13-2636-477D-B564-D7E746E68679}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F535ED61-8BC2-45CF-8308-D9A44633F3A7}" = lport=10243 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E25BBB-A41F-464F-A30F-67658A5073EA}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{02D27107-5E36-4B7A-B9FC-AFF375799FB0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{08BDE621-EF6B-44F3-8BF5-BE71BAB174A6}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{0A32C003-C48C-411D-AFE7-9EDE8004B102}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{0AA32760-B303-4E07-A98C-B72F8C39C030}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{0C0D03E8-AC07-4BA5-852D-FB12CF330196}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1003596C-A20D-47E8-A499-3A6967D5F8C0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{12159769-D799-408E-9828-6990A457AC07}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{17F38E5E-0F6E-4118-BF96-93DE436A5B07}" = protocol=6 | dir=in | app=f:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{18EDD4F2-0BFD-41CB-B810-314C59912298}" = protocol=6 | dir=out | app=system | 
"{1EB2B03B-E84B-4B4D-950A-20B338393020}" = protocol=17 | dir=in | app=f:\program files (x86)\3s codesys\gatewayplc\codesyshmi.exe | 
"{28023761-C1E0-4BC0-AEBC-BC7074368133}" = protocol=6 | dir=in | app=f:\program files (x86)\gnucash\bin\gconfd-2.exe | 
"{2D576166-83C4-4B5C-B17C-D3EACD0D39A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{31EAB3A1-AF8F-42CB-B43D-15802A1CE149}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{358EA1B5-8BBC-4B2D-AEFB-6641947AEDFA}" = protocol=6 | dir=in | app=f:\program files (x86)\3s codesys\codesys\common\codesys.exe | 
"{38EA8B17-2A21-42EF-B1EE-C9537AEE82BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{39FB8302-0F85-4C18-A41F-DF65765A61CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B0CBFF1-0DAF-45F1-9E34-1B462439D140}" = protocol=17 | dir=in | app=c:\windows\syswow64\gateway.exe | 
"{3C69524B-8B4C-4BAC-9EA1-C1E858C51943}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{40084C11-C212-4A24-BEA6-FC9F8637BE6C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{41FE5279-65D2-48F2-8B39-57B763EFDDA5}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{429200A1-B1BC-4A55-885E-C8D05437DB00}" = protocol=6 | dir=in | app=f:\program files (x86)\3s codesys\codesys\common\ipmcli.exe | 
"{445714CE-2EFD-4B4D-902A-18DFD00B681B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{50D27C80-202A-45CC-BBCF-FE726CE0E1E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5352380F-B324-46FD-93E8-A8058203017A}" = dir=in | app=c:\users\andy\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{54CB87EA-CF95-459B-BF52-21E57A7435A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5832E2E3-8CCB-4FE5-AD58-55F66B8FC3CE}" = protocol=6 | dir=in | app=f:\program files (x86)\3s codesys\gatewayplc\gatewayservice.exe | 
"{5B209A8D-A40D-43FB-8558-3A2998AF51C2}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{5D4B1A29-B444-460B-818D-65B6A3C3ED66}" = protocol=17 | dir=in | app=f:\program files (x86)\3s codesys\codesys\common\reptool.exe | 
"{5DDC91A5-841D-47FE-98A9-58EA8E4064D9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5FF31737-2C19-4ECA-ACD5-00E0B8331829}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steam.exe | 
"{65DA8F56-0F92-4419-8073-D3F5AB512932}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office14\groove.exe | 
"{65DF9ECB-49DD-4742-84F4-4D8014847321}" = protocol=6 | dir=in | app=f:\program files (x86)\gnucash\bin\gnucash.exe | 
"{6FF5AF31-33C7-45EB-AFAA-EE49AD70C7F9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{74FD8ACF-57D0-4568-9688-84972FB2097D}" = protocol=17 | dir=in | app=c:\windows\syswow64\gatewaydde.exe | 
"{76C34EC4-78CE-4B62-B9DC-B4BC6A85FA50}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{774AFF54-C6CB-41B6-A0DA-73228D290240}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steam.exe | 
"{7769388B-90E1-4D02-9DB7-4B63717C2773}" = protocol=17 | dir=in | app=f:\program files (x86)\3s codesys\gatewayplc\gatewayservice.exe | 
"{79316388-047D-4E21-95FD-75133D889C92}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{7EE372AF-A9D3-4367-A5A7-E2A9DDDB6E0B}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office14\groove.exe | 
"{81D09D8C-A1A6-49E2-B80C-DE353F2CFB06}" = protocol=17 | dir=in | app=f:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{86E0481C-D051-4F58-8196-29E4725E34C1}" = protocol=6 | dir=in | app=c:\windows\syswow64\gateway.exe | 
"{8B6645DD-45BF-41B7-A53D-137AAB31D540}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B702E2C-1C3B-4CB2-9788-A2FC268108ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8C571521-8B36-4DB2-B0BC-C28DB1D2C670}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8D048FA7-FDCC-4636-BC1D-F660CD397A4A}" = protocol=6 | dir=in | app=c:\windows\syswow64\gatewaydde.exe | 
"{8DB12324-D8BD-4548-9D6A-5093D1EC4C50}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{92A013E5-F01E-47F7-80F0-61691FEF27F5}" = protocol=6 | dir=in | app=f:\program files (x86)\3s codesys\codesys\common\reptool.exe | 
"{9C6B741F-10B3-4CED-8CCB-CAAAA3C627C1}" = protocol=6 | dir=in | app=f:\program files (x86)\3s codesys\gatewayplc\codesyscontrolservice.exe | 
"{9DD1B9C5-CE72-4E3E-BFBE-A4BA71022FD6}" = protocol=17 | dir=in | app=f:\program files (x86)\3s codesys\codesys\common\codesys.exe | 
"{AC72DCF7-44EA-4EC4-B0EF-814971154B8F}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\devicesetup.exe | 
"{AF40F33E-84AA-4158-AFE3-3FE28F115099}" = protocol=6 | dir=in | app=f:\program files (x86)\3s codesys\gatewayplc\codesyshmi.exe | 
"{B229E293-62ED-4726-A8C0-6421C07BF0DF}" = protocol=6 | dir=in | app=c:\users\andy\appdata\roaming\dropbox\bin\dropbox.exe | 
"{B3933322-CF97-47BA-AA45-05C9C944CFB4}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{B55DD43C-1745-4B40-B13C-DD0B7E3016D1}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{B56B7DC9-1C46-47CE-8BC9-34257F0962C2}" = dir=in | app=f:\program files (x86)\itunes\itunes.exe | 
"{BEA242D1-E8A0-4EE2-AB06-113558CFBE0E}" = protocol=17 | dir=in | app=f:\program files (x86)\3s codesys\codesys\common\ipmcli.exe | 
"{C2D9CF99-0DCB-4E45-8FFA-78E850C96E46}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"{C3A76D88-BFC4-44F6-AD5E-6E17067A9E67}" = protocol=6 | dir=in | app=f:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{C79B49E5-5C63-4DF2-8799-623857475A94}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CA45CA0D-C9E4-441B-B24B-17DC61D74A84}" = protocol=6 | dir=in | app=f:\program files (x86)\microsoft office\office14\onenote.exe | 
"{CD61FBE8-502E-4A77-93AF-EE0E4206591C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CE290578-F8A7-47DE-9587-3AF94C966700}" = dir=in | app=f:\program files (x86)\ptc\pvx\i486_nt\obj\productview.exe | 
"{CFF2F72D-DD85-43C4-93AD-A5E338C140CA}" = protocol=17 | dir=in | app=f:\program files (x86)\gnucash\bin\gnucash.exe | 
"{D08CAC69-F900-4005-A247-7BF259F699CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D2190221-4642-4D38-ABAB-662F18954A3E}" = protocol=17 | dir=in | app=f:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{D6465DB1-49BE-41A6-96B1-E2D9AB9B303E}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{D8EE695D-B299-45FF-A762-16D51F693298}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{DB65A62F-C1AA-438B-B78C-0BF10C4E5C44}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{DBA20CB0-1EE2-462C-BC4E-FA11402E0BA0}" = protocol=17 | dir=in | app=f:\program files (x86)\gnucash\bin\gconfd-2.exe | 
"{E2404F79-A751-4A12-ADB5-E7467B53D48A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E5343AB4-2AB9-42CD-86D2-56B549AFBD9E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E9CB1616-A0D3-474B-B1E0-FBAC4938F5DA}" = protocol=17 | dir=in | app=c:\users\andy\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F3B0F6BD-873C-4DE4-9A6A-22E1742BBC18}" = protocol=17 | dir=in | app=f:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F5617EDA-628F-4BE7-A15A-3427C1F8DCB1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F633FAE3-DC23-419D-8B7B-86A5671C7866}" = protocol=17 | dir=in | app=f:\program files (x86)\3s codesys\gatewayplc\codesyscontrolservice.exe | 
"TCP Query User{0793E976-38C1-469B-89FB-B6EE46F59955}C:\users\andy\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\andy\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{19B7E952-45AB-4CB5-9C8B-E56260AEF7D3}C:0\spiele\batman arkham city\bmn\batman2\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=c:0\spiele\batman arkham city\bmn\batman2\binaries\win32\batmanac.exe | 
"TCP Query User{242F3B77-801E-4921-B523-60AF6ED3390B}F:\program files (x86)\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=f:\program files (x86)\fifa 12\game\fifa.exe | 
"TCP Query User{264DDAD9-C3E8-4476-AFF6-A9788127473F}H:\spiele\batman arkham city\bmn\batman2\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=h:\spiele\batman arkham city\bmn\batman2\binaries\win32\batmanac.exe | 
"TCP Query User{31724388-BDAA-4176-9945-95CA1BF625FA}F:\program files (x86)\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=f:\program files (x86)\musicbrainz picard\picard.exe | 
"TCP Query User{49A73CDE-F95E-4531-9CB2-E698D31BD988}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"TCP Query User{55177BED-1961-41B1-A8C6-B4597F18E84E}F:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=f:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{577B8B20-BFE4-4DD7-B638-545C5F886AF6}C:\users\andy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\andy\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{79054D7F-9173-4007-A8EC-24C936719182}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{8EF3F416-5627-488E-9402-B52D5B60AECD}F:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=6 | dir=in | app=f:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe | 
"TCP Query User{9F1A51E4-14B4-45CA-BB8D-A875981FD70C}F:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=6 | dir=in | app=f:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe | 
"TCP Query User{A4EEF820-920D-4AFF-BEC0-0A346443CDEC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{CD37AD96-3302-4457-B6E6-A95479DCF9AE}F:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=6 | dir=in | app=f:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe | 
"TCP Query User{E0D35BA7-B92B-471B-8F01-EEA02FBC5FD2}F:\program files (x86)\steam\steamapps\kayrne89\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\kayrne89\counter-strike source\hl2.exe | 
"TCP Query User{E4A42B10-9372-4B83-ADE2-E080B302377F}F:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=f:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{0C13FB2F-8142-4AF5-A49D-11A81986FAF8}C:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet pro 8500 a910\bin\hpnetworkcommunicator.exe | 
"UDP Query User{26B3F340-CB5B-4C6C-9D9D-D347DC55DBE1}C:\users\andy\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\andy\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{36E01B4C-BEFC-43C0-AB80-1EBA746F267E}H:\spiele\batman arkham city\bmn\batman2\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=h:\spiele\batman arkham city\bmn\batman2\binaries\win32\batmanac.exe | 
"UDP Query User{5BB430AC-A2A8-40AD-BBFF-2ED897E9FAD0}F:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=f:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{5DE39B1D-9DC9-4741-805B-432EFBA66D4A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{62D44973-5F50-41D7-95FB-715C0339C3AB}C:\users\andy\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\andy\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{6705BEAF-3B83-474A-840A-2AC05B2D14CF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{86939A72-127B-42A3-90F6-8F11C9EF6041}F:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe" = protocol=17 | dir=in | app=f:\program files\creo elements\pro schools edition\x86e_win64\obj\xtop.exe | 
"UDP Query User{9A9D25D0-857F-4E0A-A870-E0E3C0268124}F:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=f:\program files (x86)\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{BF3A3131-976A-46CB-A385-9C067ED49EDE}F:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe" = protocol=17 | dir=in | app=f:\program files\creo elements\pro schools edition\x86e_win64\nms\nmsd.exe | 
"UDP Query User{C35AF9DC-C766-4347-A465-F12EC96C562C}C:0\spiele\batman arkham city\bmn\batman2\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=c:0\spiele\batman arkham city\bmn\batman2\binaries\win32\batmanac.exe | 
"UDP Query User{E923084E-BF26-4665-8D00-85E0A81F6605}F:\program files (x86)\steam\steamapps\kayrne89\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\kayrne89\counter-strike source\hl2.exe | 
"UDP Query User{F38ABB3A-9E20-48FA-9F53-494AA635331D}F:\program files (x86)\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=f:\program files (x86)\fifa 12\game\fifa.exe | 
"UDP Query User{F929DE74-04A2-4A25-A06B-704028722518}F:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe" = protocol=17 | dir=in | app=f:\program files\creo elements\pro schools edition\x86e_win64\obj\pro_comm_msg.exe | 
"UDP Query User{FF9FF4AE-7D93-4D42-8877-4B27921B8BF4}F:\program files (x86)\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=f:\program files (x86)\musicbrainz picard\picard.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21C069F9-8BC5-4A24-9C8B-7D33E5645E09}" = Studie zur Verbesserung von HP Officejet Pro 8500 A910 Produkten
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders
"{551F4187-F029-4240-DEF9-836B5E43CB29}" = AMD Fuel
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8F30C52-D992-4077-8A77-30ED12B6244C}" = Creo Thumbnail Viewer 1.0
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C338ACAC-7162-42E3-8B8C-85E5746F4A2E}" = Aventail Connect
"{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In 
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E0FE1E14-3A7A-4DB0-9FFA-0DD945AE84DB}" = HP Officejet Pro 8500 A910 - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9232528-EA5C-4DA0-B8BE-637A70E9E673}" = ProductView Express 9.1
"{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Creo Elements/Pro Schools Edition Release 5.0 Datecode M080" = Creo Elements/Pro Schools Edition Release 5.0 Datecode M080
"GPL Ghostscript 9.05" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"PDF-XChange 3_is1" = PDF-XChange 3
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0BE73D3C-B5AF-11E1-933A-984BE15F174E}" = Evernote v. 4.5.7
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13D324E9-9DB1-478D-944C-28BBE1BB80DC}" = HP Officejet Pro 8500 A910 Hilfe
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3031A053-DC97-4D03-9179-BF6F98F63FA2}" = Wunderlist
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{36E15666-43C1-91A7-0281-498F9D383B2C}" = simfy
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{49993B6D-4D78-4A55-9390-15E63BCE83F6}" = AMD Power Monitor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{531336A9-55EB-4367-8064-7180849D5676}" = calibre
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5928359F-BF46-4646-BF19-B64E55171EB5}" = FILSHtray
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5B5F2D4C-3B63-4EEF-A881-CFD39E8D9C47}" = MAGIX Screenshare
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{61A8696A-465C-45C7-94A5-312A64FC58C3}" = Mindjet MindManager 2012
"{64991936-8873-7243-6337-338254618644}" = Pflanzen gegen Zombies
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{6D1FAE3E-7A6F-4045-BBF5-55DB4C5FB5FD}" = MAGIX Online Druck Service
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Hilfe
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90932C65-D68E-4257-AEE8-EBBFC36AC601}" = KENWOOD Music Editor Light
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{932E632D-0FCA-4624-8D30-2BF9B4DE54FA}" = gSyncit
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A7709081-CE4E-4339-A727-F88E648F92FA}_is1" = Oblivion Improved 1.41
"{A8AF728F-2EE8-4322-96B3-656CAD1F7805}" = Facebook Messenger 2.1.4554.0
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X
"{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}" = Mobipocket Creator 4.2
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = AMD VISION Engine Control Center
"{B5BC0FE6-29E8-4583-AA3E-AD8623CF3A51}" = MAGIX Xtreme Foto & Grafik Designer 5 (Silver)
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D4150B7E-2B18-43E1-89DF-34F1565CB7EF}" = CoDeSys V3.5 Patch 4
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D85B0C49-754F-47FA-81CB-0C541D4084E2}" = MAGIX Foto Manager 10
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DC6B4110-394D-45B9-A677-BA495D84CA63}" = Shutdown Timer
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = PC Camera-UA0072
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Blobby Volley 2 Version 1.0RC1_is1" = Blobby Volley 2 Version 1.0RC1
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"Duraprint net" = Duraprint net
"DVDFab Passkey 8_is1" = DVDFab Passkey 8.0.5.6 (17/03/2012)
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"Eastern Front" = Eastern Front
"Fifa 12 (c) Electronic Arts_is1" = Fifa 12 (c) Electronic Arts version 1
"FreePDF_XP" = FreePDF (Remove only)
"Genius Physik" = Genius Physik (remove only)
"Genius Politik" = Genius Politik
"GetFoldersize_is1" = GetFoldersize 2.5.10
"GnuCash_is1" = GnuCash 2.4.10
"Google Calendar Sync" = Google Calendar Sync
"InstallShield_{D4150B7E-2B18-43E1-89DF-34F1565CB7EF}" = CoDeSys V3.5 Patch 4
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.21
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"MAGIX_MSI_XtremeGrafik5_Silver" = MAGIX Xtreme Foto & Grafik Designer 5 (Silver)
"Minecraft Cracked" = Minecraft Cracked
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"MusicBrainz Picard" = MusicBrainz Picard
"Oblivion mod manager_is1" = Oblivion mod manager 1.1.12
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenTTD" = OpenTTD 1.2.1
"Opera 11.64.1403" = Opera 11.64
"Simfy" = simfy
"SopCast" = SopCast 3.4.8
"Steam App 240" = Counter-Strike: Source
"Steam App 72850" = The Elder Scrolls V: Skyrim
"TagScanner_is1" = TagScanner 5.1.612
"VLC media player" = VLC media player 1.1.11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"XMind" = XMind
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-4228586425-1612734724-1101849170-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Wizard101(DE)_is1" = Wizard101(DE)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.06.2012 09:52:23 | Computer Name = Thraciel | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.06.2012 09:52:23 | Computer Name = Thraciel | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1045
 
Error - 29.06.2012 09:52:23 | Computer Name = Thraciel | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1045
 
Error - 29.06.2012 09:52:24 | Computer Name = Thraciel | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.06.2012 09:52:24 | Computer Name = Thraciel | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2044
 
Error - 29.06.2012 09:52:24 | Computer Name = Thraciel | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2044
 
Error - 29.06.2012 09:52:25 | Computer Name = Thraciel | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 29.06.2012 09:52:25 | Computer Name = Thraciel | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3058
 
Error - 29.06.2012 09:52:25 | Computer Name = Thraciel | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3058
 
Error - 02.07.2012 04:36:27 | Computer Name = Thraciel | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4f6cfb24  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4fb52e6c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x59dee36c
ID
 des fehlerhaften Prozesses: 0x23ec  Startzeit der fehlerhaften Anwendung: 0x01cd5829deeeecc3
Pfad
 der fehlerhaften Anwendung: f:\program files (x86)\steam\steamapps\kayrne89\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 0342de22-c421-11e1-80fc-415645000030
 
[ System Events ]
Error - 02.07.2012 09:21:27 | Computer Name = Thraciel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.07.2012 09:21:27 | Computer Name = Thraciel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.07.2012 09:21:27 | Computer Name = Thraciel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.07.2012 09:21:27 | Computer Name = Thraciel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.07.2012 09:21:27 | Computer Name = Thraciel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.07.2012 09:21:27 | Computer Name = Thraciel | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 02.07.2012 09:31:59 | Computer Name = Thraciel | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IPBusEnum erreicht.
 
Error - 02.07.2012 09:32:20 | Computer Name = Thraciel | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 02.07.2012 09:32:20 | Computer Name = Thraciel | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 02.07.2012 10:20:55 | Computer Name = Thraciel | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IPBusEnum erreicht.
 
 
< End of report >
         
--- --- ---
Und Malwarebyte im Scan:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.02

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Andy :: THRACIEL [Administrator]

Schutz: Deaktiviert

02.07.2012 17:49:42
mbam-log-2012-07-02 (17-49-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207485
Laufzeit: 3 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Geändert von Thraciel (02.07.2012 um 18:04 Uhr)

Alt 04.07.2012, 09:04   #2
Thraciel
 
GVU Trojaner inkl. "Wasserbild" - Standard

GVU Trojaner inkl. "Wasserbild"



push..............
__________________


Alt 12.07.2012, 00:53   #3
t'john
/// Helfer-Team
 
GVU Trojaner inkl. "Wasserbild" - Standard

GVU Trojaner inkl. "Wasserbild"





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\..\SearchScopes,DefaultScope = {5DA96EE5-A1B4-4302-8F20-4C5DEB41E74F} 
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\..\SearchScopes\{5DA96EE5-A1B4-4302-8F20-4C5DEB41E74F}: "URL" = http://www.google.de/search?q={searchTerms} 
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-4228586425-1612734724-1101849170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 
CHR - plugin: Google Update (Enabled) = C:\Users\Andy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [AMD_Display] File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O32 - HKLM CDRom: AutoRun - 1 
[2012.07.02 16:28:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001UA.job 
[2012.07.02 15:38:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\l_u0_0.pad 
[2012.07.02 15:12:16 | 000,001,879 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012.07.02 15:12:16 | 004,503,728 | ---- | C] () -- C:\ProgramData\l_u0_0.pad 
[2012.07.02 15:12:16 | 000,001,879 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk 
[2012.07.02 07:45:16 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001Core.job 

:Files
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001UA.job
C:\ProgramData\l_u0_0.pad
C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4228586425-1612734724-1101849170-1001Core.job

:Commands
ipconfig /flushdns /c
[emptytemp]
[emptyflash]
[resethosts]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
__________________

Alt 22.07.2012, 00:57   #4
t'john
/// Helfer-Team
 
GVU Trojaner inkl. "Wasserbild" - Standard

GVU Trojaner inkl. "Wasserbild"



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU Trojaner inkl. "Wasserbild"
0_0u_l.exe, 7-zip, applikation, autorun, bonjour, cftmon.lnk, codejock software, das angegebene modul wurde nicht gefunden, dateisystem, document, explorer, fehlermeldung, firefox 13.0.1, flash player, google, go_0molg.pad, gvu trojaner, gvu trojaner entfernen, gvu trojaner mit webcam, heuristiks/extra, heuristiks/shuriken, home, install.exe, langs, limited.com/facebook, microsoft office word, monitor, officejet, plug-in, politik, registry, rundll, safer networking, searchscopes, security, senden, spotify web helper, svchost.exe, tracker, trojaner, udp, webcam gvu trojaner, webcamfenster, win64, windows



Ähnliche Themen: GVU Trojaner inkl. "Wasserbild"


  1. "Suspicious.Cloud.9" (Trojaner) und "SAPE.DnwldSponsor.2" (Virus?, vielleicht False Positive)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2015 (23)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. Trojaner-Warnung! Im Betreff: "Die Zahlung fur…" und "Dankeschon fur das Einkaufen mit uns heute! Ihre Bestellung wird derzeit verarbeitet."
    Diskussionsforum - 25.07.2014 (0)
  4. Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (77)
  5. Mozilla Firefox öffnet neue Tabs, die mit "123srv" beginnen inkl. hyperlinks auf Internetseiten
    Log-Analyse und Auswertung - 09.04.2014 (3)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  8. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  9. Virenbefall: Exploits und "Java-Virus" inkl Logs
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (4)
  10. Gerade GVU Trojaner mit Webcam "gehabt", ist es wirklich dank Malewarebytes weg? Wo ist die "Lücke"?
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (23)
  11. Startseite fehlerhaft, stets "NatWest" (www.nwolb.com) Trojaner "Trojan.ZBotR.Gen" gefunden
    Log-Analyse und Auswertung - 02.04.2012 (28)
  12. Trojaner "Es besteht keine Internetverbindung" - "REATOGO X-PE Desktop" wird nicht angezeigt
    Plagegeister aller Art und deren Bekämpfung - 05.02.2012 (19)
  13. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  14. Antivir findet Trojaner: "TR/Crypt.ZPACK.Gen (trojan)" - Was nun? (inkl. Hjackthis-File)
    Plagegeister aller Art und deren Bekämpfung - 17.06.2010 (1)
  15. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  16. Bitte um Hilfe - "System Alert Popup" - HJT-Log inkl.
    Log-Analyse und Auswertung - 04.02.2007 (1)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema GVU Trojaner inkl. "Wasserbild" - Hallo Gemeinde, ich habe mir heute den allseits beliebten GVU Trojaner eingefangen. Natürlich, wie sollte es anders sein mitten in der Prüfungszeit -.- Bin ihn so weit wieder losgeworden, da - GVU Trojaner inkl. "Wasserbild"...
Archiv
Du betrachtest: GVU Trojaner inkl. "Wasserbild" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.