Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.12.2012, 10:42   #1
Nephyl
 
Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert. - Standard

Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert.



Hallo,

Ich habe seit ein paar Tagen einen Bundestrojaner, der sogar die Webcam anschaltet.Der ist sehr hartnäckig. Ich schaffe es manchmal (so wie jetzt) mit ein paar Tricks wieder ins Sytem hinein zukommen. Eine einfache Systemwiederherstellung hat leider nicht funktioniert.

Ich habe hier bereits hinein geschaut:
http://www.trojaner-board.de/120690-...er-webcam.html

Ich denke, das wird genau der Trojaner sein, der auch mir zu schaffen macht.

Ich wollte erst das Skript einfach kopieren, bis ich gelesen habe, dass es nur für speziell diese Person geschrieben wurde. (Habe selber nicht die größte Ahnung von Computern)

Das sind meine Rechner Informationen:

Aspire AX3960

Betriebssystem: Windows 7 Home Premium 64-bit

Prozessor: Intel Core i5 processor 2310

Memory: 6GB DDR3

Hard Drive: 1.5TB

NVIDIA GeForce GT530

So, hab jetzt einfach mal alles reingeschrieben.

Ich freue mich über jede Hilfe. Ich bitte um Berücksichtigung, meiner mangelnden Fähigkeiten


Mag keiner helfen? =(

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.12.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [Administrator]

Schutz: Aktiviert

12.12.2012 13:21:59
mbam-log-2012-12-12 (13-21-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 526019
Laufzeit: 1 Stunde(n), 1 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\user\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\user\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Löschen bei Neustart.
C:\Users\user\AppData\Local\Temp\Temp1_d2a536_4e9f41e2c1efa.zip\Metro 2033 v1.0 + 4 Trainer.exe (HackTool.GamesCheat) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx (PUP.CrossRider.SSK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 12.12.2012, 15:03   #2
Chris4You
 
Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert. - Standard

Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert.



Hi,

sind halt alle schon im Urlaub Skifahren ;o)... (und ich habe jetzt dann auch Urlaub (eigentlich schon seit gestern...)

Alles von MAM löschen lassen, dann:

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris
__________________

__________________

Alt 12.12.2012, 15:40   #3
Nephyl
 
Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert. - Standard

Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert.



Danke für die Antwort:

hier otl.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.12.2012 15:31:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,08 Gb Available Physical Memory | 68,17% Memory free
11,96 Gb Paging File | 9,57 Gb Available in Paging File | 80,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,77 Gb Total Space | 601,84 Gb Free Space | 87,13% Space Free | Partition Type: NTFS
Drive D: | 690,77 Gb Total Space | 503,91 Gb Free Space | 72,95% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\user\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - D:\GAMES\STEAM\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\GAMES\STEAM\sdl.dll ()
MOD - D:\GAMES\STEAM\bin\libcef.dll ()
MOD - D:\GAMES\STEAM\bin\avcodec-53.dll ()
MOD - D:\GAMES\STEAM\bin\chromehtml.dll ()
MOD - D:\GAMES\STEAM\bin\avformat-53.dll ()
MOD - D:\GAMES\STEAM\bin\avutil-51.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0e0dbef211f78bdcbf5e5d71290dbed2\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ad97f7b8db0974c69a3d21ca61b72497\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\398df77267992efc77df5ef5176a89c6\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6a68e4c50351a220511a5dfc3e025685\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll ()
MOD - C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll ()
MOD - C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\user\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.03 15:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.12.03 15:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.12.03 15:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.06 02:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Steam] D:\GAMES\STEAM\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F66A1F0-AFCB-416F-A358-328828075F42}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22587~1.187\{61d8b~1\brwmngr.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9af64708-1869-11e2-813a-c89cdc2ab616}\Shell - "" = AutoRun
O33 - MountPoints2\{9af64708-1869-11e2-813a-c89cdc2ab616}\Shell\AutoRun\command - "" = H:\iStudio.exe
O33 - MountPoints2\{c604fb5c-de2b-11e1-9550-c89cdc2ab616}\Shell - "" = AutoRun
O33 - MountPoints2\{c604fb5c-de2b-11e1-9550-c89cdc2ab616}\Shell\AutoRun\command - "" = I:\INSTALL.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.12 13:18:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012.12.12 13:18:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.12 13:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.12 13:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.12 13:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.12 10:14:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL(1).exe
[2012.12.12 02:25:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.12 02:25:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.12 02:25:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.12 02:25:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.12 02:25:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.12 02:25:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.12 02:25:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.12 02:25:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.12 02:25:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.12 02:25:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.12 02:25:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.12 02:25:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.12 02:25:49 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.12 02:25:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.12 02:25:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.11 22:48:58 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.11 22:48:58 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.11 22:48:58 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.11 22:48:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.11 22:48:57 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.11 22:48:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.11 22:48:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.11 22:48:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.11 22:48:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.11 22:48:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.11 22:48:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.11 22:48:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.11 22:48:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.11 22:48:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.11 22:48:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.11 22:48:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.11 22:48:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.11 22:48:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.11 22:48:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.11 22:48:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.11 22:48:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.11 22:48:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.11 22:48:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.11 22:48:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.11 22:48:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.11 22:47:11 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.11 22:47:10 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.11 22:47:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.11 22:47:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.11 22:45:13 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.11 22:45:13 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.11 21:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.12.11 21:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.12.10 12:51:32 | 000,000,000 | ---D | C] -- C:\output
[2012.12.10 12:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WAV To MP3
[2012.12.10 12:50:40 | 000,000,000 | ---D | C] -- C:\WAV To MP3
[2012.12.04 20:27:13 | 000,000,000 | ---D | C] -- C:\Users\user\jagexcache1
[2012.12.04 20:07:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Windows Live Writer
[2012.12.04 20:07:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows Live Writer
[2012.12.03 15:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.11.30 23:37:33 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.11.30 23:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.30 23:37:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.30 19:28:17 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.30 19:28:17 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.30 19:23:53 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.30 19:23:53 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.30 19:23:53 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.30 19:23:53 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.30 17:06:28 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.30 17:06:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.12 15:12:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1278889863-2957739578-47900684-1000UA.job
[2012.12.12 15:12:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1278889863-2957739578-47900684-1000Core.job
[2012.12.12 14:54:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.12 14:54:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.12 14:52:51 | 001,529,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.12 14:52:51 | 000,665,216 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.12 14:52:51 | 000,625,398 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.12 14:52:51 | 000,135,126 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.12 14:52:51 | 000,110,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.12 14:46:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.12 14:46:56 | 522,727,423 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.12 13:18:49 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.12 11:29:27 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.12 10:14:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL(1).exe
[2012.12.12 10:01:30 | 000,294,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.10 12:49:00 | 013,011,690 | ---- | M] () -- C:\Users\user\Desktop\come-äss1.wav
[2012.12.05 18:25:08 | 000,000,024 | ---- | M] () -- C:\Users\user\random.dat
[2012.12.05 17:57:19 | 000,000,043 | ---- | M] () -- C:\Users\user\jagex_cl_runescape_LIVE.dat
[2012.12.04 20:27:13 | 000,000,044 | ---- | M] () -- C:\Users\user\jagex_cl_runescape_LIVE1.dat
[2012.12.03 15:19:33 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.03 14:56:27 | 000,011,405 | ---- | M] () -- C:\Users\user\Desktop\bookmarks-2012-12-03.json
[2012.11.30 23:37:33 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.30 16:55:07 | 000,001,318 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.11.14 07:11:44 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.14 07:02:49 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.14 07:02:04 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.14 06:58:36 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.14 06:57:46 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.14 06:57:35 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.14 06:55:26 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.14 06:53:22 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.14 06:46:25 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.14 02:58:15 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.14 02:55:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.14 02:49:25 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.14 02:49:19 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.14 02:45:01 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.14 02:41:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
 
========== Files Created - No Company Name ==========
 
[2012.12.12 13:18:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.11 01:09:58 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.10 12:48:59 | 013,011,690 | ---- | C] () -- C:\Users\user\Desktop\come-äss1.wav
[2012.12.04 20:27:13 | 000,000,044 | ---- | C] () -- C:\Users\user\jagex_cl_runescape_LIVE1.dat
[2012.12.03 15:19:33 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.12.03 15:19:33 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.03 14:56:27 | 000,011,405 | ---- | C] () -- C:\Users\user\Desktop\bookmarks-2012-12-03.json
[2012.11.30 19:28:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.30 19:23:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.10.03 18:12:26 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.08.05 11:46:33 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2012.08.05 11:45:52 | 001,556,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.16 16:04:08 | 000,034,816 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.24 23:16:10 | 000,283,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.24 23:16:09 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.11.23 21:38:20 | 000,000,043 | ---- | C] () -- C:\Users\user\jagex_cl_runescape_LIVE.dat
[2011.11.23 21:38:20 | 000,000,024 | ---- | C] () -- C:\Users\user\random.dat
[2011.03.22 06:46:01 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---
__________________

Alt 12.12.2012, 15:43   #4
Nephyl
 
Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert. - Standard

Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert.



und hier der zweite (extras):
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.12.2012 15:31:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,08 Gb Available Physical Memory | 68,17% Memory free
11,96 Gb Paging File | 9,57 Gb Available in Paging File | 80,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,77 Gb Total Space | 601,84 Gb Free Space | 87,13% Space Free | Partition Type: NTFS
Drive D: | 690,77 Gb Total Space | 503,91 Gb Free Space | 72,95% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A3FCFC-46F3-4767-8A32-1477AD0E571E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{055F16C3-EAB3-4967-B465-456BD82E9A2C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{17A2D006-41B9-4E00-9504-6D23604AE052}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{184C5735-5BB9-436D-88D7-B3DAC199872C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{18866BF7-EBC6-4115-B546-F7C524671DB9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1C08F753-6297-4F44-B260-736D98D888F2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{31DB97A8-C8E7-4FB2-A061-935754030E72}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4D2EF6D9-4D15-494C-B8E7-96E3FDD32E3E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5E211AC2-D517-482E-BC80-E81917D73466}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{618F0CFE-C08E-4A20-B3F9-BF4337B256FE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{68ABF4E8-904B-4D09-9983-10966D4DFCA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{76E0827C-2F6D-4963-98E7-08BE975DE4EE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{785FC818-C5E7-4589-9694-B97101C93582}" = lport=138 | protocol=17 | dir=in | app=system | 
"{973FE1D0-ACE6-4007-A251-6C141FDCEF80}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9A85EDF2-5C18-47A2-9AA6-B887836CD18F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A203185B-6511-49F1-ABD5-C8FCE346CB19}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A2911C99-0769-458C-BD23-C0892050EA4C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A6804661-DE35-46A7-8CF7-BC4C00E55E69}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AF3261A1-0352-46FE-AEBA-F76523BCB333}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B3EC0CCC-1E26-4802-804D-5C821107D0CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B525E769-BC17-4E0A-AF1F-FB9129631409}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B8B91BF5-AD20-4D6E-80D0-5397FF079C70}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BCDF03CE-5722-49BA-A02F-02690A57A1E3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C8BE0165-2B11-46B4-8A53-E43A809B2F2D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E56EC919-5691-4623-B7E4-EEFE92179304}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0377F41A-F1A5-41BC-B9CF-2D112724FDC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0539ACB9-4DBA-41A4-A475-DB0EE04E2103}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\vik1or\pirates, vikings, and knights ii\hl2.exe | 
"{17F1D568-42E7-4FD2-AF4B-6201E7596213}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\world of battles\release\launcher.exe | 
"{1AF035DE-50CD-4C98-866D-A815EEEE39AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1B993A7E-0457-4F5C-B050-7175985515C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{255C44C2-2E43-417D-A23A-F69F4668AB1A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"{27CB5694-7EA3-4054-8D21-9C757ECDDA1E}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\vik1or\pirates, vikings, and knights ii\hl2.exe | 
"{3104DC50-B3A0-48E6-84B9-D2BF13EDA193}" = protocol=17 | dir=in | app=d:\games\assassinscreed\assassinscreed_dx10.exe | 
"{31648774-15E6-4F6E-A726-A96BD2AEF213}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\clmlsvc.exe | 
"{338D53B8-7129-4DD7-8658-314C83AFFBC1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{37E9FE1A-4434-4AFA-BBA2-3808116301CB}" = dir=in | app=c:\users\user\appdata\local\microsoft\skydrive\skydrive.exe | 
"{3B2DB742-85B3-438F-93C6-D1421BA56663}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe | 
"{3EA479E7-053A-4345-969C-E47EDE8A1AAC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{3EE255AD-56C1-4114-B32B-5419804E767A}" = protocol=6 | dir=in | app=d:\games\schlacht um mittelerde 2\game.dat | 
"{3FBBD297-9316-4CCB-95BD-6EB620ED50B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{45DBBA59-1ECA-46A8-8228-CF385086E067}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\supermnc\uberlauncher.exe | 
"{4AC58D76-D6C6-4AE4-BABA-152254A4A018}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\brink\brink.exe | 
"{4DFB1605-11F6-4D05-9F87-6E3AA102B568}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{511FB1C5-A32C-477D-8BC9-97D3C9E1DFA9}" = protocol=17 | dir=in | app=d:\games\assassinscreed\assassinscreed_launcher.exe | 
"{51C000E1-8EA0-4683-9E76-6B6EDBE981D7}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{64C23446-90CE-4FF9-A6AC-0CE558801C5A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\vik1or\counter-strike source\hl2.exe | 
"{651DEEFB-ED04-4D22-A793-7CD97D9E111A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{6563B331-AAD3-4E5D-9D11-67FAFF836CF2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{66EF5223-25F4-4F82-B42E-5C34243D19E5}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{6A751AEE-8AF5-4E2E-92AC-A25D6A4F91CF}" = protocol=6 | dir=in | app=d:\games\assassinscreed\assassinscreed_dx9.exe | 
"{6E908B5A-515B-4D46-908B-4D7DB07FC42D}" = protocol=6 | dir=in | app=d:\games\assassinscreed\assassinscreed_launcher.exe | 
"{6ED67FCE-451D-4425-8C50-6CDCFC4CA6CB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{6F52DB28-95DA-455B-A181-7D5789EEA19C}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"{76D2C0DB-01C4-4877-87DA-EB8458ECD1C1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{77BEF451-E026-4C93-AD34-D652C895BACB}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\dmrengine.exe | 
"{797C220D-9A9D-4D6B-9AEA-EF82FA597D3C}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\brink\brink.exe | 
"{7E4EE501-33B8-4BBB-906E-151898B7068A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7F45204D-DEFB-474D-BE5C-BC604FC22DEB}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\vik1or\counter-strike source\hl2.exe | 
"{845BD2F5-ED80-4CA4-941C-20EDFF8152F0}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\supermnc\uberlauncher.exe | 
"{8EB23BDE-305E-4852-80CF-E30255B9A4CE}" = protocol=17 | dir=in | app=d:\games\schlacht um mittelerde 2\game.dat | 
"{934B9802-2F42-4841-9E31-E36DEF2A32A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9698A058-479E-449F-880B-CA69BD753CB3}" = protocol=17 | dir=in | app=d:\games\assassinscreed\assassinscreed_dx9.exe | 
"{9753279E-5390-4DFD-BF57-A13D4D25D1F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{97BF980C-15E9-4856-9744-822FD0D83AFA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9877714B-797F-4B0D-B752-5B938BD03164}" = protocol=6 | dir=out | app=system | 
"{9A6B2B70-F97E-437D-A2D4-F5E0DC43F04F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9C7FE18E-CDCB-4DE2-9630-6DF5D560308B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{9F9E93EE-CA95-414C-97EE-D9E772B9F130}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe | 
"{A168E981-F917-4AFB-A002-5437BCE7DDCE}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\arcadedeluxeagent.exe | 
"{A5E0070F-2DE4-4CD0-9C27-64A6BF2ECE4A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A695507B-CB7E-4603-A3F7-9216FCA32A56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A8C165F3-5EFE-432C-9FC0-C1DA6795BF48}" = protocol=6 | dir=in | app=d:\games\assassinscreed\assassinscreed_dx10.exe | 
"{ABFDA7D9-B1D3-4EEE-B027-61CBC3D4B903}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{AF52D979-0844-403B-AB62-1E5465832EC9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B414256F-345E-431F-9BCF-C97F99CE0AF2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe | 
"{BB3171D2-A42A-4A30-B8BC-80F22BB60CF6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{BBECBD6C-7324-4A5A-BBDA-27B1BE420398}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{BE64FC7C-1733-428A-8649-8E7EC2C9EFEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE8CCDCD-2CF8-4CCA-B210-E368E357213C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2651724-020B-4AB5-80F7-C7286488A54C}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{C56DE21C-4A7A-4617-B024-1EBF367CA7CC}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe | 
"{C8B5E172-C385-4B10-9600-4EA728427CF2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CBD42EA9-2CE3-47CD-B26B-58DDB92E8ADE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CC3FB620-23D2-4D02-801D-2E1649C44973}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe | 
"{CF0A7636-9116-420D-8AFA-5082FEF9BF52}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D02003AB-A98A-41A7-AA6C-61ECF3BA8D73}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{D0357230-7E00-4652-927C-A5F893CF7C20}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D3060B6C-2CA4-43FA-800A-DBA90E6BC136}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe | 
"{D667667D-FEB8-4B55-BB9D-82C373F55BE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCCC3029-D49F-4DC6-868F-337295BC8252}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E94AC1ED-F49D-45AE-A8A7-7167D951D4CA}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{EB9657DC-1C02-4F65-83BE-82E4236A13A1}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\world of battles\release\launcher.exe | 
"{EBB172DC-88B8-4112-888D-1F010E3F9BB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ECB86E00-31D1-4361-A57E-8250370539FB}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{EEE6E5F2-A75C-415F-8224-134A3EB2C229}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F0007E70-8B8F-4C35-A555-2EDF1C38E68D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F956B9D4-8523-4BBD-897F-8DA5A0571D0B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{FFEFBC30-1514-428A-8D7E-084FCED3420A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"TCP Query User{3708DD94-E4F1-461C-BB38-6C0B6C83B8C5}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | 
"TCP Query User{3809B786-82BC-4A89-8854-51D1BF3FCFC1}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{389BE125-ECFA-41F5-8FA8-3C659AC6937C}D:\games\lan\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\lan\warcraft iii\war3.exe | 
"TCP Query User{4FAF850A-1069-4CA8-8600-BA8D2A7462D7}D:\program files\gtkradiant-1.4\gtkradiant-1.4.0.exe" = protocol=6 | dir=in | app=d:\program files\gtkradiant-1.4\gtkradiant-1.4.0.exe | 
"TCP Query User{5D4E8A0C-58DA-4705-8ED3-8771A53671E4}D:\games\lan\call of duty\codmp.exe" = protocol=6 | dir=in | app=d:\games\lan\call of duty\codmp.exe | 
"TCP Query User{649BACF2-F92A-4265-A323-2D59203D059C}D:\games\aoe-lan\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\games\aoe-lan\age2_x1\age2_x1.exe | 
"TCP Query User{815C6B25-961B-4DAC-AACF-0C6D0FAFC9E8}D:\games\lan\cs16lan\hl.exe" = protocol=6 | dir=in | app=d:\games\lan\cs16lan\hl.exe | 
"TCP Query User{8DE79F24-B5BE-4414-893E-7ADD145026D2}C:\gtk radiant\gtkradiant.exe" = protocol=6 | dir=in | app=c:\gtk radiant\gtkradiant.exe | 
"TCP Query User{981210F7-03E7-406D-988A-C69067ADE0C3}C:\users\user\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe | 
"TCP Query User{A2E1AC0F-C2B5-4C98-9426-D2097C8B16B1}C:\users\user\desktop\herr der ringe - eroberung\conquest.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\herr der ringe - eroberung\conquest.exe | 
"TCP Query User{B5A66954-BC17-415D-BA20-7015161A3A3E}D:\games\dc universe\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=d:\games\dc universe\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{B74CCDF6-DA9F-4F18-9DB9-107E44E8F6A4}D:\games\lan\herr der ringe - eroberung\conquest.exe" = protocol=6 | dir=in | app=d:\games\lan\herr der ringe - eroberung\conquest.exe | 
"TCP Query User{C4712A5B-7F5C-456A-B61D-16A0054CE996}D:\games\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\games\guild wars 2\gw2.exe | 
"TCP Query User{D7AA601E-6098-4980-80D8-4F7240554E7C}D:\games\lan\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=d:\games\lan\age of empires ii\age2_x1.exe | 
"TCP Query User{E1D719B7-FE5B-4B59-8ED4-4441154B16FB}D:\games\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=d:\games\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe | 
"TCP Query User{E7E048CA-8185-41E8-841A-B3D14950E598}C:\users\user\desktop\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\tmnationsforever\tmforever.exe | 
"TCP Query User{FAE7BBCD-4409-47EF-8BE1-9040C7CF8C6D}D:\games\lan\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\games\lan\tmnationsforever\tmforever.exe | 
"UDP Query User{253F3C83-E5C3-44CF-816A-93A5231E5FB5}C:\gtk radiant\gtkradiant.exe" = protocol=17 | dir=in | app=c:\gtk radiant\gtkradiant.exe | 
"UDP Query User{31EA59EB-7908-4FFE-BAEE-2C70B9B72DD2}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | 
"UDP Query User{362C014B-7C42-4273-B2C2-771C55E1627E}D:\games\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\games\guild wars 2\gw2.exe | 
"UDP Query User{36627D40-91E9-487B-AE14-08170444FDBE}C:\users\user\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe | 
"UDP Query User{3B1A89AD-BDA9-48F8-A925-0A038CFEE44D}D:\games\lan\herr der ringe - eroberung\conquest.exe" = protocol=17 | dir=in | app=d:\games\lan\herr der ringe - eroberung\conquest.exe | 
"UDP Query User{554F7B86-57FB-4EB0-AD37-85FC14E1BBA8}D:\games\aoe-lan\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\games\aoe-lan\age2_x1\age2_x1.exe | 
"UDP Query User{5C9FEBF1-90F7-4D86-98F7-5DDA48A65AAD}C:\users\user\desktop\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\tmnationsforever\tmforever.exe | 
"UDP Query User{5F7491F5-6BE6-47D4-8108-682363500525}D:\games\dc universe\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=d:\games\dc universe\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{623F218E-0212-441E-8C7C-369A4A677BFF}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{711A00DB-BDA1-49B9-AD7E-24396EE165EB}D:\games\lan\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=d:\games\lan\age of empires ii\age2_x1.exe | 
"UDP Query User{A55095EA-E3E7-4A96-B8FB-01FEDD1822ED}D:\games\lan\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\lan\warcraft iii\war3.exe | 
"UDP Query User{A66A8570-C28D-4D90-A9BF-526E3F57CC99}D:\games\lan\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\games\lan\tmnationsforever\tmforever.exe | 
"UDP Query User{A7407D31-57AD-449E-BD3E-DDBC3A326C61}D:\games\lan\cs16lan\hl.exe" = protocol=17 | dir=in | app=d:\games\lan\cs16lan\hl.exe | 
"UDP Query User{C24084F9-9586-4876-8561-8FF949460B8B}C:\users\user\desktop\herr der ringe - eroberung\conquest.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\herr der ringe - eroberung\conquest.exe | 
"UDP Query User{C52947CF-CB68-4221-9A17-5D40993A1723}D:\games\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=d:\games\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe | 
"UDP Query User{C9A26CAA-D106-48B8-83D2-82E08D0A2FE4}D:\games\lan\call of duty\codmp.exe" = protocol=17 | dir=in | app=d:\games\lan\call of duty\codmp.exe | 
"UDP Query User{FE6039EF-0763-4824-AEE0-59DD4CFD8044}D:\program files\gtkradiant-1.4\gtkradiant-1.4.0.exe" = protocol=17 | dir=in | app=d:\program files\gtkradiant-1.4\gtkradiant-1.4.0.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Blender" = Blender
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = Der Pate® Das Spiel
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{30C01299-554C-4B62-BD0F-849F43E01C91}_is1" = Pokemon World Online version 1.81
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{62813F65-4D78-43AF-A53C-DFAFA122E065}" = Windows Live Messenger
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6C1196CF-B4AD-4847-B70C-F034A781445E}" = GtkRadiant-1.4.0 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{884DF67C-F47D-4B09-B474-C3B7D51CA52A}" = Windows Live Family Safety
"{889c1686-2039-4bef-b6fe-e55f7893efd6}" = Nero 9 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A929A7EA-4DFB-48F9-AAF6-C880DF64FB73}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B2091805-8B42-44C2-AE76-AD1183E63985}" = Windows Live Family Safety
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B89EE842-D398-4EAC-A3DF-47280B285DD9}" = Windows Live Mail
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D555C389-F793-443A-B012-A3D70590CF3D}" = Windows Live Writer Resources
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer
"{DA2D4D11-1811-4A24-B719-BF9F048C6106}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC2F741D-308C-42B4-BD04-9A4853F2E402}" = GtkRadiant 1.5.0
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3AE7331-7851-424E-BFD5-B46E8DA3F0D6}" = GtkRadiant-1.4.0 
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.07.00.8037
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Age of Empires II (WBB Edition)" = Age of Empires II (WBB Edition)
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Carte" = Carte 0.9.58
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Guild Wars" = GUILD WARS
"Guild Wars 2" = Guild Wars 2
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"Intelli-studio" = SAMSUNG Intelli-studio
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PunkBusterSvc" = PunkBuster Services
"Simple Webcam Capture" = Simple Webcam Capture v1.0 (remove only)
"Steam App 104700" = Super Monday Night Combat
"Steam App 113400" = APB Reloaded
"Steam App 113900" = World of Battles
"Steam App 17570" = Pirates, Vikings, & Knights II
"Steam App 22350" = Brink
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Ultra Utilityv3 Beta 16" = Ultra Utility
"WinLiveSuite" = Windows Live Essentials
"Worms 2" = Worms 2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
"SkyDriveSetup.exe" = Microsoft SkyDrive
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live PSG" = DC Universe Online Live
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.12.2012 10:13:52 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 03.12.2012 22:17:32 | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 05.12.2012 04:44:51 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 05.12.2012 04:47:33 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 05.12.2012 06:52:51 | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 05.12.2012 17:05:55 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 05.12.2012 17:06:44 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 06.12.2012 09:19:54 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 06.12.2012 09:23:14 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 06.12.2012 16:32:56 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
[ System Events ]
Error - 11.12.2012 16:52:29 | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver
 Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
 Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 11.12.2012 16:52:50 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 LogMeIn Hamachi Tunneling Engine erreicht.
 
Error - 11.12.2012 16:52:50 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 12.12.2012 04:59:25 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 12.12.2012 05:01:23 | Computer Name = user-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?12.?2012 um 09:59:49 unerwartet heruntergefahren.
 
Error - 12.12.2012 05:01:52 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 12.12.2012 05:03:15 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 12.12.2012 05:03:15 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 12.12.2012 05:11:54 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 12.12.2012 09:47:31 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
 
< End of report >
         
--- --- ---
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.12.2012 15:31:05 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,08 Gb Available Physical Memory | 68,17% Memory free
11,96 Gb Paging File | 9,57 Gb Available in Paging File | 80,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,77 Gb Total Space | 601,84 Gb Free Space | 87,13% Space Free | Partition Type: NTFS
Drive D: | 690,77 Gb Total Space | 503,91 Gb Free Space | 72,95% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A3FCFC-46F3-4767-8A32-1477AD0E571E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{055F16C3-EAB3-4967-B465-456BD82E9A2C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{17A2D006-41B9-4E00-9504-6D23604AE052}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{184C5735-5BB9-436D-88D7-B3DAC199872C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{18866BF7-EBC6-4115-B546-F7C524671DB9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1C08F753-6297-4F44-B260-736D98D888F2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{31DB97A8-C8E7-4FB2-A061-935754030E72}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4D2EF6D9-4D15-494C-B8E7-96E3FDD32E3E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5E211AC2-D517-482E-BC80-E81917D73466}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{618F0CFE-C08E-4A20-B3F9-BF4337B256FE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{68ABF4E8-904B-4D09-9983-10966D4DFCA1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{76E0827C-2F6D-4963-98E7-08BE975DE4EE}" = rport=138 | protocol=17 | dir=out | app=system | 
"{785FC818-C5E7-4589-9694-B97101C93582}" = lport=138 | protocol=17 | dir=in | app=system | 
"{973FE1D0-ACE6-4007-A251-6C141FDCEF80}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9A85EDF2-5C18-47A2-9AA6-B887836CD18F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A203185B-6511-49F1-ABD5-C8FCE346CB19}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A2911C99-0769-458C-BD23-C0892050EA4C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A6804661-DE35-46A7-8CF7-BC4C00E55E69}" = rport=139 | protocol=6 | dir=out | app=system | 
"{AF3261A1-0352-46FE-AEBA-F76523BCB333}" = lport=139 | protocol=6 | dir=in | app=system | 
"{B3EC0CCC-1E26-4802-804D-5C821107D0CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B525E769-BC17-4E0A-AF1F-FB9129631409}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B8B91BF5-AD20-4D6E-80D0-5397FF079C70}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BCDF03CE-5722-49BA-A02F-02690A57A1E3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C8BE0165-2B11-46B4-8A53-E43A809B2F2D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E56EC919-5691-4623-B7E4-EEFE92179304}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0377F41A-F1A5-41BC-B9CF-2D112724FDC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0539ACB9-4DBA-41A4-A475-DB0EE04E2103}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\vik1or\pirates, vikings, and knights ii\hl2.exe | 
"{17F1D568-42E7-4FD2-AF4B-6201E7596213}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\world of battles\release\launcher.exe | 
"{1AF035DE-50CD-4C98-866D-A815EEEE39AE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1B993A7E-0457-4F5C-B050-7175985515C9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{255C44C2-2E43-417D-A23A-F69F4668AB1A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"{27CB5694-7EA3-4054-8D21-9C757ECDDA1E}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\vik1or\pirates, vikings, and knights ii\hl2.exe | 
"{3104DC50-B3A0-48E6-84B9-D2BF13EDA193}" = protocol=17 | dir=in | app=d:\games\assassinscreed\assassinscreed_dx10.exe | 
"{31648774-15E6-4F6E-A726-A96BD2AEF213}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\clmlsvc.exe | 
"{338D53B8-7129-4DD7-8658-314C83AFFBC1}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{37E9FE1A-4434-4AFA-BBA2-3808116301CB}" = dir=in | app=c:\users\user\appdata\local\microsoft\skydrive\skydrive.exe | 
"{3B2DB742-85B3-438F-93C6-D1421BA56663}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovieservice.exe | 
"{3EA479E7-053A-4345-969C-E47EDE8A1AAC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{3EE255AD-56C1-4114-B32B-5419804E767A}" = protocol=6 | dir=in | app=d:\games\schlacht um mittelerde 2\game.dat | 
"{3FBBD297-9316-4CCB-95BD-6EB620ED50B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{45DBBA59-1ECA-46A8-8228-CF385086E067}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\supermnc\uberlauncher.exe | 
"{4AC58D76-D6C6-4AE4-BABA-152254A4A018}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\brink\brink.exe | 
"{4DFB1605-11F6-4D05-9F87-6E3AA102B568}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{511FB1C5-A32C-477D-8BC9-97D3C9E1DFA9}" = protocol=17 | dir=in | app=d:\games\assassinscreed\assassinscreed_launcher.exe | 
"{51C000E1-8EA0-4683-9E76-6B6EDBE981D7}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{64C23446-90CE-4FF9-A6AC-0CE558801C5A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\vik1or\counter-strike source\hl2.exe | 
"{651DEEFB-ED04-4D22-A793-7CD97D9E111A}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{6563B331-AAD3-4E5D-9D11-67FAFF836CF2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{66EF5223-25F4-4F82-B42E-5C34243D19E5}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{6A751AEE-8AF5-4E2E-92AC-A25D6A4F91CF}" = protocol=6 | dir=in | app=d:\games\assassinscreed\assassinscreed_dx9.exe | 
"{6E908B5A-515B-4D46-908B-4D7DB07FC42D}" = protocol=6 | dir=in | app=d:\games\assassinscreed\assassinscreed_launcher.exe | 
"{6ED67FCE-451D-4425-8C50-6CDCFC4CA6CB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{6F52DB28-95DA-455B-A181-7D5789EEA19C}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe | 
"{76D2C0DB-01C4-4877-87DA-EB8458ECD1C1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{77BEF451-E026-4C93-AD34-D652C895BACB}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\dmrengine.exe | 
"{797C220D-9A9D-4D6B-9AEA-EF82FA597D3C}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\brink\brink.exe | 
"{7E4EE501-33B8-4BBB-906E-151898B7068A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7F45204D-DEFB-474D-BE5C-BC604FC22DEB}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\vik1or\counter-strike source\hl2.exe | 
"{845BD2F5-ED80-4CA4-941C-20EDFF8152F0}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\supermnc\uberlauncher.exe | 
"{8EB23BDE-305E-4852-80CF-E30255B9A4CE}" = protocol=17 | dir=in | app=d:\games\schlacht um mittelerde 2\game.dat | 
"{934B9802-2F42-4841-9E31-E36DEF2A32A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9698A058-479E-449F-880B-CA69BD753CB3}" = protocol=17 | dir=in | app=d:\games\assassinscreed\assassinscreed_dx9.exe | 
"{9753279E-5390-4DFD-BF57-A13D4D25D1F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{97BF980C-15E9-4856-9744-822FD0D83AFA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9877714B-797F-4B0D-B752-5B938BD03164}" = protocol=6 | dir=out | app=system | 
"{9A6B2B70-F97E-437D-A2D4-F5E0DC43F04F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9C7FE18E-CDCB-4DE2-9630-6DF5D560308B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe | 
"{9F9E93EE-CA95-414C-97EE-D9E772B9F130}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe | 
"{A168E981-F917-4AFB-A002-5437BCE7DDCE}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\arcadedeluxeagent.exe | 
"{A5E0070F-2DE4-4CD0-9C27-64A6BF2ECE4A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A695507B-CB7E-4603-A3F7-9216FCA32A56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A8C165F3-5EFE-432C-9FC0-C1DA6795BF48}" = protocol=6 | dir=in | app=d:\games\assassinscreed\assassinscreed_dx10.exe | 
"{ABFDA7D9-B1D3-4EEE-B027-61CBC3D4B903}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{AF52D979-0844-403B-AB62-1E5465832EC9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B414256F-345E-431F-9BCF-C97F99CE0AF2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe | 
"{BB3171D2-A42A-4A30-B8BC-80F22BB60CF6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{BBECBD6C-7324-4A5A-BBDA-27B1BE420398}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{BE64FC7C-1733-428A-8649-8E7EC2C9EFEF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BE8CCDCD-2CF8-4CCA-B210-E368E357213C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C2651724-020B-4AB5-80F7-C7286488A54C}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{C56DE21C-4A7A-4617-B024-1EBF367CA7CC}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe | 
"{C8B5E172-C385-4B10-9600-4EA728427CF2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CBD42EA9-2CE3-47CD-B26B-58DDB92E8ADE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CC3FB620-23D2-4D02-801D-2E1649C44973}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\metro 2033\metro2033.exe | 
"{CF0A7636-9116-420D-8AFA-5082FEF9BF52}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D02003AB-A98A-41A7-AA6C-61ECF3BA8D73}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{D0357230-7E00-4652-927C-A5F893CF7C20}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D3060B6C-2CA4-43FA-800A-DBA90E6BC136}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\arcade movie\touchmovie.exe | 
"{D667667D-FEB8-4B55-BB9D-82C373F55BE2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DCCC3029-D49F-4DC6-868F-337295BC8252}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E94AC1ED-F49D-45AE-A8A7-7167D951D4CA}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{EB9657DC-1C02-4F65-83BE-82E4236A13A1}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\world of battles\release\launcher.exe | 
"{EBB172DC-88B8-4112-888D-1F010E3F9BB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ECB86E00-31D1-4361-A57E-8250370539FB}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{EEE6E5F2-A75C-415F-8224-134A3EB2C229}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F0007E70-8B8F-4C35-A555-2EDF1C38E68D}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F956B9D4-8523-4BBD-897F-8DA5A0571D0B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\apb reloaded\binaries\apb.exe | 
"{FFEFBC30-1514-428A-8D7E-084FCED3420A}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"TCP Query User{3708DD94-E4F1-461C-BB38-6C0B6C83B8C5}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | 
"TCP Query User{3809B786-82BC-4A89-8854-51D1BF3FCFC1}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{389BE125-ECFA-41F5-8FA8-3C659AC6937C}D:\games\lan\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\games\lan\warcraft iii\war3.exe | 
"TCP Query User{4FAF850A-1069-4CA8-8600-BA8D2A7462D7}D:\program files\gtkradiant-1.4\gtkradiant-1.4.0.exe" = protocol=6 | dir=in | app=d:\program files\gtkradiant-1.4\gtkradiant-1.4.0.exe | 
"TCP Query User{5D4E8A0C-58DA-4705-8ED3-8771A53671E4}D:\games\lan\call of duty\codmp.exe" = protocol=6 | dir=in | app=d:\games\lan\call of duty\codmp.exe | 
"TCP Query User{649BACF2-F92A-4265-A323-2D59203D059C}D:\games\aoe-lan\age2_x1\age2_x1.exe" = protocol=6 | dir=in | app=d:\games\aoe-lan\age2_x1\age2_x1.exe | 
"TCP Query User{815C6B25-961B-4DAC-AACF-0C6D0FAFC9E8}D:\games\lan\cs16lan\hl.exe" = protocol=6 | dir=in | app=d:\games\lan\cs16lan\hl.exe | 
"TCP Query User{8DE79F24-B5BE-4414-893E-7ADD145026D2}C:\gtk radiant\gtkradiant.exe" = protocol=6 | dir=in | app=c:\gtk radiant\gtkradiant.exe | 
"TCP Query User{981210F7-03E7-406D-988A-C69067ADE0C3}C:\users\user\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe | 
"TCP Query User{A2E1AC0F-C2B5-4C98-9426-D2097C8B16B1}C:\users\user\desktop\herr der ringe - eroberung\conquest.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\herr der ringe - eroberung\conquest.exe | 
"TCP Query User{B5A66954-BC17-415D-BA20-7015161A3A3E}D:\games\dc universe\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=d:\games\dc universe\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{B74CCDF6-DA9F-4F18-9DB9-107E44E8F6A4}D:\games\lan\herr der ringe - eroberung\conquest.exe" = protocol=6 | dir=in | app=d:\games\lan\herr der ringe - eroberung\conquest.exe | 
"TCP Query User{C4712A5B-7F5C-456A-B61D-16A0054CE996}D:\games\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\games\guild wars 2\gw2.exe | 
"TCP Query User{D7AA601E-6098-4980-80D8-4F7240554E7C}D:\games\lan\age of empires ii\age2_x1.exe" = protocol=6 | dir=in | app=d:\games\lan\age of empires ii\age2_x1.exe | 
"TCP Query User{E1D719B7-FE5B-4B59-8ED4-4441154B16FB}D:\games\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=d:\games\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe | 
"TCP Query User{E7E048CA-8185-41E8-841A-B3D14950E598}C:\users\user\desktop\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\users\user\desktop\tmnationsforever\tmforever.exe | 
"TCP Query User{FAE7BBCD-4409-47EF-8BE1-9040C7CF8C6D}D:\games\lan\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=d:\games\lan\tmnationsforever\tmforever.exe | 
"UDP Query User{253F3C83-E5C3-44CF-816A-93A5231E5FB5}C:\gtk radiant\gtkradiant.exe" = protocol=17 | dir=in | app=c:\gtk radiant\gtkradiant.exe | 
"UDP Query User{31EA59EB-7908-4FFE-BAEE-2C70B9B72DD2}C:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\der herr der ringe online\lotroclient.exe | 
"UDP Query User{362C014B-7C42-4273-B2C2-771C55E1627E}D:\games\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\games\guild wars 2\gw2.exe | 
"UDP Query User{36627D40-91E9-487B-AE14-08170444FDBE}C:\users\user\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\gw2.exe | 
"UDP Query User{3B1A89AD-BDA9-48F8-A925-0A038CFEE44D}D:\games\lan\herr der ringe - eroberung\conquest.exe" = protocol=17 | dir=in | app=d:\games\lan\herr der ringe - eroberung\conquest.exe | 
"UDP Query User{554F7B86-57FB-4EB0-AD37-85FC14E1BBA8}D:\games\aoe-lan\age2_x1\age2_x1.exe" = protocol=17 | dir=in | app=d:\games\aoe-lan\age2_x1\age2_x1.exe | 
"UDP Query User{5C9FEBF1-90F7-4D86-98F7-5DDA48A65AAD}C:\users\user\desktop\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\tmnationsforever\tmforever.exe | 
"UDP Query User{5F7491F5-6BE6-47D4-8108-682363500525}D:\games\dc universe\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=d:\games\dc universe\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{623F218E-0212-441E-8C7C-369A4A677BFF}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{711A00DB-BDA1-49B9-AD7E-24396EE165EB}D:\games\lan\age of empires ii\age2_x1.exe" = protocol=17 | dir=in | app=d:\games\lan\age of empires ii\age2_x1.exe | 
"UDP Query User{A55095EA-E3E7-4A96-B8FB-01FEDD1822ED}D:\games\lan\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\games\lan\warcraft iii\war3.exe | 
"UDP Query User{A66A8570-C28D-4D90-A9BF-526E3F57CC99}D:\games\lan\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=d:\games\lan\tmnationsforever\tmforever.exe | 
"UDP Query User{A7407D31-57AD-449E-BD3E-DDBC3A326C61}D:\games\lan\cs16lan\hl.exe" = protocol=17 | dir=in | app=d:\games\lan\cs16lan\hl.exe | 
"UDP Query User{C24084F9-9586-4876-8561-8FF949460B8B}C:\users\user\desktop\herr der ringe - eroberung\conquest.exe" = protocol=17 | dir=in | app=c:\users\user\desktop\herr der ringe - eroberung\conquest.exe | 
"UDP Query User{C52947CF-CB68-4221-9A17-5D40993A1723}D:\games\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=d:\games\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe | 
"UDP Query User{C9A26CAA-D106-48B8-83D2-82E08D0A2FE4}D:\games\lan\call of duty\codmp.exe" = protocol=17 | dir=in | app=d:\games\lan\call of duty\codmp.exe | 
"UDP Query User{FE6039EF-0763-4824-AEE0-59DD4CFD8044}D:\program files\gtkradiant-1.4\gtkradiant-1.4.0.exe" = protocol=17 | dir=in | app=d:\program files\gtkradiant-1.4\gtkradiant-1.4.0.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{4BA33BE3-20CF-4972-BD67-B44CEFA52DCB}" = Windows Live MIME IFilter
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 267.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 267.02
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C8B10C8E-46F0-4C9A-A688-78B8A2F720BD}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Blender" = Blender
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{1A2516F6-15CF-45F0-A14C-865742A647C3}" = Windows Live Messenger
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1D2CF076-A63F-41A5-00A1-5924FADFAD9D}" = Der Pate® Das Spiel
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2D416A80-0BB1-4D8B-B770-7BE8F53D5937}" = Windows Live UX Platform Language Pack
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{30C01299-554C-4B62-BD0F-849F43E01C91}_is1" = Pokemon World Online version 1.81
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40F55150-F43D-4C9F-9A00-1A0A6F1EB7F0}" = Movie Maker
"{44E89CCA-BB20-4EA6-80EB-4126E886F83D}" = Windows Live Mail
"{46316411-80D8-4F68-8118-696E05FCE199}" = Windows Live Essentials
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent 
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5CC4C963-F772-4766-BFF2-DE551E205EE9}" = Photo Common
"{60A1253C-2D51-4166-95C2-52E9CF4F8D64}" = Photo Gallery
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{62813F65-4D78-43AF-A53C-DFAFA122E065}" = Windows Live Messenger
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6C1196CF-B4AD-4847-B70C-F034A781445E}" = GtkRadiant-1.4.0 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84BEAA30-1AF1-450B-9DD7-AD38B84004BA}" = Windows Live Messenger
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{884DF67C-F47D-4B09-B474-C3B7D51CA52A}" = Windows Live Family Safety
"{889c1686-2039-4bef-b6fe-e55f7893efd6}" = Nero 9 Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5D8B1C2-4B2E-42F1-ADB4-D0308A4F5C6F}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A929A7EA-4DFB-48F9-AAF6-C880DF64FB73}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B2091805-8B42-44C2-AE76-AD1183E63985}" = Windows Live Family Safety
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B89EE842-D398-4EAC-A3DF-47280B285DD9}" = Windows Live Mail
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBB00A31-1E0F-458C-BA15-0BAFF0567772}" = Windows Live Mail
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D555C389-F793-443A-B012-A3D70590CF3D}" = Windows Live Writer Resources
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DA22811F-4A83-4FE3-959F-1F26B64BA54B}" = Windows Live Writer
"{DA2D4D11-1811-4A24-B719-BF9F048C6106}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC2F741D-308C-42B4-BD04-9A4853F2E402}" = GtkRadiant 1.5.0
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DA672E-15DB-4413-BE2D-887DD1513607}" = Windows Live Writer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3AE7331-7851-424E-BFD5-B46E8DA3F0D6}" = GtkRadiant-1.4.0 
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE58D81E-30CE-4C73-9A52-28E886B62B91}" = Windows Live Writer Resources
"{FECB76C1-1C1D-4A84-8D47-5754C74B5A5E}" = Junk Mail filter update
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.07.00.8037
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Age of Empires II (WBB Edition)" = Age of Empires II (WBB Edition)
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Carte" = Carte 0.9.58
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fraps" = Fraps (remove only)
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.33.1005
"Guild Wars" = GUILD WARS
"Guild Wars 2" = Guild Wars 2
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{3E7940A4-495B-4DC5-B5C9-D2EE1DE9E5EF}" = Call of Juarez
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"Intelli-studio" = SAMSUNG Intelli-studio
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PunkBusterSvc" = PunkBuster Services
"Simple Webcam Capture" = Simple Webcam Capture v1.0 (remove only)
"Steam App 104700" = Super Monday Night Combat
"Steam App 113400" = APB Reloaded
"Steam App 113900" = World of Battles
"Steam App 17570" = Pirates, Vikings, & Knights II
"Steam App 22350" = Brink
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 43110" = Metro 2033
"Steam App 440" = Team Fortress 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Ultra Utilityv3 Beta 16" = Ultra Utility
"WinLiveSuite" = Windows Live Essentials
"Worms 2" = Worms 2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
"SkyDriveSetup.exe" = Microsoft SkyDrive
"SOE-DC Universe Online Live" = DC Universe Online Live
"SOE-DC Universe Online Live PSG" = DC Universe Online Live
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.12.2012 10:13:52 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 03.12.2012 22:17:32 | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 05.12.2012 04:44:51 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 05.12.2012 04:47:33 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 05.12.2012 06:52:51 | Computer Name = user-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 05.12.2012 17:05:55 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 05.12.2012 17:06:44 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 06.12.2012 09:19:54 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
Error - 06.12.2012 09:23:14 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Stream product id=0x0066): Streaming Failed
 
Error - 06.12.2012 16:32:56 | Computer Name = user-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Too many failures while downloading ranges: 2
 
[ System Events ]
Error - 11.12.2012 16:52:29 | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver
 Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
 Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 11.12.2012 16:52:50 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 LogMeIn Hamachi Tunneling Engine erreicht.
 
Error - 11.12.2012 16:52:50 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 12.12.2012 04:59:25 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 12.12.2012 05:01:23 | Computer Name = user-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?12.?2012 um 09:59:49 unerwartet heruntergefahren.
 
Error - 12.12.2012 05:01:52 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 12.12.2012 05:03:15 | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 12.12.2012 05:03:15 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 12.12.2012 05:11:54 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 12.12.2012 09:47:31 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUpUtilitiesDrv" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
 
< End of report >
         
--- --- ---

Alt 12.12.2012, 16:06   #5
Chris4You
 
Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert. - Standard

Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert.



Hi,

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22587~1.187\{61d8b~1\brwmngr.dll) -  File not found
[2012.12.12 15:12:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1278889863-2957739578-47900684-1000UA.job
[2012.12.12 15:12:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1278889863-2957739578-47900684-1000Core.job
[2012.11.30 16:55:07 | 000,001,318 | ---- | M] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012.12.11 01:09:58 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad


:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Erstelle und poste danach ein neues OTL-Log....
MAM updaten und neuen FULLSCAN, Log posten...

chris

__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.12.2012, 16:39   #6
Nephyl
 
Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert. - Standard

Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert.



All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk moved successfully.
C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\22587~1.187\{61d8b~1\brwmngr.dll deleted successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1278889863-2957739578-47900684-1000UA.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1278889863-2957739578-47900684-1000Core.job moved successfully.
File C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk not found.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 321 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: user
->Temp folder emptied: 872796305 bytes
->Temporary Internet Files folder emptied: 237700046 bytes
->Java cache emptied: 74186135 bytes
->FireFox cache emptied: 115092906 bytes
->Flash cache emptied: 1612 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 309523424 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 279610 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36065381 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.569,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12122012_163334

Files\Folders moved on Reboot...
File\Folder C:\Users\user\AppData\Local\Temp\fla1E40.tmp not found!
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MAK9KYSI\direct;auc.6003630303117768875;ai.301489112.304056031;ac.1355259376-22246707;wi.234;hi.60;cp.0[1].htm not found!
File\Folder C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0X7XCQ\ADSAdClient31[11].htm not found!
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6F0X7XCQ\GRedirect[5].htm moved successfully.
File\Folder C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JOR4HYF\ADSAdClient31[3].htm not found!
File\Folder C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0JOR4HYF\ADSAdClient31[4].htm not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 13.12.2012, 07:46   #7
Chris4You
 
Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert. - Standard

Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert.



Hi,

poste bitte ein neues OTL-Log und das Log vom MAM-Fullscan...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 13.12.2012, 11:58   #8
Nephyl
 
Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert. - Standard

Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert.



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.12.2012 11:14:58 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\user\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 4,02 Gb Available Physical Memory | 67,20% Memory free
11,96 Gb Paging File | 9,56 Gb Available in Paging File | 79,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 690,77 Gb Total Space | 600,64 Gb Free Space | 86,95% Space Free | Partition Type: NTFS
Drive D: | 690,77 Gb Total Space | 503,89 Gb Free Space | 72,95% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\user\Desktop\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - D:\GAMES\STEAM\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - D:\GAMES\STEAM\sdl.dll ()
MOD - D:\GAMES\STEAM\bin\libcef.dll ()
MOD - D:\GAMES\STEAM\bin\avcodec-53.dll ()
MOD - D:\GAMES\STEAM\bin\chromehtml.dll ()
MOD - D:\GAMES\STEAM\bin\avformat-53.dll ()
MOD - D:\GAMES\STEAM\bin\avutil-51.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0e0dbef211f78bdcbf5e5d71290dbed2\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ad97f7b8db0974c69a3d21ca61b72497\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1430191d067c0f28c3a676d3ecb85b26\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\515c6ffea562bb0f03a1ed8f75279648\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f4be07261983040b29685575b69085e8\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6a68e4c50351a220511a5dfc3e025685\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2d47118e5da6db054d5676e665f2be2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2f44dac350b6161a9e9ce7222ae94335\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c8ebcd93a2b547dc72dee2fcfabcdd50\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5530227809880c9b8b1d834e5434e840\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\user\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.03 15:19:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.12.03 15:19:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012.12.03 15:19:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.06 02:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [Steam] D:\GAMES\STEAM\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F66A1F0-AFCB-416F-A358-328828075F42}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9af64708-1869-11e2-813a-c89cdc2ab616}\Shell - "" = AutoRun
O33 - MountPoints2\{9af64708-1869-11e2-813a-c89cdc2ab616}\Shell\AutoRun\command - "" = H:\iStudio.exe
O33 - MountPoints2\{c604fb5c-de2b-11e1-9550-c89cdc2ab616}\Shell - "" = AutoRun
O33 - MountPoints2\{c604fb5c-de2b-11e1-9550-c89cdc2ab616}\Shell\AutoRun\command - "" = I:\INSTALL.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.12 16:42:52 | 000,000,000 | ---D | C] -- C:\2b4ee8094714df5c9198df3a
[2012.12.12 16:33:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.12 13:18:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012.12.12 13:18:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.12 13:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.12 13:18:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.12 13:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.12 10:14:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL(1).exe
[2012.12.12 02:25:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.12.12 02:25:52 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.12.12 02:25:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.12.12 02:25:51 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.12.12 02:25:51 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.12.12 02:25:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.12.12 02:25:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.12.12 02:25:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.12.12 02:25:50 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.12.12 02:25:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.12.12 02:25:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.12.12 02:25:50 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.12.12 02:25:49 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.12.12 02:25:49 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.12.12 02:25:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.12.11 22:48:58 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.12.11 22:48:58 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.12.11 22:48:58 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.12.11 22:48:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.12.11 22:48:57 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.12.11 22:48:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.12.11 22:48:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.12.11 22:48:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.12.11 22:48:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.12.11 22:48:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.12.11 22:48:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.12.11 22:48:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.12.11 22:48:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.12.11 22:48:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.12.11 22:48:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.11 22:48:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.11 22:48:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.12.11 22:48:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.11 22:48:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.11 22:48:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.11 22:48:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.11 22:48:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.11 22:48:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.12.11 22:48:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.12.11 22:48:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.12.11 22:48:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.12.11 22:48:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.12.11 22:47:11 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.11 22:47:10 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.11 22:47:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.11 22:47:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.11 22:45:13 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012.12.11 22:45:13 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012.12.11 21:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.12.11 21:52:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.12.10 12:51:32 | 000,000,000 | ---D | C] -- C:\output
[2012.12.10 12:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WAV To MP3
[2012.12.10 12:50:40 | 000,000,000 | ---D | C] -- C:\WAV To MP3
[2012.12.04 20:27:13 | 000,000,000 | ---D | C] -- C:\Users\user\jagexcache1
[2012.12.04 20:07:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Windows Live Writer
[2012.12.04 20:07:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows Live Writer
[2012.12.03 15:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.11.30 23:37:33 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.11.30 23:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.30 23:37:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.11.30 19:28:17 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.30 19:28:17 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.30 19:23:53 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.30 19:23:53 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.30 19:23:53 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.30 19:23:53 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.30 17:06:28 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.30 17:06:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.13 10:50:24 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.13 10:50:24 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.13 10:47:52 | 001,529,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.13 10:47:52 | 000,665,216 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.13 10:47:52 | 000,625,398 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.13 10:47:52 | 000,135,126 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.13 10:47:52 | 000,110,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.13 10:42:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.13 10:42:47 | 522,727,423 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.12 13:18:49 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.12 10:14:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL(1).exe
[2012.12.12 10:01:30 | 000,294,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.10 12:49:00 | 013,011,690 | ---- | M] () -- C:\Users\user\Desktop\come-äss1.wav
[2012.12.05 18:25:08 | 000,000,024 | ---- | M] () -- C:\Users\user\random.dat
[2012.12.05 17:57:19 | 000,000,043 | ---- | M] () -- C:\Users\user\jagex_cl_runescape_LIVE.dat
[2012.12.04 20:27:13 | 000,000,044 | ---- | M] () -- C:\Users\user\jagex_cl_runescape_LIVE1.dat
[2012.12.03 15:19:33 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.03 14:56:27 | 000,011,405 | ---- | M] () -- C:\Users\user\Desktop\bookmarks-2012-12-03.json
[2012.11.30 23:37:33 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.11.14 07:11:44 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.14 07:02:49 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.14 07:02:04 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.14 06:58:36 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.14 06:57:46 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.14 06:57:35 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.14 06:55:26 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.14 06:53:22 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.14 06:46:25 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.14 02:58:15 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.14 02:55:46 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.14 02:49:25 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.14 02:49:19 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.14 02:45:01 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.14 02:41:30 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
 
========== Files Created - No Company Name ==========
 
[2012.12.12 13:18:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.10 12:48:59 | 013,011,690 | ---- | C] () -- C:\Users\user\Desktop\come-äss1.wav
[2012.12.04 20:27:13 | 000,000,044 | ---- | C] () -- C:\Users\user\jagex_cl_runescape_LIVE1.dat
[2012.12.03 15:19:33 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.12.03 15:19:33 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.03 14:56:27 | 000,011,405 | ---- | C] () -- C:\Users\user\Desktop\bookmarks-2012-12-03.json
[2012.11.30 19:28:18 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.30 19:23:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.10.03 18:12:26 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.08.05 11:46:33 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Local\fusioncache.dat
[2012.08.05 11:45:52 | 001,556,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.16 16:04:08 | 000,034,816 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.24 23:16:10 | 000,283,416 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.24 23:16:09 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.11.23 21:38:20 | 000,000,043 | ---- | C] () -- C:\Users\user\jagex_cl_runescape_LIVE.dat
[2011.11.23 21:38:20 | 000,000,024 | ---- | C] () -- C:\Users\user\random.dat
[2011.03.22 06:46:01 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
--- --- ---


Rest folgt in Kürze.

Ich möchte dir schon einmal ganz herzlich danken, denn bisher läuft der Rechner ganz gut.

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.13.02

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-PC [Administrator]

Schutz: Aktiviert

13.12.2012 11:59:38
mbam-log-2012-12-13 (11-59-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 512648
Laufzeit: 1 Stunde(n), 25 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Alt 13.12.2012, 14:56   #9
Chris4You
 
Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert. - Standard

Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert.



Hi,

sieht eigentlich gut aus.
Wenn sicher der Rechner unauffällig verhält, dann wären wir durch...

Aufräumen:
Backups von OTL, Avenger&Co (falls vorhanden) löschen:
Falls der Rechner einwandfrei läuft, können die Backups der
Bereinigungstools gelöscht werden (soweit vorhanden):
  • OLT und das Verzeichnis C:\_OTL löschen...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 13.12.2012, 15:40   #10
Nephyl
 
Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert. - Standard

Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert.



Oh Chris sei Dank! =)

Ich danke dir 10000000000 mal! Sobald ich wieder was aufn Konto hab werd ich ma sehn was man so tun kann spendentechnisch

DANKE DANKE DANKE! =)

Antwort

Themen zu Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert.
ahnung, bereits, bundestrojaner, computer, computern, deaktiviert, drive, entfernen, freue, funktionier, geforce, größte, hacktool.gamescheat, home, informationen, intel, kopieren, rechner, runctf.lnk, skript, speziell, systemwiederherstellung, sytem, tagen, taskmanager, tricks, webcam, wgsdgsdgdsgsd.exe, windows, windows 7, windows 7 64 bit




Ähnliche Themen: Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert.


  1. Defender neuerdings deaktiviert und trotz Admin teilweise kein Zugriff
    Plagegeister aller Art und deren Bekämpfung - 04.06.2015 (11)
  2. Windows 7 Taskmanager und Regedit usw. deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 16.11.2014 (1)
  3. Windows 7 / teilweise enorm langes Booten / zeitweise Antivirus-Programm deaktiviert worden
    Log-Analyse und Auswertung - 18.07.2013 (3)
  4. Bundestrojaner / GVU 2013 eingefangen und teilweise entfernt.
    Plagegeister aller Art und deren Bekämpfung - 18.06.2013 (20)
  5. Taskmanager nach jedem Neustart deaktiviert
    Log-Analyse und Auswertung - 27.12.2012 (15)
  6. Taskmanager, Regedit und Desktop deaktiviert
    Log-Analyse und Auswertung - 31.10.2012 (21)
  7. arg135043.exe Startleiste verschwunden und Taskmanager deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 23.03.2012 (4)
  8. BKA Virus deaktiviert Taskmanager!
    Plagegeister aller Art und deren Bekämpfung - 21.12.2011 (1)
  9. TaskManager und regedit waren deaktiviert.
    Alles rund um Windows - 26.12.2010 (1)
  10. Der Taskmanager wurde vom Administrator Deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 18.12.2010 (1)
  11. Taskmanager deaktiviert
    Log-Analyse und Auswertung - 02.11.2010 (3)
  12. Your System is Infected, Taskmanager Deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 22.12.2009 (1)
  13. Taskmanager deaktiviert
    Log-Analyse und Auswertung - 02.03.2009 (3)
  14. Taskmanager wurde durch den Administrator Deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 28.08.2008 (9)
  15. Taskmanager deaktiviert
    Log-Analyse und Auswertung - 28.07.2008 (7)
  16. TASKMANAGER DEAKTIVIERT-KEIN VIRUS-Hijack Log
    Log-Analyse und Auswertung - 10.07.2008 (1)
  17. Ausführzeile verschwunden, taskmanager deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 13.06.2006 (5)

Zum Thema Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert. - Hallo, Ich habe seit ein paar Tagen einen Bundestrojaner, der sogar die Webcam anschaltet.Der ist sehr hartnäckig. Ich schaffe es manchmal (so wie jetzt) mit ein paar Tricks wieder ins - Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert....
Archiv
Du betrachtest: Bundestrojaner mit Webcamanschaltung - Taskmanager teilweise deaktiviert. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.