Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Gvu trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.01.2013, 20:18   #1
Rap01
 
Gvu trojaner - Standard

Gvu trojaner



Hallo,

ich hatte gestern den allseits bekanntenn GVU-Trojaner auf meinem PC.

Dieser richtete eine Sperrseite ein -> 100€ zahlen etc. und sperrte mein Admin-Konto.

Ich meldete mich dann auf meinem Gast Konto an und führte eine Systemwiederherstellung durch, was das problem vorerst löste.

Nun gibt es jedoch bestimmt trotzdem noch infizierte Dateien usw. auf meinem PC, die ich gerne entfernen möchte.

Hier der Malwarebytes Log:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.10.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Martin :: PC [Administrator]

10.01.2013 21:20:07
MBAM-log-2013-01-11 (20-20-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 440544
Laufzeit: 1 Stunde(n), 23 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Martin\AppData\Roaming\skype.dat (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)




Ich hoffe auf kompetente Hilfe.

MfG
Martin

Alt 11.01.2013, 23:21   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gvu trojaner - Standard

Gvu trojaner



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Zitat:
Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 13.01.2013, 01:44   #3
Rap01
 
Gvu trojaner - Standard

Gvu trojaner



Weitere Logs mit Funden sind leider nicht vorhanden.

Das posten in Code-Tags werde ich für die Zukunft beachten.

MfG
__________________

Alt 13.01.2013, 19:28   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gvu trojaner - Standard

Gvu trojaner



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.01.2013, 22:16   #5
Rap01
 
Gvu trojaner - Standard

Gvu trojaner



Ich habe alles nach deiner Anleitung durchgeführt, hier die Logs von OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 13.01.2013 23:06:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 63,36% Memory free
7,73 Gb Paging File | 5,66 Gb Available in Paging File | 73,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 434,13 Gb Total Space | 260,63 Gb Free Space | 60,03% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 7,79 Gb Free Space | 39,89% Space Free | Partition Type: NTFS
Drive E: | 2,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Program Files (x86)\SplitCam\SplitCamFilter.ax ()
MOD - C:\Program Files (x86)\SplitCam\cxcore110.dll ()
MOD - C:\Program Files (x86)\SplitCam\cv110.dll ()
MOD - C:\Program Files (x86)\SplitCam\highgui110.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\Utility.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\Image.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273608125235l0444z1l5f4522x543
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273608125235l0444z1l5f4522x543
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273608125235l0444z1l5f4522x543
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273608125235l0444z1l5f4522x543
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273608125235l0444z1l5f4522x543
IE - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273608125235l0444z1l5f4522x543
IE - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE499
IE - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.80.2
FF - prefs.js..network.proxy.backup.ftp: "103.8.160.150"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "103.8.160.150"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "103.8.160.150"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.05 19:52:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.05 19:52:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.29 18:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2012.12.19 17:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\yd6rt3yc.default\extensions
[2012.10.26 19:07:04 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\yd6rt3yc.default\extensions\battlefieldplay4free@ea.com
[2012.12.19 17:18:35 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\yd6rt3yc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.05 19:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.05 19:52:36 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - Extension: YouTube = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe File not found
O4 - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0923E21-D072-4593-ADBF-4837B4189B33}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.31 05:10:28 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7778cdea-f06e-11e1-b152-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7778cdea-f06e-11e1-b152-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.11.01 23:17:12 | 000,356,352 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.13 22:52:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.01.13 20:18:56 | 000,000,000 | R--D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013.01.10 17:18:17 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.10 17:18:16 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.10 17:17:55 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.10 17:17:54 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.01.10 17:17:44 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.10 17:17:44 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.01.10 17:17:44 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.10 17:17:44 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.01.10 17:17:43 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.01.10 17:17:43 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.10 17:17:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.01.10 17:17:43 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.10 17:17:43 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.10 17:17:43 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.01.10 17:17:43 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.10 17:17:43 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.01.10 17:17:43 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.10 17:17:43 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.01.10 17:17:43 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.10 17:17:43 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.01.10 17:17:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.10 17:17:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.01.10 17:17:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.10 17:17:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.01.10 17:17:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.10 17:17:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.01.10 17:17:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.10 17:17:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.01.10 17:17:41 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.10 17:17:41 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.01.10 17:17:41 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.10 17:17:41 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.01.10 17:17:41 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.10 17:17:41 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.01.10 17:17:41 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.10 17:17:41 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.01.10 17:16:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.10 17:16:57 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.10 17:16:57 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.10 17:16:56 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.10 17:16:56 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.10 17:16:56 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.10 17:16:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.10 17:16:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.10 17:16:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.10 17:16:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.10 17:16:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.10 17:16:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.10 17:16:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.10 17:16:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.10 17:16:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.10 17:16:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.10 17:16:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.10 17:16:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.10 17:16:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.10 17:16:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.10 17:16:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.10 17:16:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.10 17:16:37 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.04 04:19:55 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Programs
[2013.01.02 21:39:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Gothic3ForsakenGods
[2013.01.02 21:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2013.01.02 21:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD
[2012.12.26 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Minimal.Electro
[2012.12.26 22:18:57 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Charts
[2012.12.26 22:18:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Alles
[2012.12.26 22:18:15 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Alle Farben
[2012.12.26 22:17:28 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Toppa
[2012.12.22 01:47:38 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.22 01:47:38 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.22 01:47:38 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.22 01:47:36 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.13 23:04:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.13 22:52:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.01.13 22:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.13 20:26:38 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.13 20:26:38 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.13 20:18:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.13 20:17:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.13 20:17:29 | 3113,304,064 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.12 13:33:53 | 000,351,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.12 05:13:56 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.12 05:13:56 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.12 05:13:56 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.12 05:13:56 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.12 05:13:56 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.08 23:35:54 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.08 23:35:54 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.02 21:38:29 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Gothic III - Götterdämmerung.lnk
[2013.01.02 06:04:36 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.INI
[2012.12.17 18:20:26 | 000,014,948 | -HS- | M] () -- C:\Users\Martin\Desktop\Folder.jpg
[2012.12.17 18:20:26 | 000,014,948 | -HS- | M] () -- C:\Users\Martin\Desktop\AlbumArt_{CC1F1FBD-DB48-45D9-8E76-6A7D59AF4FA4}_Large.jpg
[2012.12.17 18:20:22 | 000,003,362 | -HS- | M] () -- C:\Users\Martin\Desktop\AlbumArtSmall.jpg
[2012.12.17 18:20:22 | 000,003,362 | -HS- | M] () -- C:\Users\Martin\Desktop\AlbumArt_{CC1F1FBD-DB48-45D9-8E76-6A7D59AF4FA4}_Small.jpg
[2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
 
========== Files Created - No Company Name ==========
 
[2013.01.02 21:38:29 | 000,002,148 | ---- | C] () -- C:\Users\Public\Desktop\Gothic III - Götterdämmerung.lnk
[2012.12.17 18:20:26 | 000,014,948 | -HS- | C] () -- C:\Users\Martin\Desktop\Folder.jpg
[2012.12.17 18:20:26 | 000,014,948 | -HS- | C] () -- C:\Users\Martin\Desktop\AlbumArt_{CC1F1FBD-DB48-45D9-8E76-6A7D59AF4FA4}_Large.jpg
[2012.12.17 18:20:26 | 000,003,362 | -HS- | C] () -- C:\Users\Martin\Desktop\AlbumArtSmall.jpg
[2012.12.17 18:20:26 | 000,003,362 | -HS- | C] () -- C:\Users\Martin\Desktop\AlbumArt_{CC1F1FBD-DB48-45D9-8E76-6A7D59AF4FA4}_Small.jpg
[2012.10.19 16:28:58 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.19 16:28:53 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.17 20:12:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2012.10.13 16:16:11 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.10.13 16:16:11 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.10.13 16:16:11 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.10.13 16:09:42 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.09.02 20:38:05 | 000,001,226 | ---- | C] () -- C:\Windows\SplitCam.INI
[2012.09.01 16:28:09 | 000,000,218 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.09.01 16:28:09 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.09.01 16:24:56 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.09.01 14:28:17 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.09.01 14:28:17 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.08.27 21:30:23 | 000,061,440 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\skype.dat
[2012.08.27 18:49:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.11.05 23:47:00 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.18 15:44:07 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Opera
[2012.11.09 21:31:01 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.minecraft
[2012.08.29 22:37:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ASCOMP Software
[2012.10.18 19:39:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft
[2012.10.18 19:41:26 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.02 04:05:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FreeScreenToVideo
[2013.01.13 20:19:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ
[2012.10.19 16:27:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech
[2012.11.04 23:10:59 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LolClient
[2012.08.27 19:26:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Opera
[2012.10.09 18:49:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---



OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.01.2013 23:06:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 63,36% Memory free
7,73 Gb Paging File | 5,66 Gb Available in Paging File | 73,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 434,13 Gb Total Space | 260,63 Gb Free Space | 60,03% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 7,79 Gb Free Space | 39,89% Space Free | Partition Type: NTFS
Drive E: | 2,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-1887213331-3047672844-2597413253-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DBCFECB-9A2D-4214-8DB5-74BDD157BB01}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{19506490-8561-4FBB-8697-E01EF9587733}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1A660E18-ECF3-43D8-B353-35BE03735713}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{26AC27F7-C614-44B2-9F69-CCCD4D45B6B1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{293FE999-7A59-4F1D-ABC7-F861571419C9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2F59A125-F3FC-4E92-9F65-AFB028DDE5DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4021CD6F-756D-403B-B547-D31DB429C335}" = rport=445 | protocol=6 | dir=out | app=system | 
"{48F426FD-7A34-4E3D-83E0-01999E69E390}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4D370B61-C067-49FE-B8D0-DE0BCFFF4E44}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4F5DCE12-FEC2-4498-BEDE-3263FBBC322F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{52F7F430-9C97-4961-8F6C-EA8B53E2E156}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5B8949EF-8525-43F4-9D12-BB044207D01C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5D2711CC-082E-4B23-A23C-2BCE1432EBBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5E1476B4-1264-43B1-867C-E491226F9721}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{63589DD0-9ABF-45AF-8C7E-A41ED3AB080C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{76AE751F-F286-418D-A964-09EA47601C43}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8676374A-DFA3-4736-8BA7-1E6D36108892}" = rport=139 | protocol=6 | dir=out | app=system | 
"{98EAAC42-DB30-45FB-ACEE-F8796949933B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9BCF5AC6-B34A-46AB-BD57-34A78D927AA3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9F550510-D683-4773-8215-32402C43E9F1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A2AA098F-4FF9-4DE7-BD7C-5FCBD7C6DC4D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BC7772B2-CC1C-413E-AA3A-D92408B9EEF7}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C77CE01D-82CE-4962-8C94-7E494EAE06A4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D8C2697D-35F2-450F-8681-ADC86EF32E43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA099C28-4D03-4DC5-9400-1BCC2C18DB32}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0367AD91-2193-4ED8-9CD8-282414D22DA5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{046B64A5-BFC8-44F3-8939-13F4D5154F00}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{063F9D65-C6AD-4E78-B6E0-5AB25680FFCD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0EA6F1CC-8831-4C61-B6FB-97B61747D2D6}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{0FF93175-A57C-4B0A-B1C5-815845421872}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{11BEBEFC-AEB7-4E29-8B98-37ED280F52BD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{17DC7D54-9B01-4CF7-8F90-C65439759517}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{1A36F0FA-9D24-4894-938F-79BD984D7479}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1FDEE84F-C4FE-4207-98D8-E7297DEC0093}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{1FEEAC55-8C4F-4648-8AED-124603976A78}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{27B890B3-060D-4452-9F51-74C4ADA4BC34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2AEF9814-3639-4741-9A0F-8BD885B650A9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{32596A4B-9C67-4D6B-A03D-84590241CB0C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{33B0290E-1CFC-4758-A792-CC7A89EE0844}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3666F18F-54F9-4556-908B-BF43975A1AF1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3823566C-A55A-4564-AE44-EF986A28CF8C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3DB640AC-1B0E-40E4-A8FA-EA6D7D445C8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{46688770-8640-4230-A913-280EAE2FD84B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{4C0EC66E-A5F8-4295-8C63-3CA222353271}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4D027A6F-227C-4FA8-BC73-01A9F6A7B94D}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{531DB83B-BA72-448E-8A59-80194ABE2FD0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{53208EBA-0D98-483A-A826-68BBBC7350EF}" = protocol=6 | dir=in | app=c:\nexon\combat arms\combatarms.exe | 
"{5448FAAD-F440-4E94-9E95-2FF94CD79D99}" = protocol=58 | dir=in | app=system | 
"{57337991-1FD1-4B34-ADBA-ED1A8EC94F8E}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{676233C7-7E0C-4CF1-8B4E-36D26F8028DA}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{67C1FD2C-32AC-4AA2-958D-40BED89265ED}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{6CC3A447-8A06-4A19-AC0B-0A7C44A69908}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{733F7704-C9A3-49C0-913A-0790058625B0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{76100AC4-DFE5-42D8-B78A-316859545F9E}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{7FCBAF3D-9E30-43D3-8C46-1C602BC18D42}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{82AEE290-5D83-4CFC-8CC8-59758D5E47B3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{86C59DAF-482D-45C9-A98A-81D72A0184DE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{8B40327E-DD6D-490C-9F72-72707EA9DF4C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8B741A73-7831-4CBA-BBC5-87ACB8D0FD01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9993D219-E480-4BC7-B57C-CAE0AB9A3D8D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A7DC351C-2454-4390-82C3-300245201F04}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{A969FC0C-7332-4912-9480-E7662E4EBDCD}" = protocol=17 | dir=in | app=c:\nexon\combat arms\combatarms.exe | 
"{AA5FAB9D-D8AF-4C8B-BFDD-F72CFE2EC8A1}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{AC7D30B9-4E91-4463-97FB-53C9C837B697}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{ACCD3C54-C710-468E-B9D6-D33B30189AD5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{AFDE4376-F096-4EDA-BD55-80158E42C5C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B17BF433-83D2-4E51-B602-5CD3EA8305D5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B2C21D06-B9A7-4A3A-A00E-C59729ACE1DA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{BA2CD5BC-E111-4874-8B9F-B66E4C6EEC60}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{BAAC3586-6444-431B-A011-9B80CEBEDC34}" = protocol=6 | dir=out | app=system | 
"{C2ACB520-0515-4A72-B853-23E09D2C50DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C782B4C4-44A2-49CC-9D8B-D272FBE83B31}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{CAE6A7F4-2805-4E10-AF3E-E49054D0A812}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{D26FADCF-52FD-49BF-BA93-4A8C4F85268B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{E41CBA83-05B0-46BF-BC6F-7BBD04D85496}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E6575124-A851-475D-9DA0-ABD05DFB5C8D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{E6A0F427-B39A-45DD-A35E-2B122D5D8886}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E8AFEBC6-A9E4-41C0-A7F5-1BFF2E154A26}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{EF33609C-4480-4550-9E2B-684CB6FF6C7B}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{F0CD0E17-A4C8-4500-B917-3078EB1234F5}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{F3879D67-5E3F-4CAC-9D98-715B747D020E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F6D47E03-3BD9-469A-8255-5D485108366A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FC12998D-E3A8-460F-A931-5ABD7F2A0042}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{FC25414A-A193-4460-84C9-ED42EEA39A4E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FC95C17B-B750-4036-9C16-0472D06A7C7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE149C31-432B-4F02-8882-38896383D6AF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"TCP Query User{032E58A7-0159-4C78-B622-6A3E235C8A4F}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{0A15D1AF-BE1D-4615-8FC3-5FA4AFB75A52}C:\program files (x86)\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"TCP Query User{522BD76D-0266-4A90-B51A-44775324182E}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"TCP Query User{58E44B06-086D-41C6-97A0-B83A6A69AED6}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{C1167A2C-2561-48B6-A27C-5C8639464EA7}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"TCP Query User{D72B6E81-25D2-4DE6-A175-EED399BBA323}C:\program files (x86)\reality pump\lost souls\lostsouls.exe" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\lost souls\lostsouls.exe | 
"TCP Query User{EF5D96F9-5FD6-4CAA-82F6-A50E63C4AA46}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{021EBDDA-E383-4D05-B864-4C80F141AE02}C:\program files (x86)\reality pump\lost souls\lostsouls.exe" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\lost souls\lostsouls.exe | 
"UDP Query User{39FE29D8-EAC4-4220-B1AA-903888C2294A}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{3E95C21D-B160-468A-A4A5-AAAF32465468}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"UDP Query User{59B8C876-47F1-46FD-95E4-92DA7F4FF862}C:\program files (x86)\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"UDP Query User{B86E3DBD-F8B9-4469-A634-8ABA139F708B}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{C1A5C63A-E228-4DB3-BAC5-6019B1E8972F}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"UDP Query User{EE9A206C-D838-48DE-A6B0-CA0B4F12EA8B}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{7EFFF53E-F5A0-529D-2F69-DBAC8EEB36BB}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DEFCD877-1F8D-1C19-9D2F-C8CC4550340D}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02c6547c-700b-486e-821e-065148c9915a}" = Nero 9 Essentials
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{117E3AE2-10D1-41C1-9FA6-F4C382F767A8}_is1" = Packard Bell GameZone Console
"{13416D3D-AC63-1463-8F13-9DCA2AC968F6}" = CCC Help Greek
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22245BDB-CA20-DCD2-12C9-7D50692DF744}" = CCC Help Polish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C6862CE-912B-C2F7-CFB7-5A267620BF1A}" = CCC Help Chinese Traditional
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43A3E94C-CD9E-2405-675D-B71024874287}" = Catalyst Control Center Graphics Full Existing
"{47829AF8-2C85-1B85-D9F7-909D708B857E}" = CCC Help Spanish
"{487187CE-1610-BA3D-E1B3-7968ED205D9A}" = CCC Help Finnish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CF0503F-414B-BE2F-3047-E774FDE7881B}" = CCC Help Japanese
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{51C880E9-3DBA-1F09-A48C-5029B6FFA0E1}" = CCC Help Turkish
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5F8E0BF8-4DB8-9A38-E18A-0A8D6BBD0C5D}" = Catalyst Control Center Graphics Light
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{600A3CA2-05CF-7A41-093C-457FBE5EC5E4}" = CCC Help Italian
"{60D16B34-B668-892D-7C65-A06110DE4D6E}" = CCC Help Chinese Standard
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{64DB6421-C9E2-066B-2D6C-01A9C1187FE1}" = CCC Help Hungarian
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69BB6CDD-FB8C-2314-561F-DCA74B77E854}" = Catalyst Control Center Core Implementation
"{6D42924D-1E41-D3C6-465D-263E294BFFDF}" = Catalyst Control Center Graphics Full New
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{705F4E1F-0A2A-54A5-04A6-C0B03EDB3B16}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{775DC704-AAE3-4A79-981F-EA1CBAF96EB7}" = Gothic III - Götterdämmerung
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{810E0BD5-714D-45FB-2E27-B7BBB0BCA820}" = ccc-core-static
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{845BD512-B4A1-F058-5D48-1E4E5BD097E8}" = CCC Help English
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{950DCEAA-545D-B98C-69F2-4136D9D616AF}" = Catalyst Control Center InstallProxy
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BFE8D4A-6A08-FBE3-C07F-44B6CADE25CD}" = CCC Help Czech
"{A1D203C7-8E2A-3BE6-676E-D5CD4A453C6F}" = CCC Help Dutch
"{A24CC346-D415-0BA1-E088-6CAEC06DDE39}" = CCC Help Thai
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AE710981-9CAE-463F-817F-48F7BB6F93CF}_is1" = Free WAV to MP3 Converter
"{B0A4E37C-88BA-078F-FACE-84FEC086F2AF}" = CCC Help Danish
"{B1BD2EB4-A222-932B-DC40-59312357F190}" = CCC Help Korean
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE8F08BD-BC5E-158A-0832-D7EF669C870C}" = CCC Help German
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C6A655F8-B1CB-3A69-4846-25A7E192FB8D}" = CCC Help Portuguese
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CBCE09FB-0D69-7433-ED99-088BCB46E377}" = CCC Help Russian
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{D4B46A37-9FDC-3016-A216-84038B1982DF}" = Catalyst Control Center Localization All
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E0FA47BF-07DB-21B5-3E39-8A784657366D}" = Catalyst Control Center Graphics Previews Vista
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1F3E34E-E2C4-0346-2F85-D8702AD084FE}" = CCC Help French
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F55DC2A8-0B42-72A1-02B6-5035DEED3E11}" = CCC Help Norwegian
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Combat Arms EU" = Combat Arms EU
"Earth 2150 - Lost Souls" = Earth 2150 - Lost Souls
"Free Screen To Video_is1" = Free Screen To Video V 2.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Metaboli" = Metaboli
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.11.1661" = Opera 12.11
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PDF-to-Word 3.1 Demo" = PDF-to-Word 3.1 Demo
"PunkBusterSvc" = PunkBuster Services
"Secure Eraser_is1" = Secure Eraser v4.0
"SpeedFan" = SpeedFan (remove only)
"SplitCam" = SplitCam
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.01.2013 16:52:57 | Computer Name = PC | Source = Windows Installer 3.1 | ID = 921877
Description = 
 
Error - 02.01.2013 17:03:43 | Computer Name = PC | Source = System Restore | ID = 8193
Description = 
 
Error - 02.01.2013 21:45:16 | Computer Name = PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.01.2013 21:47:47 | Computer Name = PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 02.01.2013 21:49:14 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.01.2013 21:49:14 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.01.2013 21:49:14 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.01.2013 21:49:14 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.01.2013 22:28:54 | Computer Name = PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 03.01.2013 23:52:16 | Computer Name = PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 03.01.2013 23:52:43 | Computer Name = PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 03.01.2013 23:53:33 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.01.2013 23:53:33 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.01.2013 23:53:33 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.01.2013 23:53:33 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Media Center Events ]
Error - 07.09.2012 19:08:32 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 01:08:32 - Fehler beim Herstellen der Internetverbindung.  01:08:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 21.10.2012 16:22:28 | Computer Name = PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 36
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.10.2012 14:12:49 | Computer Name = PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 50
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19.12.2012 19:17:41 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 19.12.2012 19:17:41 | Computer Name = PC | Source = DCOM | ID = 10005
Description = 
 
Error - 25.12.2012 07:45:55 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 02.01.2013 12:20:06 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 10.01.2013 11:49:06 | Computer Name = PC | Source = DCOM | ID = 10016
Description = 
 
Error - 10.01.2013 11:49:06 | Computer Name = PC | Source = DCOM | ID = 10016
Description = 
 
Error - 10.01.2013 11:49:35 | Computer Name = PC | Source = DCOM | ID = 10016
Description = 
 
Error - 10.01.2013 15:47:03 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?10.?01.?2013 um 20:46:03 unerwartet heruntergefahren.
 
Error - 12.01.2013 17:10:48 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?12.?01.?2013 um 22:09:06 unerwartet heruntergefahren.
 
Error - 13.01.2013 15:20:26 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >
         
--- --- ---


Alt 13.01.2013, 22:21   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gvu trojaner - Standard

Gvu trojaner



Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Gvu trojaner

Alt 14.01.2013, 00:18   #7
Rap01
 
Gvu trojaner - Standard

Gvu trojaner



Erstmal vorweg: Nach dem Scan viel mir auf, das bei allen Datein auf dem Desktop nun die Dateiendung (txt, mp3 usw.) mit im Dateinamen angezeigt wird.
Des Weiteren werden nun auf dem Desktop zwei Datein mit dem Namen "desktop.ini" sowie eine Datei mit dem Namen "AlbumArtSmall.jpg" (Cover eines Songs der sich auf dem Desktop befindet) angezeigt.

Sind diese ohne Probleme löschbar?


Hier dann noch der Log von Malwarebytes Anti-Rootkit:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.13.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Martin :: PC [administrator]

14.01.2013 00:08:20
mbar-log-2013-01-14 (00-08-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29969
Time elapsed: 36 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Users\Martin\AppData\Roaming\skype.dat (Trojan.Agent) -> Delete on reboot.

(end)
         

Alt 14.01.2013, 07:56   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gvu trojaner - Standard

Gvu trojaner



Zitat:
Sind diese ohne Probleme löschbar?
Was sind daran denn Probleme, das sind doch nur Ansichtsoptionen die man in den Ordneroptionen wieder zurückstellen kann!

1. aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.


2. TDSS-Killer

Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.01.2013, 20:35   #9
Rap01
 
Gvu trojaner - Standard

Gvu trojaner



Soooo, hier hun der Log von aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-14 16:06:25
-----------------------------
16:06:25.484    OS Version: Windows x64 6.1.7601 Service Pack 1
16:06:25.484    Number of processors: 4 586 0x2502
16:06:25.484    ComputerName: PC  UserName: 
16:06:26.514    Initialize success
16:37:49.100    AVAST engine defs: 13011400
16:51:56.573    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:51:56.588    Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
16:51:56.604    Disk 0 MBR read successfully
16:51:56.604    Disk 0 MBR scan
16:51:56.635    Disk 0 Windows 7 default MBR code
16:51:56.640    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12291 MB offset 63
16:51:56.656    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          101 MB offset 25173855
16:51:56.671    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       444545 MB offset 25382700
16:51:56.687    Disk 0 Partition - 00     0F Extended LBA             19999 MB offset 935813120
16:51:56.726    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        19998 MB offset 935815168
16:51:56.772    Disk 0 scanning C:\Windows\system32\drivers
16:52:06.121    Service scanning
16:52:36.283    Modules scanning
16:52:36.738    Disk 0 trace - called modules:
16:52:36.754    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:52:36.774    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057e0060]
16:52:36.774    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049ef050]
16:52:37.896    AVAST engine scan C:\Windows
16:52:40.341    AVAST engine scan C:\Windows\system32
16:55:37.877    AVAST engine scan C:\Windows\system32\drivers
16:55:51.682    AVAST engine scan C:\Users\Martin
17:11:43.459    AVAST engine scan C:\ProgramData
17:14:26.873    Scan finished successfully
17:16:43.462    Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
17:16:43.462    The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"
         

Und der Log von TDSS-Killer:

Code:
ATTFilter
21:30:03.0016 3756  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:30:03.0216 3756  ============================================================
21:30:03.0216 3756  Current date / time: 2013/01/14 21:30:03.0216
21:30:03.0216 3756  SystemInfo:
21:30:03.0216 3756  
21:30:03.0216 3756  OS Version: 6.1.7601 ServicePack: 1.0
21:30:03.0216 3756  Product type: Workstation
21:30:03.0216 3756  ComputerName: PC
21:30:03.0216 3756  UserName: Martin
21:30:03.0216 3756  Windows directory: C:\Windows
21:30:03.0216 3756  System windows directory: C:\Windows
21:30:03.0216 3756  Running under WOW64
21:30:03.0216 3756  Processor architecture: Intel x64
21:30:03.0216 3756  Number of processors: 4
21:30:03.0216 3756  Page size: 0x1000
21:30:03.0216 3756  Boot type: Normal boot
21:30:03.0216 3756  ============================================================
21:30:03.0756 3756  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:30:03.0766 3756  ============================================================
21:30:03.0766 3756  \Device\Harddisk0\DR0:
21:30:03.0766 3756  MBR partitions:
21:30:03.0766 3756  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
21:30:03.0766 3756  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x36440904
21:30:03.0786 3756  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37C76800, BlocksNum 0x270F000
21:30:03.0786 3756  ============================================================
21:30:03.0826 3756  C: <-> \Device\Harddisk0\DR0\Partition2
21:30:03.0886 3756  D: <-> \Device\Harddisk0\DR0\Partition3
21:30:03.0886 3756  ============================================================
21:30:03.0886 3756  Initialize success
21:30:03.0886 3756  ============================================================
21:30:33.0026 4776  ============================================================
21:30:33.0026 4776  Scan started
21:30:33.0026 4776  Mode: Manual; SigCheck; TDLFS; 
21:30:33.0026 4776  ============================================================
21:30:33.0416 4776  ================ Scan system memory ========================
21:30:33.0416 4776  System memory - ok
21:30:33.0416 4776  ================ Scan services =============================
21:30:33.0576 4776  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:30:33.0706 4776  1394ohci - ok
21:30:33.0726 4776  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:30:33.0746 4776  ACPI - ok
21:30:33.0786 4776  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:30:33.0826 4776  AcpiPmi - ok
21:30:33.0906 4776  [ 6D9FC1E7EA3C548F4D3455F0C3FEEF8C ] AdobeActiveFileMonitor7.0 c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
21:30:33.0936 4776  AdobeActiveFileMonitor7.0 - ok
21:30:34.0046 4776  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:30:34.0066 4776  AdobeFlashPlayerUpdateSvc - ok
21:30:34.0116 4776  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:30:34.0136 4776  adp94xx - ok
21:30:34.0176 4776  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:30:34.0196 4776  adpahci - ok
21:30:34.0206 4776  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:30:34.0226 4776  adpu320 - ok
21:30:34.0256 4776  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:30:34.0316 4776  AeLookupSvc - ok
21:30:34.0366 4776  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
21:30:34.0446 4776  AFD - ok
21:30:34.0486 4776  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:30:34.0516 4776  agp440 - ok
21:30:34.0536 4776  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
21:30:34.0576 4776  ALG - ok
21:30:34.0626 4776  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:30:34.0636 4776  aliide - ok
21:30:34.0666 4776  [ 1D317EA326423FF7630CF1DA3BD46A1C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:30:34.0716 4776  AMD External Events Utility - ok
21:30:34.0766 4776  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
21:30:34.0796 4776  amdide - ok
21:30:34.0826 4776  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:30:34.0866 4776  AmdK8 - ok
21:30:34.0866 4776  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:30:34.0906 4776  AmdPPM - ok
21:30:34.0936 4776  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:30:34.0966 4776  amdsata - ok
21:30:34.0976 4776  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:30:34.0996 4776  amdsbs - ok
21:30:35.0016 4776  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:30:35.0026 4776  amdxata - ok
21:30:35.0086 4776  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:30:35.0116 4776  AntiVirSchedulerService - ok
21:30:35.0146 4776  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:30:35.0166 4776  AntiVirService - ok
21:30:35.0206 4776  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
21:30:35.0286 4776  AppID - ok
21:30:35.0316 4776  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:30:35.0416 4776  AppIDSvc - ok
21:30:35.0456 4776  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
21:30:35.0506 4776  Appinfo - ok
21:30:35.0566 4776  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:30:35.0596 4776  arc - ok
21:30:35.0606 4776  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:30:35.0626 4776  arcsas - ok
21:30:35.0656 4776  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:30:35.0726 4776  AsyncMac - ok
21:30:35.0776 4776  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
21:30:35.0786 4776  atapi - ok
21:30:35.0866 4776  [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
21:30:35.0936 4776  athr - ok
21:30:36.0106 4776  [ 19B5C61CB09BFF2BD69E063EE54B56C3 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:30:36.0406 4776  atikmdag - ok
21:30:36.0466 4776  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:30:36.0556 4776  AudioEndpointBuilder - ok
21:30:36.0566 4776  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:30:36.0606 4776  AudioSrv - ok
21:30:36.0646 4776  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:30:36.0676 4776  avgntflt - ok
21:30:36.0696 4776  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:30:36.0706 4776  avipbb - ok
21:30:36.0726 4776  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:30:36.0736 4776  avkmgr - ok
21:30:36.0766 4776  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:30:36.0866 4776  AxInstSV - ok
21:30:36.0926 4776  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
21:30:36.0996 4776  b06bdrv - ok
21:30:37.0026 4776  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:30:37.0086 4776  b57nd60a - ok
21:30:37.0146 4776  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:30:37.0206 4776  BDESVC - ok
21:30:37.0226 4776  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:30:37.0306 4776  Beep - ok
21:30:37.0356 4776  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
21:30:37.0436 4776  BFE - ok
21:30:37.0496 4776  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
21:30:37.0576 4776  BITS - ok
21:30:37.0626 4776  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:30:37.0676 4776  blbdrive - ok
21:30:37.0736 4776  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:30:37.0756 4776  bowser - ok
21:30:37.0776 4776  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:30:37.0816 4776  BrFiltLo - ok
21:30:37.0826 4776  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:30:37.0846 4776  BrFiltUp - ok
21:30:37.0886 4776  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
21:30:37.0956 4776  Browser - ok
21:30:37.0986 4776  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:30:38.0076 4776  Brserid - ok
21:30:38.0086 4776  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:30:38.0136 4776  BrSerWdm - ok
21:30:38.0176 4776  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:30:38.0226 4776  BrUsbMdm - ok
21:30:38.0266 4776  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:30:38.0306 4776  BrUsbSer - ok
21:30:38.0326 4776  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:30:38.0376 4776  BTHMODEM - ok
21:30:38.0426 4776  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
21:30:38.0506 4776  bthserv - ok
21:30:38.0536 4776  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:30:38.0576 4776  cdfs - ok
21:30:38.0606 4776  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
21:30:38.0656 4776  cdrom - ok
21:30:38.0706 4776  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:30:38.0786 4776  CertPropSvc - ok
21:30:38.0836 4776  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:30:38.0886 4776  circlass - ok
21:30:38.0926 4776  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
21:30:38.0956 4776  CLFS - ok
21:30:39.0026 4776  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:30:39.0056 4776  clr_optimization_v2.0.50727_32 - ok
21:30:39.0086 4776  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:30:39.0106 4776  clr_optimization_v2.0.50727_64 - ok
21:30:39.0176 4776  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:30:39.0196 4776  clr_optimization_v4.0.30319_32 - ok
21:30:39.0226 4776  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:30:39.0246 4776  clr_optimization_v4.0.30319_64 - ok
21:30:39.0286 4776  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:30:39.0326 4776  CmBatt - ok
21:30:39.0356 4776  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:30:39.0366 4776  cmdide - ok
21:30:39.0406 4776  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
21:30:39.0446 4776  CNG - ok
21:30:39.0476 4776  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:30:39.0486 4776  Compbatt - ok
21:30:39.0526 4776  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:30:39.0556 4776  CompositeBus - ok
21:30:39.0586 4776  COMSysApp - ok
21:30:39.0596 4776  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:30:39.0616 4776  crcdisk - ok
21:30:39.0636 4776  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:30:39.0706 4776  CryptSvc - ok
21:30:39.0826 4776  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:30:39.0926 4776  DcomLaunch - ok
21:30:39.0976 4776  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
21:30:40.0066 4776  defragsvc - ok
21:30:40.0106 4776  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:30:40.0166 4776  DfsC - ok
21:30:40.0216 4776  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:30:40.0306 4776  Dhcp - ok
21:30:40.0336 4776  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
21:30:40.0386 4776  discache - ok
21:30:40.0426 4776  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:30:40.0446 4776  Disk - ok
21:30:40.0516 4776  [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr         C:\Windows\syswow64\Drivers\DKbFltr.sys
21:30:40.0536 4776  DKbFltr - ok
21:30:40.0566 4776  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:30:40.0656 4776  Dnscache - ok
21:30:40.0696 4776  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:30:40.0786 4776  dot3svc - ok
21:30:40.0826 4776  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
21:30:40.0896 4776  DPS - ok
21:30:40.0936 4776  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:30:40.0996 4776  drmkaud - ok
21:30:41.0056 4776  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:30:41.0096 4776  DXGKrnl - ok
21:30:41.0156 4776  EagleX64 - ok
21:30:41.0186 4776  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
21:30:41.0266 4776  EapHost - ok
21:30:41.0366 4776  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
21:30:41.0516 4776  ebdrv - ok
21:30:41.0556 4776  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
21:30:41.0616 4776  EFS - ok
21:30:41.0686 4776  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:30:41.0766 4776  ehRecvr - ok
21:30:41.0806 4776  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
21:30:41.0836 4776  ehSched - ok
21:30:41.0886 4776  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:30:41.0926 4776  elxstor - ok
21:30:42.0006 4776  [ 8E910F796F5F30281CDD24ABA47DDEA2 ] ePowerSvc       C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
21:30:42.0046 4776  ePowerSvc - ok
21:30:42.0066 4776  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:30:42.0096 4776  ErrDev - ok
21:30:42.0146 4776  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
21:30:42.0246 4776  EventSystem - ok
21:30:42.0286 4776  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
21:30:42.0336 4776  exfat - ok
21:30:42.0346 4776  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:30:42.0406 4776  fastfat - ok
21:30:42.0446 4776  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
21:30:42.0516 4776  Fax - ok
21:30:42.0566 4776  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:30:42.0586 4776  fdc - ok
21:30:42.0616 4776  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
21:30:42.0696 4776  fdPHost - ok
21:30:42.0706 4776  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
21:30:42.0786 4776  FDResPub - ok
21:30:42.0816 4776  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:30:42.0826 4776  FileInfo - ok
21:30:42.0846 4776  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:30:42.0926 4776  Filetrace - ok
21:30:43.0016 4776  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:30:43.0076 4776  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
21:30:43.0076 4776  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
21:30:43.0116 4776  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:30:43.0136 4776  flpydisk - ok
21:30:43.0176 4776  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:30:43.0186 4776  FltMgr - ok
21:30:43.0226 4776  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
21:30:43.0296 4776  FontCache - ok
21:30:43.0346 4776  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:30:43.0366 4776  FontCache3.0.0.0 - ok
21:30:43.0406 4776  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:30:43.0426 4776  FsDepends - ok
21:30:43.0446 4776  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:30:43.0466 4776  Fs_Rec - ok
21:30:43.0486 4776  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:30:43.0506 4776  fvevol - ok
21:30:43.0536 4776  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:30:43.0546 4776  gagp30kx - ok
21:30:43.0576 4776  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
21:30:43.0646 4776  gpsvc - ok
21:30:43.0746 4776  [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service    C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
21:30:43.0786 4776  Greg_Service - ok
21:30:43.0856 4776  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:30:43.0876 4776  gupdate - ok
21:30:43.0876 4776  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:30:43.0896 4776  gupdatem - ok
21:30:43.0956 4776  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:30:43.0966 4776  gusvc - ok
21:30:44.0026 4776  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
21:30:44.0046 4776  hamachi - ok
21:30:44.0166 4776  [ 785FD63B74B30986A9F2C7D965CA509F ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
21:30:44.0216 4776  Hamachi2Svc - ok
21:30:44.0256 4776  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:30:44.0296 4776  hcw85cir - ok
21:30:44.0356 4776  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:30:44.0396 4776  HdAudAddService - ok
21:30:44.0416 4776  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:30:44.0466 4776  HDAudBus - ok
21:30:44.0496 4776  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
21:30:44.0526 4776  HECIx64 - ok
21:30:44.0556 4776  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:30:44.0596 4776  HidBatt - ok
21:30:44.0616 4776  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:30:44.0666 4776  HidBth - ok
21:30:44.0686 4776  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:30:44.0736 4776  HidIr - ok
21:30:44.0786 4776  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
21:30:44.0846 4776  hidserv - ok
21:30:44.0886 4776  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:30:44.0906 4776  HidUsb - ok
21:30:44.0976 4776  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:30:45.0056 4776  hkmsvc - ok
21:30:45.0106 4776  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:30:45.0176 4776  HomeGroupListener - ok
21:30:45.0206 4776  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:30:45.0256 4776  HomeGroupProvider - ok
21:30:45.0306 4776  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:30:45.0326 4776  HpSAMD - ok
21:30:45.0366 4776  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:30:45.0476 4776  HTTP - ok
21:30:45.0516 4776  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:30:45.0526 4776  hwpolicy - ok
21:30:45.0556 4776  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:30:45.0576 4776  i8042prt - ok
21:30:45.0656 4776  [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:30:45.0696 4776  IAANTMON - ok
21:30:45.0716 4776  [ BE7D72FCF442C26975942007E0831241 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
21:30:45.0726 4776  iaStor - ok
21:30:45.0766 4776  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:30:45.0796 4776  iaStorV - ok
21:30:45.0846 4776  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:30:45.0876 4776  idsvc - ok
21:30:45.0936 4776  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:30:45.0946 4776  iirsp - ok
21:30:45.0986 4776  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
21:30:46.0066 4776  IKEEXT - ok
21:30:46.0116 4776  [ 4FF8A2082D78255D2EB169F986BCC981 ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
21:30:46.0156 4776  Impcd - ok
21:30:46.0256 4776  [ 492CD3A94913D753B4591CD9E29EC843 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:30:46.0316 4776  IntcAzAudAddService - ok
21:30:46.0346 4776  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
21:30:46.0356 4776  intelide - ok
21:30:46.0396 4776  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:30:46.0416 4776  intelppm - ok
21:30:46.0446 4776  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:30:46.0486 4776  IPBusEnum - ok
21:30:46.0516 4776  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:30:46.0576 4776  IpFilterDriver - ok
21:30:46.0616 4776  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:30:46.0636 4776  iphlpsvc - ok
21:30:46.0666 4776  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:30:46.0696 4776  IPMIDRV - ok
21:30:46.0736 4776  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:30:46.0806 4776  IPNAT - ok
21:30:46.0836 4776  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:30:46.0876 4776  IRENUM - ok
21:30:46.0906 4776  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:30:46.0916 4776  isapnp - ok
21:30:46.0946 4776  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:30:46.0966 4776  iScsiPrt - ok
21:30:46.0996 4776  [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
21:30:47.0016 4776  k57nd60a - ok
21:30:47.0036 4776  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:30:47.0056 4776  kbdclass - ok
21:30:47.0076 4776  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:30:47.0116 4776  kbdhid - ok
21:30:47.0136 4776  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
21:30:47.0146 4776  KeyIso - ok
21:30:47.0176 4776  [ 07071C1E3CD8F0F9114AAC8B072CA1E5 ] KMWDFILTER      C:\Windows\system32\DRIVERS\KMWDFILTER.sys
21:30:47.0186 4776  KMWDFILTER - ok
21:30:47.0216 4776  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:30:47.0226 4776  KSecDD - ok
21:30:47.0246 4776  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:30:47.0256 4776  KSecPkg - ok
21:30:47.0286 4776  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:30:47.0366 4776  ksthunk - ok
21:30:47.0406 4776  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:30:47.0476 4776  KtmRm - ok
21:30:47.0526 4776  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:30:47.0596 4776  LanmanServer - ok
21:30:47.0626 4776  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:30:47.0686 4776  LanmanWorkstation - ok
21:30:47.0726 4776  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:30:47.0796 4776  lltdio - ok
21:30:47.0826 4776  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:30:47.0906 4776  lltdsvc - ok
21:30:47.0936 4776  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:30:47.0976 4776  lmhosts - ok
21:30:48.0036 4776  [ 7485FBCEF9136F530953575E2977859D ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:30:48.0066 4776  LMS - ok
21:30:48.0106 4776  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:30:48.0136 4776  LSI_FC - ok
21:30:48.0146 4776  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:30:48.0166 4776  LSI_SAS - ok
21:30:48.0176 4776  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:30:48.0196 4776  LSI_SAS2 - ok
21:30:48.0206 4776  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:30:48.0216 4776  LSI_SCSI - ok
21:30:48.0246 4776  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:30:48.0306 4776  luafv - ok
21:30:48.0356 4776  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:30:48.0376 4776  MBAMProtector - ok
21:30:48.0446 4776  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:30:48.0486 4776  MBAMScheduler - ok
21:30:48.0546 4776  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:30:48.0596 4776  MBAMService - ok
21:30:48.0626 4776  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:30:48.0676 4776  Mcx2Svc - ok
21:30:48.0706 4776  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:30:48.0726 4776  megasas - ok
21:30:48.0756 4776  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:30:48.0776 4776  MegaSR - ok
21:30:48.0796 4776  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
21:30:48.0866 4776  MMCSS - ok
21:30:48.0886 4776  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
21:30:48.0956 4776  Modem - ok
21:30:48.0986 4776  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:30:49.0026 4776  monitor - ok
21:30:49.0056 4776  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:30:49.0086 4776  mouclass - ok
21:30:49.0116 4776  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:30:49.0156 4776  mouhid - ok
21:30:49.0186 4776  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:30:49.0206 4776  mountmgr - ok
21:30:49.0256 4776  [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:30:49.0286 4776  MozillaMaintenance - ok
21:30:49.0306 4776  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:30:49.0326 4776  mpio - ok
21:30:49.0356 4776  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:30:49.0426 4776  mpsdrv - ok
21:30:49.0456 4776  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:30:49.0546 4776  MpsSvc - ok
21:30:49.0586 4776  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:30:49.0616 4776  MRxDAV - ok
21:30:49.0636 4776  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:30:49.0676 4776  mrxsmb - ok
21:30:49.0706 4776  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:30:49.0736 4776  mrxsmb10 - ok
21:30:49.0776 4776  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:30:49.0806 4776  mrxsmb20 - ok
21:30:49.0836 4776  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
21:30:49.0866 4776  msahci - ok
21:30:49.0886 4776  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:30:49.0906 4776  msdsm - ok
21:30:49.0916 4776  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
21:30:49.0956 4776  MSDTC - ok
21:30:49.0996 4776  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:30:50.0036 4776  Msfs - ok
21:30:50.0046 4776  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:30:50.0106 4776  mshidkmdf - ok
21:30:50.0146 4776  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:30:50.0166 4776  msisadrv - ok
21:30:50.0196 4776  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:30:50.0256 4776  MSiSCSI - ok
21:30:50.0256 4776  msiserver - ok
21:30:50.0306 4776  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:30:50.0396 4776  MSKSSRV - ok
21:30:50.0396 4776  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:30:50.0436 4776  MSPCLOCK - ok
21:30:50.0466 4776  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:30:50.0546 4776  MSPQM - ok
21:30:50.0576 4776  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:30:50.0596 4776  MsRPC - ok
21:30:50.0626 4776  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:30:50.0636 4776  mssmbios - ok
21:30:50.0676 4776  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:30:50.0756 4776  MSTEE - ok
21:30:50.0756 4776  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:30:50.0776 4776  MTConfig - ok
21:30:50.0806 4776  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:30:50.0816 4776  Mup - ok
21:30:50.0856 4776  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
21:30:50.0916 4776  napagent - ok
21:30:50.0976 4776  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:30:51.0036 4776  NativeWifiP - ok
21:30:51.0096 4776  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:30:51.0136 4776  NDIS - ok
21:30:51.0166 4776  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:30:51.0246 4776  NdisCap - ok
21:30:51.0296 4776  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:30:51.0366 4776  NdisTapi - ok
21:30:51.0396 4776  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:30:51.0476 4776  Ndisuio - ok
21:30:51.0516 4776  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:30:51.0576 4776  NdisWan - ok
21:30:51.0606 4776  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:30:51.0666 4776  NDProxy - ok
21:30:51.0756 4776  [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
21:30:51.0806 4776  Nero BackItUp Scheduler 4.0 - ok
21:30:51.0836 4776  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:30:51.0916 4776  NetBIOS - ok
21:30:51.0966 4776  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:30:52.0006 4776  NetBT - ok
21:30:52.0036 4776  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
21:30:52.0046 4776  Netlogon - ok
21:30:52.0076 4776  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
21:30:52.0146 4776  Netman - ok
21:30:52.0176 4776  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
21:30:52.0246 4776  netprofm - ok
21:30:52.0286 4776  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:30:52.0306 4776  NetTcpPortSharing - ok
21:30:52.0486 4776  [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
21:30:52.0716 4776  NETw5s64 - ok
21:30:52.0766 4776  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:30:52.0786 4776  nfrd960 - ok
21:30:52.0806 4776  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:30:52.0846 4776  NlaSvc - ok
21:30:52.0886 4776  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:30:52.0956 4776  Npfs - ok
21:30:52.0986 4776  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
21:30:53.0066 4776  nsi - ok
21:30:53.0086 4776  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:30:53.0166 4776  nsiproxy - ok
21:30:53.0236 4776  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:30:53.0286 4776  Ntfs - ok
21:30:53.0346 4776  [ 3589BFAF27183772B7F0F976AAAEDE43 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
21:30:53.0376 4776  NTI IScheduleSvc - ok
21:30:53.0416 4776  [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
21:30:53.0436 4776  NTIDrvr - ok
21:30:53.0436 4776  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
21:30:53.0526 4776  Null - ok
21:30:53.0556 4776  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:30:53.0566 4776  nvraid - ok
21:30:53.0586 4776  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:30:53.0606 4776  nvstor - ok
21:30:53.0616 4776  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:30:53.0636 4776  nv_agp - ok
21:30:53.0706 4776  [ 3CDD83C8D838C04009B3871274B97D36 ] OberonGameConsoleService C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe
21:30:53.0726 4776  OberonGameConsoleService - ok
21:30:53.0796 4776  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:30:53.0836 4776  odserv - ok
21:30:53.0866 4776  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:30:53.0906 4776  ohci1394 - ok
21:30:53.0956 4776  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:30:53.0986 4776  ose - ok
21:30:54.0016 4776  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:30:54.0076 4776  p2pimsvc - ok
21:30:54.0106 4776  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:30:54.0126 4776  p2psvc - ok
21:30:54.0156 4776  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:30:54.0176 4776  Parport - ok
21:30:54.0206 4776  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:30:54.0216 4776  partmgr - ok
21:30:54.0256 4776  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:30:54.0296 4776  PcaSvc - ok
21:30:54.0336 4776  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
21:30:54.0366 4776  pci - ok
21:30:54.0386 4776  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
21:30:54.0396 4776  pciide - ok
21:30:54.0426 4776  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:30:54.0446 4776  pcmcia - ok
21:30:54.0466 4776  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
21:30:54.0476 4776  pcw - ok
21:30:54.0496 4776  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:30:54.0576 4776  PEAUTH - ok
21:30:54.0656 4776  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:30:54.0696 4776  PerfHost - ok
21:30:54.0776 4776  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
21:30:54.0856 4776  pla - ok
21:30:54.0896 4776  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:30:54.0926 4776  PlugPlay - ok
21:30:54.0946 4776  PnkBstrA - ok
21:30:54.0966 4776  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:30:55.0006 4776  PNRPAutoReg - ok
21:30:55.0036 4776  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:30:55.0056 4776  PNRPsvc - ok
21:30:55.0086 4776  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:30:55.0156 4776  PolicyAgent - ok
21:30:55.0196 4776  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
21:30:55.0266 4776  Power - ok
21:30:55.0316 4776  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:30:55.0376 4776  PptpMiniport - ok
21:30:55.0396 4776  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:30:55.0436 4776  Processor - ok
21:30:55.0476 4776  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
21:30:55.0506 4776  ProfSvc - ok
21:30:55.0516 4776  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:30:55.0526 4776  ProtectedStorage - ok
21:30:55.0556 4776  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:30:55.0606 4776  Psched - ok
21:30:55.0646 4776  [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
21:30:55.0656 4776  PxHlpa64 - ok
21:30:55.0716 4776  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:30:55.0776 4776  ql2300 - ok
21:30:55.0796 4776  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:30:55.0806 4776  ql40xx - ok
21:30:55.0836 4776  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
21:30:55.0886 4776  QWAVE - ok
21:30:55.0916 4776  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:30:55.0956 4776  QWAVEdrv - ok
21:30:55.0986 4776  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:30:56.0046 4776  RasAcd - ok
21:30:56.0096 4776  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:30:56.0156 4776  RasAgileVpn - ok
21:30:56.0186 4776  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
21:30:56.0276 4776  RasAuto - ok
21:30:56.0296 4776  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:30:56.0356 4776  Rasl2tp - ok
21:30:56.0406 4776  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
21:30:56.0486 4776  RasMan - ok
21:30:56.0516 4776  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:30:56.0556 4776  RasPppoe - ok
21:30:56.0566 4776  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:30:56.0636 4776  RasSstp - ok
21:30:56.0676 4776  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:30:56.0756 4776  rdbss - ok
21:30:56.0786 4776  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:30:56.0836 4776  rdpbus - ok
21:30:56.0856 4776  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:30:56.0906 4776  RDPCDD - ok
21:30:56.0916 4776  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:30:56.0976 4776  RDPENCDD - ok
21:30:56.0996 4776  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:30:57.0036 4776  RDPREFMP - ok
21:30:57.0066 4776  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:30:57.0126 4776  RDPWD - ok
21:30:57.0166 4776  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:30:57.0186 4776  rdyboost - ok
21:30:57.0206 4776  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:30:57.0266 4776  RemoteAccess - ok
21:30:57.0306 4776  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:30:57.0386 4776  RemoteRegistry - ok
21:30:57.0416 4776  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:30:57.0486 4776  RpcEptMapper - ok
21:30:57.0506 4776  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
21:30:57.0536 4776  RpcLocator - ok
21:30:57.0576 4776  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
21:30:57.0626 4776  RpcSs - ok
21:30:57.0656 4776  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:30:57.0696 4776  rspndr - ok
21:30:57.0726 4776  [ DB30AA4DAA0D492FA5D7717D8181FFA1 ] RSUSBSTOR       C:\Windows\System32\Drivers\RtsUStor.sys
21:30:57.0766 4776  RSUSBSTOR - ok
21:30:57.0826 4776  [ 7421A35C45484B95E83B5E9E107CEFC2 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
21:30:57.0856 4776  RTHDMIAzAudService - ok
21:30:57.0866 4776  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
21:30:57.0886 4776  SamSs - ok
21:30:57.0916 4776  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:30:57.0936 4776  sbp2port - ok
21:30:57.0966 4776  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:30:58.0006 4776  SCardSvr - ok
21:30:58.0036 4776  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:30:58.0086 4776  scfilter - ok
21:30:58.0146 4776  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
21:30:58.0226 4776  Schedule - ok
21:30:58.0276 4776  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:30:58.0326 4776  SCPolicySvc - ok
21:30:58.0346 4776  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:30:58.0416 4776  SDRSVC - ok
21:30:58.0446 4776  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:30:58.0526 4776  secdrv - ok
21:30:58.0566 4776  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
21:30:58.0646 4776  seclogon - ok
21:30:58.0686 4776  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
21:30:58.0766 4776  SENS - ok
21:30:58.0786 4776  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:30:58.0806 4776  SensrSvc - ok
21:30:58.0846 4776  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:30:58.0896 4776  Serenum - ok
21:30:58.0916 4776  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:30:58.0966 4776  Serial - ok
21:30:59.0016 4776  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:30:59.0046 4776  sermouse - ok
21:30:59.0106 4776  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:30:59.0186 4776  SessionEnv - ok
21:30:59.0216 4776  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:30:59.0266 4776  sffdisk - ok
21:30:59.0286 4776  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:30:59.0336 4776  sffp_mmc - ok
21:30:59.0356 4776  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:30:59.0406 4776  sffp_sd - ok
21:30:59.0436 4776  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:30:59.0476 4776  sfloppy - ok
21:30:59.0516 4776  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:30:59.0606 4776  SharedAccess - ok
21:30:59.0646 4776  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:30:59.0706 4776  ShellHWDetection - ok
21:30:59.0746 4776  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:30:59.0766 4776  SiSRaid2 - ok
21:30:59.0786 4776  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:30:59.0806 4776  SiSRaid4 - ok
21:30:59.0846 4776  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:30:59.0856 4776  SkypeUpdate - ok
21:30:59.0876 4776  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:30:59.0936 4776  Smb - ok
21:30:59.0976 4776  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:31:00.0036 4776  SNMPTRAP - ok
21:31:00.0086 4776  [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan        C:\Windows\syswow64\speedfan.sys
21:31:00.0116 4776  speedfan - ok
21:31:00.0136 4776  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:31:00.0156 4776  spldr - ok
21:31:00.0196 4776  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
21:31:00.0276 4776  Spooler - ok
21:31:00.0376 4776  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
21:31:00.0516 4776  sppsvc - ok
21:31:00.0546 4776  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:31:00.0626 4776  sppuinotify - ok
21:31:00.0666 4776  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:31:00.0696 4776  srv - ok
21:31:00.0716 4776  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:31:00.0756 4776  srv2 - ok
21:31:00.0786 4776  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:31:00.0816 4776  srvnet - ok
21:31:00.0866 4776  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:31:00.0956 4776  SSDPSRV - ok
21:31:00.0976 4776  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:31:01.0026 4776  SstpSvc - ok
21:31:01.0056 4776  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:31:01.0076 4776  stexstor - ok
21:31:01.0116 4776  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
21:31:01.0156 4776  stisvc - ok
21:31:01.0176 4776  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:31:01.0186 4776  swenum - ok
21:31:01.0226 4776  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
21:31:01.0296 4776  swprv - ok
21:31:01.0356 4776  [ ECB9097C86DB32BF3940590E0E1792C3 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
21:31:01.0386 4776  SynTP - ok
21:31:01.0446 4776  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
21:31:01.0546 4776  SysMain - ok
21:31:01.0586 4776  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:31:01.0616 4776  TabletInputService - ok
21:31:01.0656 4776  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:31:01.0726 4776  TapiSrv - ok
21:31:01.0746 4776  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
21:31:01.0786 4776  TBS - ok
21:31:01.0836 4776  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:31:01.0886 4776  Tcpip - ok
21:31:01.0916 4776  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:31:01.0956 4776  TCPIP6 - ok
21:31:01.0986 4776  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:31:02.0026 4776  tcpipreg - ok
21:31:02.0056 4776  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:31:02.0126 4776  TDPIPE - ok
21:31:02.0146 4776  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:31:02.0186 4776  TDTCP - ok
21:31:02.0226 4776  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:31:02.0276 4776  tdx - ok
21:31:02.0286 4776  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:31:02.0306 4776  TermDD - ok
21:31:02.0336 4776  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
21:31:02.0406 4776  TermService - ok
21:31:02.0446 4776  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
21:31:02.0506 4776  Themes - ok
21:31:02.0546 4776  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
21:31:02.0576 4776  THREADORDER - ok
21:31:02.0616 4776  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
21:31:02.0696 4776  TrkWks - ok
21:31:02.0756 4776  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:31:02.0836 4776  TrustedInstaller - ok
21:31:02.0866 4776  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:31:02.0906 4776  tssecsrv - ok
21:31:02.0936 4776  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:31:02.0996 4776  TsUsbFlt - ok
21:31:03.0036 4776  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:31:03.0106 4776  tunnel - ok
21:31:03.0146 4776  [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
21:31:03.0156 4776  TurboB - ok
21:31:03.0246 4776  [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:31:03.0276 4776  TurboBoost - ok
21:31:03.0296 4776  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:31:03.0316 4776  uagp35 - ok
21:31:03.0326 4776  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
21:31:03.0346 4776  UBHelper - ok
21:31:03.0376 4776  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:31:03.0446 4776  udfs - ok
21:31:03.0486 4776  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:31:03.0516 4776  UI0Detect - ok
21:31:03.0536 4776  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:31:03.0546 4776  uliagpkx - ok
21:31:03.0586 4776  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
21:31:03.0636 4776  umbus - ok
21:31:03.0666 4776  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:31:03.0716 4776  UmPass - ok
21:31:03.0846 4776  [ 765F2DD351BA064F657751D8D75E58C0 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:31:03.0896 4776  UNS - ok
21:31:03.0956 4776  [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
21:31:03.0986 4776  Updater Service - ok
21:31:04.0026 4776  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
21:31:04.0066 4776  upnphost - ok
21:31:04.0096 4776  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:31:04.0116 4776  usbccgp - ok
21:31:04.0146 4776  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:31:04.0166 4776  usbcir - ok
21:31:04.0186 4776  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
21:31:04.0226 4776  usbehci - ok
21:31:04.0256 4776  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:31:04.0306 4776  usbhub - ok
21:31:04.0316 4776  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:31:04.0366 4776  usbohci - ok
21:31:04.0416 4776  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:31:04.0446 4776  usbprint - ok
21:31:04.0476 4776  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:31:04.0496 4776  usbscan - ok
21:31:04.0526 4776  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:31:04.0596 4776  USBSTOR - ok
21:31:04.0616 4776  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:31:04.0656 4776  usbuhci - ok
21:31:04.0696 4776  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:31:04.0736 4776  usbvideo - ok
21:31:04.0756 4776  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
21:31:04.0806 4776  UxSms - ok
21:31:04.0816 4776  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
21:31:04.0826 4776  VaultSvc - ok
21:31:04.0856 4776  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:31:04.0876 4776  vdrvroot - ok
21:31:04.0916 4776  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
21:31:05.0006 4776  vds - ok
21:31:05.0046 4776  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:31:05.0076 4776  vga - ok
21:31:05.0096 4776  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:31:05.0156 4776  VgaSave - ok
21:31:05.0196 4776  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:31:05.0226 4776  vhdmp - ok
21:31:05.0246 4776  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
21:31:05.0256 4776  viaide - ok
21:31:05.0266 4776  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:31:05.0276 4776  volmgr - ok
21:31:05.0306 4776  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:31:05.0326 4776  volmgrx - ok
21:31:05.0336 4776  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:31:05.0356 4776  volsnap - ok
21:31:05.0376 4776  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:31:05.0396 4776  vsmraid - ok
21:31:05.0456 4776  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
21:31:05.0546 4776  VSS - ok
21:31:05.0576 4776  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:31:05.0626 4776  vwifibus - ok
21:31:05.0656 4776  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:31:05.0696 4776  vwififlt - ok
21:31:05.0736 4776  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
21:31:05.0826 4776  W32Time - ok
21:31:05.0846 4776  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:31:05.0886 4776  WacomPen - ok
21:31:05.0926 4776  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:31:06.0016 4776  WANARP - ok
21:31:06.0016 4776  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:31:06.0056 4776  Wanarpv6 - ok
21:31:06.0126 4776  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
21:31:06.0196 4776  wbengine - ok
21:31:06.0236 4776  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:31:06.0266 4776  WbioSrvc - ok
21:31:06.0306 4776  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:31:06.0376 4776  wcncsvc - ok
21:31:06.0396 4776  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:31:06.0416 4776  WcsPlugInService - ok
21:31:06.0446 4776  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:31:06.0466 4776  Wd - ok
21:31:06.0506 4776  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:31:06.0526 4776  Wdf01000 - ok
21:31:06.0556 4776  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:31:06.0606 4776  WdiServiceHost - ok
21:31:06.0606 4776  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:31:06.0626 4776  WdiSystemHost - ok
21:31:06.0666 4776  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
21:31:06.0726 4776  WebClient - ok
21:31:06.0746 4776  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:31:06.0826 4776  Wecsvc - ok
21:31:06.0856 4776  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:31:06.0926 4776  wercplsupport - ok
21:31:06.0956 4776  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:31:07.0006 4776  WerSvc - ok
21:31:07.0026 4776  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:31:07.0066 4776  WfpLwf - ok
21:31:07.0086 4776  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:31:07.0096 4776  WIMMount - ok
21:31:07.0126 4776  WinDefend - ok
21:31:07.0126 4776  WinHttpAutoProxySvc - ok
21:31:07.0176 4776  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:31:07.0236 4776  Winmgmt - ok
21:31:07.0326 4776  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
21:31:07.0396 4776  WinRM - ok
21:31:07.0466 4776  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:31:07.0536 4776  Wlansvc - ok
21:31:07.0576 4776  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:31:07.0616 4776  WmiAcpi - ok
21:31:07.0666 4776  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:31:07.0716 4776  wmiApSrv - ok
21:31:07.0746 4776  WMPNetworkSvc - ok
21:31:07.0796 4776  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:31:07.0826 4776  WPCSvc - ok
21:31:07.0846 4776  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:31:07.0866 4776  WPDBusEnum - ok
21:31:07.0886 4776  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:31:07.0956 4776  ws2ifsl - ok
21:31:07.0976 4776  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
21:31:08.0026 4776  wscsvc - ok
21:31:08.0026 4776  WSearch - ok
21:31:08.0106 4776  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:31:08.0166 4776  wuauserv - ok
21:31:08.0206 4776  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:31:08.0266 4776  WudfPf - ok
21:31:08.0316 4776  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:31:08.0346 4776  WUDFRd - ok
21:31:08.0366 4776  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:31:08.0416 4776  wudfsvc - ok
21:31:08.0456 4776  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:31:08.0486 4776  WwanSvc - ok
21:31:08.0586 4776  [ 74983ADDCA2D9618512C088D856D6615 ] {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
21:31:08.0596 4776  {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
21:31:08.0596 4776  ================ Scan global ===============================
21:31:08.0626 4776  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:31:08.0656 4776  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
21:31:08.0676 4776  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
21:31:08.0716 4776  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:31:08.0746 4776  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:31:08.0746 4776  [Global] - ok
21:31:08.0746 4776  ================ Scan MBR ==================================
21:31:08.0756 4776  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:31:09.0016 4776  \Device\Harddisk0\DR0 - ok
21:31:09.0016 4776  ================ Scan VBR ==================================
21:31:09.0016 4776  [ 3409CAF472BDFFE7E10B57E26DF5CC3F ] \Device\Harddisk0\DR0\Partition1
21:31:09.0016 4776  \Device\Harddisk0\DR0\Partition1 - ok
21:31:09.0046 4776  [ 6FD02B5F182053A97D7A79B5F8D9535C ] \Device\Harddisk0\DR0\Partition2
21:31:09.0046 4776  \Device\Harddisk0\DR0\Partition2 - ok
21:31:09.0086 4776  [ 63B00EA517A19D49F0E3A96AC2615E8A ] \Device\Harddisk0\DR0\Partition3
21:31:09.0096 4776  \Device\Harddisk0\DR0\Partition3 - ok
21:31:09.0096 4776  ============================================================
21:31:09.0096 4776  Scan finished
21:31:09.0096 4776  ============================================================
21:31:09.0106 3500  Detected object count: 1
21:31:09.0106 3500  Actual detected object count: 1
21:31:37.0636 3500  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:31:37.0636 3500  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 14.01.2013, 21:25   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gvu trojaner - Standard

Gvu trojaner



Unauffällig

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.01.2013, 13:37   #11
Rap01
 
Gvu trojaner - Standard

Gvu trojaner



Der Log von adwCleaner:

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 15/01/2013 um 14:35:31 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Martin - PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Martin\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Martin\AppData\Local\Temp\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Ask.com.tmp

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\yd6rt3yc.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\oho5x2u4.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v24.0.1312.52

Datei : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.11.1661.0

Datei : C:\Users\Martin\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1380 octets] - [15/01/2013 14:35:31]

########## EOF - C:\AdwCleaner[R1].txt - [1440 octets] ##########
         

Alt 15.01.2013, 15:09   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gvu trojaner - Standard

Gvu trojaner



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.01.2013, 16:23   #13
Rap01
 
Gvu trojaner - Standard

Gvu trojaner



Verdammt nochmal....

Ich glaube langsam werd ich verrückt hier. Ebend hat mein kleiner Bruder kurz mal an meinem PC rumgespielt und was is....

Schon wieder ein GVU Trojaner
Offensichtlich durch eine achtlos wegeklickte AdobeReader Meldung.

Erstmal wieder Systemwiederherstellung gemacht.

Jetz hab ich mich auch erstmal belesen und da viel mir auf das sich die Dinger ja offensichtlich durch eine Sicherheitslücke im Java einschleichen, dieses werde ich jetz erstmal deinstallieren!

Und meinen PC gebe ich auch nicht mehr aus der Hand.

Das wird ja langsam lächerlich...


Weiterhin stellt sich mir jetzt natürlich wieder die Frage was tun?
Bestimmt die Anleitung nochmal von oben nach unten durchgehen oder?

Ach und erstmal danke für deine bisherige Hilfe, ich hoffe du kannst mir auch weiterhin helfen.

MfG

Alt 16.01.2013, 10:43   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Gvu trojaner - Standard

Gvu trojaner



Mach bitte erstmal weiter wie in meinem letzten Posting beschrieben
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.01.2013, 17:27   #15
Rap01
 
Gvu trojaner - Standard

Gvu trojaner



adw Cleaner:

Code:
ATTFilter
# AdwCleaner v2.105 - Datei am 16/01/2013 um 18:10:56 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Martin - PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Martin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Martin\AppData\Local\Temp\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v16.0.2 (de)

Datei : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\yd6rt3yc.default\prefs.js

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\oho5x2u4.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v24.0.1312.52

Datei : C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.11.1661.0

Datei : C:\Users\Martin\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [3018 octets] - [15/01/2013 14:35:31]
AdwCleaner[R2].txt - [1569 octets] - [16/01/2013 18:06:38]
AdwCleaner[S1].txt - [1502 octets] - [16/01/2013 18:10:56]

########## EOF - C:\AdwCleaner[S1].txt - [1562 octets] ##########
         
OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.01.2013 18:15:45 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 65,19% Memory free
7,73 Gb Paging File | 6,09 Gb Available in Paging File | 78,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 434,13 Gb Total Space | 260,75 Gb Free Space | 60,06% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 7,79 Gb Free Space | 39,89% Space Free | Partition Type: NTFS
Drive E: | 2,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll ()
MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files (x86)\VideoWebCamera\Utility.dll ()
MOD - C:\Program Files (x86)\VideoWebCamera\Image.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TurboBoost) -- C:\Programme\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273608125235l0444z1l5f4522x543
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273608125235l0444z1l5f4522x543
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273608125235l0444z1l5f4522x543
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273608125235l0444z1l5f4522x543
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273608125235l0444z1l5f4522x543
IE - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273608125235l0444z1l5f4522x543
IE - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE499
IE - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.80.2
FF - prefs.js..network.proxy.backup.ftp: "103.8.160.150"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.socks: "103.8.160.150"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "103.8.160.150"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.05 19:52:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.05 19:52:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.29 18:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2012.12.19 17:18:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\yd6rt3yc.default\extensions
[2012.10.26 19:07:04 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\yd6rt3yc.default\extensions\battlefieldplay4free@ea.com
[2012.12.19 17:18:35 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\yd6rt3yc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.05 19:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.05 19:52:36 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - Extension: YouTube = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
CHR - Extension: Google Mail = C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe File not found
O4 - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001..\Run: [ICQ] C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1887213331-3047672844-2597413253-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0923E21-D072-4593-ADBF-4837B4189B33}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.10.31 05:10:28 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7778cdea-f06e-11e1-b152-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7778cdea-f06e-11e1-b152-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.11.01 23:17:12 | 000,356,352 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.16 18:13:18 | 000,000,000 | R--D | C] -- C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013.01.14 16:55:28 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Virusbekämpfung
[2013.01.13 23:30:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\mbar-1.01.0.1016
[2013.01.13 22:52:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.01.10 17:18:17 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.10 17:18:16 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.10 17:17:55 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.10 17:17:54 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.01.10 17:17:44 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.10 17:17:44 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.01.10 17:17:44 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.10 17:17:44 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.01.10 17:17:43 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.01.10 17:17:43 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.10 17:17:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.01.10 17:17:43 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.10 17:17:43 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.10 17:17:43 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.01.10 17:17:43 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.10 17:17:43 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.01.10 17:17:43 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.10 17:17:43 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.01.10 17:17:43 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.10 17:17:43 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.01.10 17:17:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.10 17:17:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.01.10 17:17:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.10 17:17:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.01.10 17:17:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.10 17:17:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.01.10 17:17:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.10 17:17:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.01.10 17:17:41 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.10 17:17:41 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.01.10 17:17:41 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.10 17:17:41 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.01.10 17:17:41 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.10 17:17:41 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.01.10 17:17:41 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.10 17:17:41 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.01.10 17:16:59 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.10 17:16:57 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.10 17:16:57 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.10 17:16:56 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.10 17:16:56 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.10 17:16:56 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.10 17:16:56 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.10 17:16:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.10 17:16:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.10 17:16:56 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.10 17:16:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.10 17:16:56 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.10 17:16:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.10 17:16:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.10 17:16:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.10 17:16:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.10 17:16:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.10 17:16:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.10 17:16:55 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.10 17:16:55 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.10 17:16:55 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.10 17:16:55 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.10 17:16:55 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.10 17:16:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.10 17:16:37 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.04 04:19:55 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Programs
[2013.01.02 21:39:10 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\Gothic3ForsakenGods
[2013.01.02 21:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2013.01.02 21:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD
[2012.12.26 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Minimal.Electro
[2012.12.26 22:18:57 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Charts
[2012.12.26 22:18:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Alles
[2012.12.26 22:18:15 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Alle Farben
[2012.12.26 22:17:28 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Toppa
[2012.12.22 01:47:38 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012.12.22 01:47:38 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012.12.22 01:47:38 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012.12.22 01:47:36 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.16 18:20:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 18:20:08 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.16 18:13:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.16 18:12:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.16 18:12:33 | 3113,304,064 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.16 18:05:54 | 000,554,087 | ---- | M] () -- C:\Users\Martin\Desktop\adwcleaner.exe
[2013.01.16 18:04:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.15 22:35:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.13 22:52:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2013.01.12 13:33:53 | 000,351,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.12 05:13:56 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.12 05:13:56 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.12 05:13:56 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.12 05:13:56 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.12 05:13:56 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.08 23:35:54 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.08 23:35:54 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.02 21:38:29 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Gothic III - Götterdämmerung.lnk
[2013.01.02 06:04:36 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.INI
 
========== Files Created - No Company Name ==========
 
[2013.01.16 18:05:54 | 000,554,087 | ---- | C] () -- C:\Users\Martin\Desktop\adwcleaner.exe
[2013.01.02 21:38:29 | 000,002,148 | ---- | C] () -- C:\Users\Public\Desktop\Gothic III - Götterdämmerung.lnk
[2012.10.19 16:28:58 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.19 16:28:53 | 000,183,112 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.17 20:12:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2012.10.13 16:16:11 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012.10.13 16:16:11 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012.10.13 16:16:11 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012.10.13 16:09:42 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI
[2012.09.02 20:38:05 | 000,001,226 | ---- | C] () -- C:\Windows\SplitCam.INI
[2012.09.01 16:28:09 | 000,000,218 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.09.01 16:28:09 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.09.01 16:24:56 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.09.01 14:28:17 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.09.01 14:28:17 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.08.27 21:30:23 | 000,058,368 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\skype.dat
[2012.08.27 18:49:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.11.05 23:47:00 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.18 15:44:07 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Opera
[2012.11.09 21:31:01 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.minecraft
[2012.08.29 22:37:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ASCOMP Software
[2012.10.18 19:39:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft
[2012.10.18 19:41:26 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.02 04:05:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FreeScreenToVideo
[2013.01.16 18:13:33 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ
[2012.10.19 16:27:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech
[2012.11.04 23:10:59 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LolClient
[2012.08.27 19:26:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Opera
[2012.10.09 18:49:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

[/CODE]

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.01.2013 18:15:45 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 65,19% Memory free
7,73 Gb Paging File | 6,09 Gb Available in Paging File | 78,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 434,13 Gb Total Space | 260,75 Gb Free Space | 60,06% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 7,79 Gb Free Space | 39,89% Space Free | Partition Type: NTFS
Drive E: | 2,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-1887213331-3047672844-2597413253-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DBCFECB-9A2D-4214-8DB5-74BDD157BB01}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{19506490-8561-4FBB-8697-E01EF9587733}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1A660E18-ECF3-43D8-B353-35BE03735713}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{26AC27F7-C614-44B2-9F69-CCCD4D45B6B1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{293FE999-7A59-4F1D-ABC7-F861571419C9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2F59A125-F3FC-4E92-9F65-AFB028DDE5DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4021CD6F-756D-403B-B547-D31DB429C335}" = rport=445 | protocol=6 | dir=out | app=system | 
"{48F426FD-7A34-4E3D-83E0-01999E69E390}" = lport=445 | protocol=6 | dir=in | app=system | 
"{4D370B61-C067-49FE-B8D0-DE0BCFFF4E44}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4F5DCE12-FEC2-4498-BEDE-3263FBBC322F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{52F7F430-9C97-4961-8F6C-EA8B53E2E156}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5B8949EF-8525-43F4-9D12-BB044207D01C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5D2711CC-082E-4B23-A23C-2BCE1432EBBD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{5E1476B4-1264-43B1-867C-E491226F9721}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{63589DD0-9ABF-45AF-8C7E-A41ED3AB080C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{76AE751F-F286-418D-A964-09EA47601C43}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8676374A-DFA3-4736-8BA7-1E6D36108892}" = rport=139 | protocol=6 | dir=out | app=system | 
"{98EAAC42-DB30-45FB-ACEE-F8796949933B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9BCF5AC6-B34A-46AB-BD57-34A78D927AA3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9F550510-D683-4773-8215-32402C43E9F1}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A2AA098F-4FF9-4DE7-BD7C-5FCBD7C6DC4D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{BC7772B2-CC1C-413E-AA3A-D92408B9EEF7}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C77CE01D-82CE-4962-8C94-7E494EAE06A4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D8C2697D-35F2-450F-8681-ADC86EF32E43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA099C28-4D03-4DC5-9400-1BCC2C18DB32}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0367AD91-2193-4ED8-9CD8-282414D22DA5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{046B64A5-BFC8-44F3-8939-13F4D5154F00}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{063F9D65-C6AD-4E78-B6E0-5AB25680FFCD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0EA6F1CC-8831-4C61-B6FB-97B61747D2D6}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{0FF93175-A57C-4B0A-B1C5-815845421872}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{11BEBEFC-AEB7-4E29-8B98-37ED280F52BD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{17DC7D54-9B01-4CF7-8F90-C65439759517}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{1A36F0FA-9D24-4894-938F-79BD984D7479}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1FDEE84F-C4FE-4207-98D8-E7297DEC0093}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{1FEEAC55-8C4F-4648-8AED-124603976A78}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{27B890B3-060D-4452-9F51-74C4ADA4BC34}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2AEF9814-3639-4741-9A0F-8BD885B650A9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{32596A4B-9C67-4D6B-A03D-84590241CB0C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{33B0290E-1CFC-4758-A792-CC7A89EE0844}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3666F18F-54F9-4556-908B-BF43975A1AF1}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3823566C-A55A-4564-AE44-EF986A28CF8C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3DB640AC-1B0E-40E4-A8FA-EA6D7D445C8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{46688770-8640-4230-A913-280EAE2FD84B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{4C0EC66E-A5F8-4295-8C63-3CA222353271}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4D027A6F-227C-4FA8-BC73-01A9F6A7B94D}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{531DB83B-BA72-448E-8A59-80194ABE2FD0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{53208EBA-0D98-483A-A826-68BBBC7350EF}" = protocol=6 | dir=in | app=c:\nexon\combat arms\combatarms.exe | 
"{5448FAAD-F440-4E94-9E95-2FF94CD79D99}" = protocol=58 | dir=in | app=system | 
"{57337991-1FD1-4B34-ADBA-ED1A8EC94F8E}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\xrengine.exe | 
"{676233C7-7E0C-4CF1-8B4E-36D26F8028DA}" = protocol=17 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{67C1FD2C-32AC-4AA2-958D-40BED89265ED}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{6CC3A447-8A06-4A19-AC0B-0A7C44A69908}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{733F7704-C9A3-49C0-913A-0790058625B0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{76100AC4-DFE5-42D8-B78A-316859545F9E}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{7FCBAF3D-9E30-43D3-8C46-1C602BC18D42}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{82AEE290-5D83-4CFC-8CC8-59758D5E47B3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{86C59DAF-482D-45C9-A98A-81D72A0184DE}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{8B40327E-DD6D-490C-9F72-72707EA9DF4C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8B741A73-7831-4CBA-BBC5-87ACB8D0FD01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9993D219-E480-4BC7-B57C-CAE0AB9A3D8D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A7DC351C-2454-4390-82C3-300245201F04}" = protocol=6 | dir=in | app=c:\program files (x86)\bitcomposer games\s.t.a.l.k.e.r. - call of pripyat\bin\dedicated\xrengine.exe | 
"{A969FC0C-7332-4912-9480-E7662E4EBDCD}" = protocol=17 | dir=in | app=c:\nexon\combat arms\combatarms.exe | 
"{AA5FAB9D-D8AF-4C8B-BFDD-F72CFE2EC8A1}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{AC7D30B9-4E91-4463-97FB-53C9C837B697}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{ACCD3C54-C710-468E-B9D6-D33B30189AD5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{AFDE4376-F096-4EDA-BD55-80158E42C5C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B17BF433-83D2-4E51-B602-5CD3EA8305D5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B2C21D06-B9A7-4A3A-A00E-C59729ACE1DA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{BA2CD5BC-E111-4874-8B9F-B66E4C6EEC60}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{BAAC3586-6444-431B-A011-9B80CEBEDC34}" = protocol=6 | dir=out | app=system | 
"{C2ACB520-0515-4A72-B853-23E09D2C50DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C782B4C4-44A2-49CC-9D8B-D272FBE83B31}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{CAE6A7F4-2805-4E10-AF3E-E49054D0A812}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{D26FADCF-52FD-49BF-BA93-4A8C4F85268B}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{E41CBA83-05B0-46BF-BC6F-7BBD04D85496}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E6575124-A851-475D-9DA0-ABD05DFB5C8D}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{E6A0F427-B39A-45DD-A35E-2B122D5D8886}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E8AFEBC6-A9E4-41C0-A7F5-1BFF2E154A26}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{EF33609C-4480-4550-9E2B-684CB6FF6C7B}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{F0CD0E17-A4C8-4500-B917-3078EB1234F5}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{F3879D67-5E3F-4CAC-9D98-715B747D020E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F6D47E03-3BD9-469A-8255-5D485108366A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{FC12998D-E3A8-460F-A931-5ABD7F2A0042}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{FC25414A-A193-4460-84C9-ED42EEA39A4E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FC95C17B-B750-4036-9C16-0472D06A7C7E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FE149C31-432B-4F02-8882-38896383D6AF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"TCP Query User{032E58A7-0159-4C78-B622-6A3E235C8A4F}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{0A15D1AF-BE1D-4615-8FC3-5FA4AFB75A52}C:\program files (x86)\icq7m\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"TCP Query User{522BD76D-0266-4A90-B51A-44775324182E}C:\nexon\combat arms eu\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"TCP Query User{58E44B06-086D-41C6-97A0-B83A6A69AED6}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{C1167A2C-2561-48B6-A27C-5C8639464EA7}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"TCP Query User{D72B6E81-25D2-4DE6-A175-EED399BBA323}C:\program files (x86)\reality pump\lost souls\lostsouls.exe" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\lost souls\lostsouls.exe | 
"TCP Query User{EF5D96F9-5FD6-4CAA-82F6-A50E63C4AA46}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{021EBDDA-E383-4D05-B864-4C80F141AE02}C:\program files (x86)\reality pump\lost souls\lostsouls.exe" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\lost souls\lostsouls.exe | 
"UDP Query User{39FE29D8-EAC4-4220-B1AA-903888C2294A}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe | 
"UDP Query User{3E95C21D-B160-468A-A4A5-AAAF32465468}C:\nexon\combat arms eu\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\engine.exe | 
"UDP Query User{59B8C876-47F1-46FD-95E4-92DA7F4FF862}C:\program files (x86)\icq7m\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"UDP Query User{B86E3DBD-F8B9-4469-A634-8ABA139F708B}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{C1A5C63A-E228-4DB3-BAC5-6019B1E8972F}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe | 
"UDP Query User{EE9A206C-D838-48DE-A6B0-CA0B4F12EA8B}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{7EFFF53E-F5A0-529D-2F69-DBAC8EEB36BB}" = ATI Catalyst Install Manager
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DEFCD877-1F8D-1C19-9D2F-C8CC4550340D}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02c6547c-700b-486e-821e-065148c9915a}" = Nero 9 Essentials
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{117E3AE2-10D1-41C1-9FA6-F4C382F767A8}_is1" = Packard Bell GameZone Console
"{13416D3D-AC63-1463-8F13-9DCA2AC968F6}" = CCC Help Greek
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22245BDB-CA20-DCD2-12C9-7D50692DF744}" = CCC Help Polish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2447500B-22D7-47BD-9B13-1A927F43A267}" = Empire Earth
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{34A0D249-747E-4D6C-803D-329C120C6B79}" = Catalyst Control Center - Branding
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C6862CE-912B-C2F7-CFB7-5A267620BF1A}" = CCC Help Chinese Traditional
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43A3E94C-CD9E-2405-675D-B71024874287}" = Catalyst Control Center Graphics Full Existing
"{47829AF8-2C85-1B85-D9F7-909D708B857E}" = CCC Help Spanish
"{487187CE-1610-BA3D-E1B3-7968ED205D9A}" = CCC Help Finnish
"{4CF0503F-414B-BE2F-3047-E774FDE7881B}" = CCC Help Japanese
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{51C880E9-3DBA-1F09-A48C-5029B6FFA0E1}" = CCC Help Turkish
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5F8E0BF8-4DB8-9A38-E18A-0A8D6BBD0C5D}" = Catalyst Control Center Graphics Light
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{600A3CA2-05CF-7A41-093C-457FBE5EC5E4}" = CCC Help Italian
"{60D16B34-B668-892D-7C65-A06110DE4D6E}" = CCC Help Chinese Standard
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{64DB6421-C9E2-066B-2D6C-01A9C1187FE1}" = CCC Help Hungarian
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69BB6CDD-FB8C-2314-561F-DCA74B77E854}" = Catalyst Control Center Core Implementation
"{6D42924D-1E41-D3C6-465D-263E294BFFDF}" = Catalyst Control Center Graphics Full New
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{705F4E1F-0A2A-54A5-04A6-C0B03EDB3B16}" = CCC Help Swedish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{775DC704-AAE3-4A79-981F-EA1CBAF96EB7}" = Gothic III - Götterdämmerung
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
"{810E0BD5-714D-45FB-2E27-B7BBB0BCA820}" = ccc-core-static
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{845BD512-B4A1-F058-5D48-1E4E5BD097E8}" = CCC Help English
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{950DCEAA-545D-B98C-69F2-4136D9D616AF}" = Catalyst Control Center InstallProxy
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BFE8D4A-6A08-FBE3-C07F-44B6CADE25CD}" = CCC Help Czech
"{A1D203C7-8E2A-3BE6-676E-D5CD4A453C6F}" = CCC Help Dutch
"{A24CC346-D415-0BA1-E088-6CAEC06DDE39}" = CCC Help Thai
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AE710981-9CAE-463F-817F-48F7BB6F93CF}_is1" = Free WAV to MP3 Converter
"{B0A4E37C-88BA-078F-FACE-84FEC086F2AF}" = CCC Help Danish
"{B1BD2EB4-A222-932B-DC40-59312357F190}" = CCC Help Korean
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE8F08BD-BC5E-158A-0832-D7EF669C870C}" = CCC Help German
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C6A655F8-B1CB-3A69-4846-25A7E192FB8D}" = CCC Help Portuguese
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CBCE09FB-0D69-7433-ED99-088BCB46E377}" = CCC Help Russian
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{D4B46A37-9FDC-3016-A216-84038B1982DF}" = Catalyst Control Center Localization All
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E0FA47BF-07DB-21B5-3E39-8A784657366D}" = Catalyst Control Center Graphics Previews Vista
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1F3E34E-E2C4-0346-2F85-D8702AD084FE}" = CCC Help French
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F55DC2A8-0B42-72A1-02B6-5035DEED3E11}" = CCC Help Norwegian
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Combat Arms EU" = Combat Arms EU
"Earth 2150 - Lost Souls" = Earth 2150 - Lost Souls
"Free Screen To Video_is1" = Free Screen To Video V 2.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Metaboli" = Metaboli
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.11.1661" = Opera 12.11
"Packard Bell InfoCentre" = Packard Bell InfoCentre
"Packard Bell Registration" = Packard Bell Registration
"Packard Bell Screensaver" = Packard Bell ScreenSaver
"Packard Bell Welcome Center" = Welcome Center
"PDF-to-Word 3.1 Demo" = PDF-to-Word 3.1 Demo
"PunkBusterSvc" = PunkBuster Services
"Secure Eraser_is1" = Secure Eraser v4.0
"SpeedFan" = SpeedFan (remove only)
"SplitCam" = SplitCam
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.01.2013 23:53:33 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.01.2013 22:42:48 | Computer Name = PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 04.01.2013 22:44:19 | Computer Name = PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 04.01.2013 22:45:07 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.01.2013 22:45:07 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.01.2013 22:45:08 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.01.2013 22:45:08 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.01.2013 11:02:20 | Computer Name = PC | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
 Datei  C:\Users\Martin\AppData\Local\Opera\Opera\cache\sesn\opr024IH.tmp.   [ACCESS_VIOLATION
 Exception!! EIP = 0x2337462]   Bitte Avira informieren und die obige Datei übersenden!
 
Error - 08.01.2013 14:57:48 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: a04    Startzeit: 01cdedd1e4719b8e    Endzeit: 15    Anwendungspfad: 
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe    Berichts-ID: 3e0b35d6-59c5-11e2-8b10-705ab6d335e8

 
Error - 08.01.2013 18:52:39 | Computer Name = PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 08.01.2013 18:54:12 | Computer Name = PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 08.01.2013 18:55:01 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.01.2013 18:55:01 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.01.2013 18:55:01 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.01.2013 18:55:02 | Computer Name = PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Media Center Events ]
Error - 07.09.2012 19:08:32 | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 01:08:32 - Fehler beim Herstellen der Internetverbindung.  01:08:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ OSession Events ]
Error - 21.10.2012 16:22:28 | Computer Name = PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 36
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.10.2012 14:12:49 | Computer Name = PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 50
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 13.01.2013 15:20:26 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 13.01.2013 19:12:58 | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Media Player-Netzwerkfreigabedienst erreicht.
 
Error - 13.01.2013 19:12:58 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
Error - 15.01.2013 12:08:18 | Computer Name = PC | Source = DCOM | ID = 10016
Description = 
 
Error - 15.01.2013 12:15:04 | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Fehlerberichterstattungsdienst erreicht.
 
Error - 15.01.2013 12:15:39 | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Fehlerberichterstattungsdienst erreicht.
 
Error - 15.01.2013 16:46:55 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?01.?2013 um 21:45:32 unerwartet heruntergefahren.
 
Error - 16.01.2013 12:56:45 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?01.?2013 um 22:59:39 unerwartet heruntergefahren.
 
Error - 16.01.2013 12:58:10 | Computer Name = PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 16.01.2013 12:58:10 | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows-Fehlerberichterstattungsdienst erreicht.
 
 
< End of report >
         
--- --- ---

[/CODE]

Antwort

Themen zu Gvu trojaner
administrator, aktion, anti-malware, appdata, autostart, dateien, entfernen, explorer, gen, infizierte, log, malwarebytes, melde, minute, problem, registrierung, roaming, service, speicher, sperrseite, systemwiederherstellung, trojan.agent, trojaner, version, vorerst, zahlen



Zum Thema Gvu trojaner - Hallo, ich hatte gestern den allseits bekanntenn GVU-Trojaner auf meinem PC. Dieser richtete eine Sperrseite ein -> 100€ zahlen etc. und sperrte mein Admin-Konto. Ich meldete mich dann auf meinem - Gvu trojaner...
Archiv
Du betrachtest: Gvu trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.