Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Arbeitsplatz öffnet sich einfach automatisch

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.01.2013, 19:05   #1
suspect
 
Arbeitsplatz öffnet sich einfach automatisch - Standard

Arbeitsplatz öffnet sich einfach automatisch



Hallo zusammen,

seit heute öffnet sich mein Arbeitsplatz seltsamer automatisch während dem Surfen, bzw Zocken. Beim Start von Windows öffnet er sich NICHT. Anti Vir ist auf dem Rechner und auf dem neusten Stand, spuckte allerdings keine Meldung aus. Klemmende Tasten kann ich ausschließen, Tastatur wurde bereits ausgetauscht.

Per Google konnte ich leider keinen ähnlichen Fall finden. So langsam geht's mir allmählich auf die Nerven.

Koennte das Malware oder aehnliches sein? Oder befinde ich mich auf dem Holzweg?

Alt 24.01.2013, 09:49   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Arbeitsplatz öffnet sich einfach automatisch - Standard

Arbeitsplatz öffnet sich einfach automatisch



Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________

__________________

Alt 24.01.2013, 18:06   #3
suspect
 
Arbeitsplatz öffnet sich einfach automatisch - Standard

Arbeitsplatz öffnet sich einfach automatisch



OTL.txt
Code:
ATTFilter
OTL logfile created on: 24.01.2013 18:54:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\m0\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,93 Gb Total Physical Memory | 3,85 Gb Available Physical Memory | 64,86% Memory free
11,86 Gb Paging File | 9,54 Gb Available in Paging File | 80,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1386,27 Gb Total Space | 1116,16 Gb Free Space | 80,52% Space Free | Partition Type: NTFS
Drive D: | 702,82 Mb Total Space | 276,23 Mb Free Space | 39,30% Space Free | Partition Type: UDF
 
Computer Name: M0-PC | User Name: m0 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\m0\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\program files (x86)\avira\antivir desktop\ipmGui.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\m0\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\m0\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\SDL.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\aa0c82eddc6cc12961a92835f777dcc0\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Users\m0\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (RoxMediaDB10) -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{1FDBCE12-1BF3-41C7-80F6-68D9628AC2F4}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{B8E0BF51-4AD3-4956-87E8-CED1AF1B822E}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-873282114-2901205279-3470080578-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-873282114-2901205279-3470080578-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-873282114-2901205279-3470080578-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-873282114-2901205279-3470080578-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: YPlayer@yummy.net:1.0.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPWMDRMWrapper: C:\Program Files (x86)\Videoload Manager\NPWMDRMWrapper.dll ( )
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 16:50:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 16:50:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 16:50:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.19 16:50:45 | 000,000,000 | ---D | M]
 
[2010.07.23 17:52:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m0\AppData\Roaming\mozilla\Extensions
[2012.10.24 18:21:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m0\AppData\Roaming\mozilla\Firefox\Profiles\ea85r2lx.default\extensions
[2012.10.16 18:51:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\m0\AppData\Roaming\mozilla\Firefox\Profiles\ea85r2lx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.01.19 16:50:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.19 16:50:44 | 000,000,000 | ---D | M] (Yummy Games Player) -- C:\Program Files (x86)\mozilla firefox\extensions\YPlayer@yummy.net
[2013.01.19 16:50:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013.01.19 16:50:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.01.19 16:50:46 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012.02.25 17:19:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.17 17:47:41 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.25 17:19:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.25 17:19:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.25 17:19:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.25 17:19:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-873282114-2901205279-3470080578-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-873282114-2901205279-3470080578-1001..\Run: [DriverMax] C:\Program Files (x86)\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKU\S-1-5-21-873282114-2901205279-3470080578-1001..\Run: [DriverMax_RESTART]  File not found
O4 - HKU\S-1-5-21-873282114-2901205279-3470080578-1001..\Run: [Spotify] C:\Users\m0\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-873282114-2901205279-3470080578-1001..\Run: [Spotify Web Helper] C:\Users\m0\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-873282114-2901205279-3470080578-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-873282114-2901205279-3470080578-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe (Sonic Solutions)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\m0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\m0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\m0\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\m0\Desktop\PartyPoker.lnk File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CF0B0F1-95B3-4B77-89DB-E89C11D33AEA}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\fluxhttp - No CLSID value found
O18:64bit: - Protocol\Handler\fluxhttp\0x00000007 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\fluxhttp {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\fluxhttp\0x00000007 {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.24 18:52:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\m0\Desktop\OTL.exe
[2013.01.19 16:50:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.09 21:15:56 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.09 21:15:56 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.09 21:15:48 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.09 21:15:47 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.01.09 21:15:40 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.01.09 21:15:40 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.09 21:15:40 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.01.09 21:15:40 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.09 21:15:40 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.09 21:15:40 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.01.09 21:15:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.09 21:15:40 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.01.09 21:15:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.09 21:15:40 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.01.09 21:15:40 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.09 21:15:40 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.01.09 21:15:40 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.09 21:15:40 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.01.09 21:15:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.09 21:15:40 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.01.09 21:15:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.09 21:15:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.01.09 21:15:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.09 21:15:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.01.09 21:15:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.09 21:15:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.01.09 21:15:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.09 21:15:40 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.01.09 21:15:39 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.09 21:15:39 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.01.09 21:15:39 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.09 21:15:39 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.01.09 21:15:39 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.09 21:15:39 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.01.09 21:15:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.09 21:15:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.01.09 21:15:25 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.09 21:15:25 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.09 21:15:24 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.09 21:15:24 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.09 21:15:24 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.09 21:15:24 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.09 21:15:24 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.09 21:15:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.09 21:15:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.09 21:15:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 21:15:24 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 21:15:24 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.09 21:15:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 21:15:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 21:15:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 21:15:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 21:15:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.09 21:15:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.09 21:15:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 21:15:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 21:15:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 21:15:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 21:15:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 21:15:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 21:15:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 21:15:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 21:15:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 21:15:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 21:15:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 21:15:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 21:15:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 21:15:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 21:15:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 21:15:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 21:15:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.09 21:15:17 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2010.07.06 19:11:19 | 814,143,398 | ---- | C] (GOA                                                         ) -- C:\Program Files\loleusetup.exe
[2 C:\Users\m0\AppData\Roaming\*.tmp files -> C:\Users\m0\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.24 18:56:46 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 18:56:46 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.24 18:53:44 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.24 18:53:44 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.24 18:53:44 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.24 18:53:44 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.24 18:53:44 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.24 18:52:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\m0\Desktop\OTL.exe
[2013.01.24 18:49:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.24 18:49:23 | 479,522,815 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 19:12:47 | 000,007,598 | ---- | M] () -- C:\Users\m0\AppData\Local\Resmon.ResmonCfg
[2013.01.10 19:00:35 | 000,339,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Users\m0\AppData\Roaming\*.tmp files -> C:\Users\m0\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.03 14:29:21 | 000,007,598 | ---- | C] () -- C:\Users\m0\AppData\Local\Resmon.ResmonCfg
[2011.10.19 22:14:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.10.02 18:59:30 | 000,008,297 | ---- | C] () -- C:\Users\m0\AppData\Roaming\UserTile.png
[2011.03.29 17:47:20 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.29 17:47:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.08.11 14:37:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2012.06.16 16:50:01 | 000,000,000 | -HSD | M] -- C:\Users\m0\AppData\Local\{bb09ef47-aa30-43e2-e1ea-842bc72bd87d}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\m0\AppData\Local\{bb09ef47-aa30-43e2-e1ea-842bc72bd87d}\n.
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.07.06 19:45:37 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\LolClient
[2011.03.10 18:31:43 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\Miranda
[2011.01.10 19:02:43 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\OpenOffice.org
[2011.11.11 21:04:51 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\Origin
[2012.10.01 21:16:16 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\Party
[2011.10.02 18:59:30 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\PeerNetworking
[2010.10.05 19:20:42 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\ProtectDisc
[2011.03.29 17:47:04 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\PunkBuster
[2011.03.21 21:06:13 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\Rift
[2012.08.24 00:23:37 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\SoftGrid Client
[2013.01.24 18:55:03 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\Spotify
[2010.10.04 18:17:40 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\TP
[2012.11.04 15:03:08 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\TS3Client
[2012.05.21 20:30:15 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\ts3overlay
[2011.03.29 18:40:39 | 000,000,000 | ---D | M] -- C:\Users\m0\AppData\Roaming\Ubisoft
 
========== Purity Check ==========
 
 

< End of report >
         
Extras Txt

Code:
ATTFilter
OTL Extras logfile created on: 24.01.2013 18:54:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\m0\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,93 Gb Total Physical Memory | 3,85 Gb Available Physical Memory | 64,86% Memory free
11,86 Gb Paging File | 9,54 Gb Available in Paging File | 80,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1386,27 Gb Total Space | 1116,16 Gb Free Space | 80,52% Space Free | Partition Type: NTFS
Drive D: | 702,82 Mb Total Space | 276,23 Mb Free Space | 39,30% Space Free | Partition Type: UDF
 
Computer Name: M0-PC | User Name: m0 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-873282114-2901205279-3470080578-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0277341E-183E-4E13-A842-266A4F24DACD}" = lport=137 | protocol=17 | dir=in | app=system | 
"{035E09AC-BC4C-4594-A9CD-145FBF8DF5FB}" = lport=6942 | protocol=17 | dir=in | name=league of legends launcher | 
"{0391ED4A-273F-4CDB-97E8-8BD3068D54E9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{058F7869-EDF3-46D6-874A-BBB37A90E863}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0598E703-7C01-46A7-8309-D436A97FE24D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{08882CAE-B247-4A49-9862-2A2279D736A0}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher | 
"{09737564-0E03-4E00-A997-20F271B0C329}" = lport=6902 | protocol=6 | dir=in | name=league of legends launcher | 
"{0B22F6D5-FDC8-4368-8101-5641CDF53DE3}" = lport=6952 | protocol=6 | dir=in | name=league of legends launcher | 
"{0B992644-5B75-4E89-A915-971992C050BB}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{0CC20AD2-FB68-4F1B-B371-40F8E2C32E79}" = lport=6884 | protocol=17 | dir=in | name=league of legends launcher | 
"{0D5E00E0-F16A-4576-BE00-7D4EDA437B63}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | 
"{0ED0E951-0015-4DAD-9809-737BE0BAA317}" = lport=6970 | protocol=6 | dir=in | name=league of legends launcher | 
"{12F0B9DD-8855-4732-9E70-E41005F9C351}" = lport=6938 | protocol=6 | dir=in | name=league of legends launcher | 
"{1309EF8C-FBE8-4A26-B6B8-4C2EEE96ADB3}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher | 
"{1342D56F-6BD3-410D-865B-B84A655454E2}" = lport=6970 | protocol=17 | dir=in | name=league of legends launcher | 
"{1608779D-107E-4AA5-A403-A711CF295112}" = lport=6952 | protocol=17 | dir=in | name=league of legends launcher | 
"{1A99646C-B8E8-43FB-AE27-CE846B00E03F}" = lport=6942 | protocol=6 | dir=in | name=league of legends launcher | 
"{1CD869CE-C28E-438A-BBA3-30922E3E0974}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{1F082140-2EEC-421F-B0AC-44D1B4683F0E}" = lport=6983 | protocol=6 | dir=in | name=league of legends launcher | 
"{2057BA5A-F645-4B68-81A3-D0468041D404}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{20AFFF8E-3A7C-4758-9771-356B7B66B8C7}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{21588AB5-7555-4FE4-85B1-58CEE364D8DD}" = lport=6914 | protocol=6 | dir=in | name=league of legends launcher | 
"{24694FC8-F6E9-4968-A893-ACD9682DE58F}" = lport=6989 | protocol=6 | dir=in | name=league of legends launcher | 
"{266E8054-6B21-4C87-B9B4-2009E1B7A691}" = lport=138 | protocol=17 | dir=in | app=system | 
"{29F2E344-3D30-4181-BD4E-D8EC66BAD84A}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | 
"{2A23A29C-8CB6-4EE8-AABE-C76C3B2FD55A}" = lport=6975 | protocol=17 | dir=in | name=league of legends launcher | 
"{2A6A2549-2D2D-44C7-91CB-DD4264E47895}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2CEAE754-B959-4E47-940D-6E5178281601}" = lport=6970 | protocol=17 | dir=in | name=league of legends launcher | 
"{30499FCC-0D21-4D74-B9BC-8260546828B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{37A43577-5275-4F7E-8FC1-777138318C23}" = lport=6965 | protocol=17 | dir=in | name=league of legends launcher | 
"{390C32F2-C00A-4ECC-BCDD-F1350E76E229}" = lport=6939 | protocol=17 | dir=in | name=league of legends launcher | 
"{4046C17B-24E0-42E8-844E-9931E6F10492}" = lport=6910 | protocol=17 | dir=in | name=league of legends launcher | 
"{42FA413E-2A7A-42FC-BEBC-12B20A07C626}" = lport=6887 | protocol=17 | dir=in | name=league of legends launcher | 
"{44A5730C-5DD3-4C70-A575-F2EB4D3079D6}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{45E9FC7A-CAA4-46BA-8A99-B4878CE7C1FD}" = lport=6913 | protocol=17 | dir=in | name=league of legends launcher | 
"{4A560F6D-7CA2-4EF2-B91F-402AF80D0B81}" = lport=6931 | protocol=6 | dir=in | name=league of legends launcher | 
"{4CF3600E-7271-4106-9FF8-42B415790F9A}" = lport=6970 | protocol=6 | dir=in | name=league of legends launcher | 
"{4D7D68D5-09FD-4442-B766-362B64F07A88}" = lport=6973 | protocol=6 | dir=in | name=league of legends launcher | 
"{52604D98-5AB2-4F04-A6AA-976B3B722607}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{54832405-707B-4E40-822B-85B0AE7ED86B}" = lport=6975 | protocol=6 | dir=in | name=league of legends launcher | 
"{57E89C76-D7B3-4600-A132-0517226BD79F}" = lport=6971 | protocol=17 | dir=in | name=league of legends launcher | 
"{5969C4A1-340E-4579-80EF-4EA080896E01}" = lport=6884 | protocol=6 | dir=in | name=league of legends launcher | 
"{5AB304EB-4F41-4063-8C63-D81541C232A3}" = lport=6937 | protocol=17 | dir=in | name=league of legends launcher | 
"{5DE63646-FE03-4A75-8457-8E01ED0C8359}" = lport=6913 | protocol=6 | dir=in | name=league of legends launcher | 
"{5FBF2AE9-548F-4198-A0CC-4BDF3355D948}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{622A122C-B97D-4925-8C30-490A1936E99C}" = lport=6939 | protocol=6 | dir=in | name=league of legends launcher | 
"{62BCAC14-213A-4071-AD6E-2C9060C4DECA}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{633BF8DD-69E6-4155-9E6D-19E1DB5D4A8D}" = lport=6990 | protocol=6 | dir=in | name=league of legends launcher | 
"{6506391D-759B-4E42-AB8B-1F061DF8BD43}" = rport=138 | protocol=17 | dir=out | app=system | 
"{66230879-A4CB-484A-9509-DE9C332CD1B3}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{6B3DAEC9-5BF1-4D64-AA4E-C223C70256C7}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{6B841990-BD13-4C0D-AC8A-390401EB8837}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{6BDC1A3B-AED7-4CC3-ABA4-66AED29351B1}" = lport=6910 | protocol=6 | dir=in | name=league of legends launcher | 
"{6DF71E4A-743D-457E-BAAD-7424F3580C95}" = lport=6971 | protocol=6 | dir=in | name=league of legends launcher | 
"{6F684E54-72BB-48C7-8A3D-5EB072696DFC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6FA0E722-DC61-498F-BB4F-B7B78E8B96F0}" = lport=6901 | protocol=17 | dir=in | name=league of legends launcher | 
"{70089BE2-86A5-4D06-ADAC-5A93E37A265A}" = lport=6936 | protocol=6 | dir=in | name=league of legends launcher | 
"{755DC4D6-DEBD-4A26-91C1-E50034D0B9C0}" = lport=6936 | protocol=17 | dir=in | name=league of legends launcher | 
"{7664E17C-E285-47FE-85DC-0A1CBC83B150}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{7954CCB9-A9F1-4EFB-B001-470140D66EA5}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher | 
"{7AB247DE-8C0D-4566-B9E0-444A8D0C4667}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{7ACD6459-77CE-44B7-93C1-363FA733A363}" = lport=6935 | protocol=6 | dir=in | name=league of legends launcher | 
"{7C023302-5C10-43E4-9491-CB9056ACCD28}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{808E83F1-0A87-4ED9-A209-090128658B38}" = lport=6968 | protocol=6 | dir=in | name=league of legends launcher | 
"{8343A277-56D6-473C-BFD7-37994289F670}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{835E39C9-F9F2-476D-9A5E-B782C4F47BC9}" = lport=6967 | protocol=6 | dir=in | name=league of legends launcher | 
"{84DF79F8-8128-4DAE-9984-8E078A51A417}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{85ED37D7-BA94-4965-93C2-EB8B0C24AE57}" = lport=6958 | protocol=6 | dir=in | name=league of legends launcher | 
"{8B194616-675A-4084-8D6F-D154D703F980}" = lport=6995 | protocol=6 | dir=in | name=league of legends launcher | 
"{8CC7CD74-BECA-4707-A112-7926E7B559C6}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher | 
"{8F23511A-8B66-4695-86E1-FDEDFD325F0C}" = lport=6941 | protocol=17 | dir=in | name=league of legends launcher | 
"{8F906673-A502-4BA7-8898-E847AC01A6A2}" = lport=6958 | protocol=17 | dir=in | name=league of legends launcher | 
"{8FD25186-0B72-417A-A8C9-CE477C08A205}" = lport=6953 | protocol=17 | dir=in | name=league of legends launcher | 
"{9059327B-C899-4D8C-9B2F-76243829623C}" = lport=6989 | protocol=17 | dir=in | name=league of legends launcher | 
"{91C3ABBA-1CC6-4123-8AB0-74C3E15F60CA}" = lport=6953 | protocol=6 | dir=in | name=league of legends launcher | 
"{961191BC-EBA1-4EA8-A8F5-FEA0D1D30F71}" = lport=445 | protocol=6 | dir=in | app=system | 
"{96287789-07C8-41D3-8C5A-74CDABF09FDE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{96CEBEB8-0262-46D9-AD00-AACDE34B4967}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{9C95857B-7539-4588-942F-4AECED26A8E0}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher | 
"{9DFC4407-4FA4-445D-B10B-7BDA24D58782}" = lport=6968 | protocol=17 | dir=in | name=league of legends launcher | 
"{A02484F7-7F9D-49DD-8D8F-772EE71E7F42}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A100074F-D7D2-4E35-9317-C3FAA5B8DAB2}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{A1A74D76-EA85-4BBB-A803-FFC315C0E8B7}" = lport=6938 | protocol=17 | dir=in | name=league of legends launcher | 
"{A1C5588B-E4E8-4744-A40F-7C4EBF1D0A77}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{A4AE4088-31E3-4E86-B2ED-D58A6134940B}" = lport=6935 | protocol=17 | dir=in | name=league of legends launcher | 
"{A61947F0-2C7C-46E8-8E9F-C6ADAE76983B}" = lport=6995 | protocol=17 | dir=in | name=league of legends launcher | 
"{A69D297F-A31B-450A-A8B7-ED4957D28A07}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{A835674C-CE82-414C-973B-0E719BA79540}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A974D154-FF20-418B-8A9E-28CC2227A88B}" = lport=6990 | protocol=17 | dir=in | name=league of legends launcher | 
"{A9AA1DB2-97B4-4E23-B054-229A2AD5CCA9}" = lport=6937 | protocol=6 | dir=in | name=league of legends launcher | 
"{AACC362A-DEA0-4028-87B3-C2ED6050AD13}" = lport=6965 | protocol=6 | dir=in | name=league of legends launcher | 
"{AAE7EE66-AF2E-4F3C-8C51-9CC5E4CA88AD}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{AB643774-4407-456E-A5AD-B772CB53DEE2}" = lport=6967 | protocol=17 | dir=in | name=league of legends launcher | 
"{ACDB06EE-54B5-403A-8455-3B48CDFCEEAC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B1D5764D-1E7C-4769-A1BD-ACA236AD29A0}" = lport=6994 | protocol=17 | dir=in | name=league of legends launcher | 
"{B33AC23E-85F1-4FCB-A3BE-3C0D355A60AD}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{B5F98194-2AAB-4BF3-9C20-537F6D43CAE6}" = lport=6932 | protocol=6 | dir=in | name=league of legends launcher | 
"{B67DA6E8-53E2-4EE6-BEB6-C978DA5B0D69}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{BAA17A64-E776-4197-8C28-4F9A60FB362F}" = lport=6986 | protocol=17 | dir=in | name=league of legends launcher | 
"{BB593EE8-21AB-4392-A3F5-F010BF353D8F}" = lport=6902 | protocol=17 | dir=in | name=league of legends launcher | 
"{BC8DF044-69E5-44FF-8374-5278621A6EAC}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C1D7CA02-7304-4808-8730-79AE86A4E5EA}" = lport=6932 | protocol=17 | dir=in | name=league of legends launcher | 
"{C2C4737F-EB85-4BEB-A612-BC4FA0D94BC0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C504B20B-EEFA-4DB2-887C-AF13A6BBFF5C}" = lport=6931 | protocol=17 | dir=in | name=league of legends launcher | 
"{CAD02FBE-F145-4FF6-A0A2-7851EB2DF276}" = lport=6901 | protocol=6 | dir=in | name=league of legends launcher | 
"{D82E5413-D50F-4AB0-96D0-2F08372C7633}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{D99633F6-4505-418F-A26E-5A5231DF88C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DE69488C-05A1-45E4-887F-0C0746011F92}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E4F6E86F-530D-4671-AACD-6C06793B35FA}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher | 
"{E5CD96C8-06C7-4E45-9F03-288E1F3134CC}" = lport=6887 | protocol=6 | dir=in | name=league of legends launcher | 
"{E673C5E2-0786-43DA-83CA-D2269180121B}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{E6E22AB2-6024-4AD7-8571-82A664A66663}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E88A1F8C-C6F3-421B-B7A3-6BB6D9D4E723}" = lport=6983 | protocol=17 | dir=in | name=league of legends launcher | 
"{EAE44139-A633-4555-BB3F-EEF460B805EC}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{EB8B8C4E-9BB6-42B6-8678-C3A675E4101F}" = lport=6994 | protocol=6 | dir=in | name=league of legends launcher | 
"{EBFA2FFD-8D0E-4325-AE75-97644D37F814}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{ECC864D9-8018-4335-8D4F-B209B18F97B8}" = lport=6978 | protocol=17 | dir=in | name=league of legends launcher | 
"{EF970251-BD7A-4F0F-8980-7B2F9D6F2AA7}" = lport=6941 | protocol=6 | dir=in | name=league of legends launcher | 
"{F5AB716B-C045-4F12-9496-59D0088B866A}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{F645C657-BA3B-4980-B3D7-AF9245B38D83}" = lport=6978 | protocol=6 | dir=in | name=league of legends launcher | 
"{F87324DA-7EB4-4FD2-9DB8-2E1925AF6276}" = lport=6986 | protocol=6 | dir=in | name=league of legends launcher | 
"{F994CFFF-9D70-45C1-89B6-1C15807B19B1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FB862C0B-80C5-451C-B8B3-C5A3F8769C06}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FE74217B-D18E-409D-BC54-59C4AA9BE6BC}" = lport=6973 | protocol=17 | dir=in | name=league of legends launcher | 
"{FF5A1043-22CB-4DBB-8DFD-D8B223C6BDA7}" = lport=6914 | protocol=17 | dir=in | name=league of legends launcher | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{020C8DF2-2A19-4270-BCB8-C27D0998EC12}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{03FD7FCD-5068-4E33-84A3-1CFBB385CF82}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0642FBF6-2F83-4336-8844-86A81BFAD6D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen\bin\risen.exe | 
"{065DE7F6-91BE-4691-B40B-CA44ED61D85C}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{0691F7EB-69BF-48DE-B7BF-8D02A8EDBDD4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{0BE5CEFD-DD0F-454B-ACA7-F6DB78C8FC2C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0D8F29D4-B0F7-48F5-99A7-5C4675994F50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1162FC16-B6D7-4192-9D68-8108B58DB3B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{11F77002-E77D-4AA5-BBBB-055210E4D837}" = protocol=6 | dir=out | app=system | 
"{13A11FFF-A303-474E-84B2-A791D1A1A06D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{14EE56DB-DBCB-4D72-881A-F5527B35500F}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | 
"{1534DB62-B076-4065-BC4D-398FBFBF52AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{16624475-CB70-495B-9D69-7D7F0E51592D}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{173DB832-94C4-44BB-9C54-E1A716EB043F}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{1AC71392-257A-4D48-B3C9-2628E12CDE19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\ambixdextrous89\counter-strike source\hl2.exe | 
"{1FCF012E-23C9-4E53-91EC-B373AF674F1C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{20CFBE1F-CED2-42F5-B831-5781719A3687}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{22BD153F-8092-484C-8F5A-7ADF56A14713}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{231CC129-AA0A-45F1-ADEE-6B4D9695B1F1}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{233D89E3-C8FA-43B7-8E47-6E7B3E822751}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{24971B0F-C507-44E2-B9E4-654BA4D1CFE3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\ambixdextrous89\counter-strike source\hl2.exe | 
"{26D579B5-3CCD-4780-9D49-D29093E0BA1A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{28B34D77-182F-4E80-9DE2-95B4D2D5A74F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{29A59924-8B0A-4837-8C85-D9D377003CF9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{35D1CCEC-37AE-4671-83BC-6563705C8E5B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{3A1488D7-F84C-4D14-9E62-10B794EB5F3C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{3E25A255-1784-440C-A6F6-2039A857988F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3E5E20C7-E41B-43DC-913E-16202A9D301A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{41F4955E-02AD-4CBC-AE73-5F9AE6414AED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{42DF9710-42FE-4D16-A6A8-DDD69692AB6F}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{4378378C-26A3-48C6-9C6D-793E58684396}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{50E71632-026B-4E1C-A823-8200DED87569}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{52AAC907-3587-47D5-A218-42C2F15D9DD4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen\bin\risen.exe | 
"{5520D415-E908-4484-AA62-C75F4F46D9B5}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{56BF5AAD-528D-4E13-B23F-43FA0229C76E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{5A5EF913-008D-4973-9940-11E585BDED57}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{5C47B69E-4C11-4E6B-B73B-554B3CAA1141}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5ECBCDA6-7A5E-4DA1-9A1D-60D7DD40B556}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{62F58EB1-9F72-49EE-A889-9BAFB4B2D826}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{63176C0A-00C0-4595-A9ED-9D93364F5768}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{63EA772D-4472-4E1E-BABF-178450E479DA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{63F19385-FF89-4948-AB0E-AD7EAAA3B069}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{646AEAB3-9475-4278-9B6E-5D024DE478F0}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{67BA897A-EC45-4AA6-B70D-C185AAC89671}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{6BFA611C-6D60-4095-BDBF-19DB11D998EB}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{6C81741C-83A0-4ADA-B817-0FAC0C1FC791}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{6DDDBA07-1824-42B3-949F-B119255A8707}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6EE308B4-3655-458C-8EBB-70855A73D828}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | 
"{6F232B44-28F4-4FDD-A623-16AD0A2A4F6B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6F589925-A0C2-4B33-B07A-415F27F70A9E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen\bin\risen.exe | 
"{71A3EBC0-AE0D-42A3-8E68-7754DC3CEED9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{72EE931E-18F9-4821-B09B-31B509F7B966}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7473113E-4DE7-47FB-8E7C-E409EED38A45}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{7D826F9F-3346-4D3A-9621-6EE598235AD0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{7D885D94-AE3C-4827-8A7B-E8DA244608FE}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{8C43518B-5375-4C39-A051-03643CCB7EC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{97A66429-36F1-41D2-A0CC-3B5A0257FD5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen\bin\risen.exe | 
"{97F280CE-3523-4B11-BE44-042046BF2256}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{9A214B41-FCF0-4A4C-9EDD-DB920C0F98EB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{9C14FDA8-F67D-49BB-B14B-D5BCDA3225F9}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{9D91DEF0-3CAF-473F-8466-343DA416FFEA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9EAB5A2C-0C3C-416A-9056-A3043F02F39F}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | 
"{9F4F323C-4315-4406-9B8A-E4F1512D2690}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{9FFF1D16-C223-42D4-AC79-9057AE0B3C2A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A0BD4A80-060A-493A-A270-BCDD421BE123}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A2E4DC49-02A5-4879-A98C-BC58A922CD43}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{AA75B106-93C5-41BF-904C-11A686B19114}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{AAA71BA1-777A-4437-B6E0-55A6CD7F8AA2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{AF16AD5A-9754-47FB-9923-A2D9ED825C36}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{B6C99562-392E-4D04-8AEB-853A2FCC1212}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{BCBA5996-172B-464D-A5DA-C77F02049E28}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BCF6A850-1AFB-49C6-8C1A-B291D7819C21}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{C048400B-A891-43D9-8A0C-0262087FB57C}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe | 
"{C2808D21-A4B5-4FBB-8F4F-75A4739FDF1B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{C2E96C87-8EB2-4676-8CBD-1E3CC69A1CAF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{CD4AF1CE-D58C-41F0-B60B-EF0DB1ABC863}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe | 
"{CE2C1889-DF70-436C-B024-B49CA12D0B5A}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{CEB98207-4056-42A9-A05A-B5FB09B37831}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{CEF33104-615E-4061-AA38-B0D8E0AA29A2}" = protocol=58 | dir=in | app=system | 
"{CFD6AB7C-8A5C-430C-B31D-557215153D53}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{D16A034A-4371-4405-A3E7-7D6CC58063B3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{D244C177-8C3E-4B51-8047-18305C23D17D}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\lol.launcher.exe | 
"{D37A72F8-81FF-4F94-87CB-B3FF016D419A}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{DAF5BF3A-9E8D-4C59-A6F3-C9DEE5180C5C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DB807868-84BB-4A52-BE61-3DCA4B4A99E4}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{DE5B6C1A-5807-45E1-9EA8-E22ACC471624}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{E07D1E99-0F95-413D-B083-8928AFF49FD7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rift\riftpatchlive.exe | 
"{E2EFCC1A-C27E-4CAF-9464-67BB93298D04}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{E6111E12-DB45-4D2D-8597-D847C2ABBC4D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{E71D5D8B-7E74-4855-858C-61CEED8CBDB0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{E8567D3F-6460-4854-B99B-E8145B18A2F8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E88DF666-0688-43B2-B31B-01DAE59E42FD}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{E8E0574D-2CAB-4CF0-9244-1691646E42A9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{ECF3BF60-34EB-45CE-86A2-9E5BAA5207BD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F209D34B-A4AE-4FD2-A335-DDE0CB72F20B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rift\riftpatchlive.exe | 
"{F2F5A384-8A4C-4764-A182-795C0C0C929B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F3A8E467-EA58-4B94-A0F6-4059299290BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{F59B88B8-D7AB-424F-8055-A21866C13DCA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{F7991CD3-25BE-440C-9950-0DA47F5524F3}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{FA528623-07FF-4475-8923-8441569CA795}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{FD6D77B2-2A7A-4206-A1C0-47153B1289DF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{FFACEB47-071F-4E91-B74B-F576F3921E72}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{6EC38A2A-A71D-4CD9-8D39-031FC22F238C}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{73AAE93B-368C-4FD2-97AE-666091B4405B}C:\users\m0\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\m0\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{C32541E6-2A78-4222-BD27-1AE433FFA270}C:\program files (x86)\miranda im\miranda32.exe" = protocol=6 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{591FA81A-57C1-4DE4-85A5-1F23770E477D}C:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{A15A3BBD-3172-45F8-930C-1F86B2578F71}C:\program files (x86)\miranda im\miranda32.exe" = protocol=17 | dir=in | app=c:\program files (x86)\miranda im\miranda32.exe | 
"UDP Query User{CEF5F955-9802-4F8D-A5A6-02F343275D2F}C:\users\m0\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\m0\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0031FC73-643E-19DB-0A34-F7FF70B2F1E7}" = ccc-utility64
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{401E03EC-1644-1B0A-B8D3-C40477ADCEC4}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6681A016-C62A-DD7B-7F56-25B1A55CE12A}" = AMD Media Foundation Decoders
"{72DECC0F-58E0-0618-C857-43B4D3DB7B75}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{C6B8BF9C-A28E-0219-4E93-DF7925DEA793}" = ccc-utility64
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{106F1DCB-F20C-A6B9-A130-4664B9A0F708}" = Catalyst Control Center Graphics Previews Vista
"{13557DA4-3AB0-DB9B-B746-1BE901DEC60D}" = Catalyst Control Center
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{167E3C11-FB97-F320-DC34-73A6C5F50E88}" = CCC Help German
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1BA2AC5F-2B16-A21B-E46D-AE14F5A3E8DB}" = CCC Help Czech
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{29787541-F210-AD16-5B75-AC7CC0968472}" = CCC Help Hungarian
"{299BE3A5-6281-482F-5CB0-BBFE939E5E4F}" = CCC Help English
"{2B3DFAE1-AA77-4901-C4AB-6616D6B1E3DD}" = CCC Help Swedish
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{34962E5E-FAC1-D8DF-7070-AA2B58971E31}" = Catalyst Control Center Graphics Previews Common
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C15B204-0CAF-DADE-1B5B-B5759AE296E9}" = CCC Help Dutch
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EBDD093-09D3-E08C-61DD-B0FF37CF69F7}" = CCC Help Russian
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41894DC2-C8F4-F60A-9518-076D35EF4929}" = Catalyst Control Center InstallProxy
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4314A52E-9094-B391-137E-CEA1536F7484}" = CCC Help Spanish
"{45B612A4-253E-6634-AD5C-42249E420D57}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{641CD0A3-8B54-37CA-ED94-2C1798D69D6F}" = Catalyst Control Center Core Implementation
"{65CCD116-79BD-84B0-C3C3-C6B31BC0D572}" = CCC Help Polish
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7D5BAF1B-68D7-58D9-29E2-85984483450A}" = CCC Help Norwegian
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7ED42F7A-7F2F-C401-4A91-7F4EB0EF5C10}" = CCC Help Turkish
"{818F867D-1764-9A66-0D8E-33C485380390}" = Catalyst Control Center Graphics Full New
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8843048B-2293-26DE-7941-4903008191C9}" = Catalyst Control Center Graphics Full Existing
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{97CC5CA6-F18E-9630-7E19-CC161A65376D}" = CCC Help Greek
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{9FD13268-D5D9-DCBD-C5F7-8B1B1D52B36C}" = CCC Help Korean
"{9FF20193-B992-17A0-DB1E-8865399EE534}" = ccc-core-static
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A94C1B62-1FE3-2725-EEC5-F24C1016C650}" = CCC Help Chinese Standard
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BB34F0B3-8CDD-873A-4DB6-3CA826243680}" = CCC Help Chinese Traditional
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C8637C61-3CC5-2D59-3D6D-B5F180F001AB}" = Catalyst Control Center Graphics Light
"{D20FA72C-492D-B478-10BF-4BA756560BA9}" = CCC Help Thai
"{D3A3F5C5-E95B-456D-952B-DDEC3AF68319}_is1" = Metaboli Player
"{D450F41E-2705-36D6-D423-AEA1058D4095}" = Catalyst Control Center Localization All
"{D619FD79-6AE6-18D1-48B9-B03030D2B0D0}" = Skins
"{DAABB60F-D2CB-ADC0-6FA7-8B2BB0A78CDA}" = Catalyst Control Center InstallProxy
"{DE2A98B9-D5F8-F508-750E-5AFDC2492D40}" = CCC Help Danish
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E07AE041-06B3-64A7-3C79-A0F8DDE76BB8}" = CCC Help Portuguese
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E19B61A8-F114-7A00-9DF4-18E5BA7A31AA}" = CCC Help French
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED498060-2CB2-5288-23D4-19DFAFF3F1DB}" = CCC Help Italian
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{EFABB945-0D32-C208-897A-F611F63A19D4}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBD5D039-FE03-910E-C9E5-3F98B6A6BAB6}" = CCC Help Japanese
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF9F797D-1C39-1E96-7030-F5A36A6402C6}" = CCC Help Finnish
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"Dell Dock" = Dell Dock
"Diablo III" = Diablo III
"DivX Setup.divx.com" = DivX-Setup
"DMX5_is1" = DriverMax 5
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Guild Wars 2" = Guild Wars 2
"hon" = Heroes of Newerth
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"League of Legends_is1" = League of Legends
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Miranda IM" = Miranda IM 0.9.17
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Origin" = Origin
"PartyPoker" = PartyPoker
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"Steam App 214560" = Mark of the Ninja
"Steam App 240" = Counter-Strike: Source
"Steam App 39120" = RIFT
"Steam App 40300" = Risen
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 49520" = Borderlands 2
"Steam App 55100" = HOMEFRONT
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-873282114-2901205279-3470080578-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.12.2012 09:24:06 | Computer Name = m0-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 30.12.2012 18:39:35 | Computer Name = m0-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.12.2012 18:40:23 | Computer Name = m0-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 01.01.2013 13:49:14 | Computer Name = m0-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.01.2013 13:50:01 | Computer Name = m0-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 04.01.2013 18:32:26 | Computer Name = m0-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.01.2013 18:33:15 | Computer Name = m0-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 06.01.2013 11:06:20 | Computer Name = m0-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.01.2013 11:07:10 | Computer Name = m0-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 08.01.2013 16:57:49 | Computer Name = m0-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\innovative solutions\drivermax\DPInst\ia64\dpinst.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.01.2013 16:58:29 | Computer Name = m0-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
[ System Events ]
Error - 21.01.2013 13:08:37 | Computer Name = m0-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 21.01.2013 13:08:45 | Computer Name = m0-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   RxFilter
 
Error - 22.01.2013 11:45:24 | Computer Name = m0-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 22.01.2013 11:45:33 | Computer Name = m0-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   RxFilter
 
Error - 23.01.2013 13:08:12 | Computer Name = m0-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 23.01.2013 13:08:22 | Computer Name = m0-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   RxFilter
 
Error - 23.01.2013 13:35:12 | Computer Name = m0-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 23.01.2013 13:35:24 | Computer Name = m0-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   RxFilter
 
Error - 24.01.2013 13:49:30 | Computer Name = m0-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SessionLauncher" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 24.01.2013 13:49:38 | Computer Name = m0-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   RxFilter
 
 
< End of report >
         
__________________

Alt 24.01.2013, 21:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Arbeitsplatz öffnet sich einfach automatisch - Standard

Arbeitsplatz öffnet sich einfach automatisch



Malwarebytes Anti-Rootkit

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.01.2013, 18:08   #5
suspect
 
Arbeitsplatz öffnet sich einfach automatisch - Standard

Arbeitsplatz öffnet sich einfach automatisch



1.
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
m0 :: M0-PC [administrator]

25.01.2013 18:51:57
mbar-log-2013-01-25 (18-51-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29049
Time elapsed: 9 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} (Trojan.Zaccess) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} (Trojan.Zaccess) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1} (Trojan.Zaccess) -> Delete on reboot.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\Users\m0\AppData\Local\{bb09ef47-aa30-43e2-e1ea-842bc72bd87d}\n. -> Delete on reboot.

Registry Data Items Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32| (Trojan.Zaccess) -> Bad: (C:\Users\m0\AppData\Local\{bb09ef47-aa30-43e2-e1ea-842bc72bd87d}\n.) Good: (%SystemRoot%\system32\shdocvw.dll) -> Delete on reboot.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
2.

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org

Database version: v2013.01.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
m0 :: M0-PC [administrator]

25.01.2013 19:06:13
mbar-log-2013-01-25 (19-06-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29060
Time elapsed: 10 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


Alt 26.01.2013, 18:25   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Arbeitsplatz öffnet sich einfach automatisch - Standard

Arbeitsplatz öffnet sich einfach automatisch



Du hast ein Rootkit (ZeroAccess) im System
Machst du Onlinebanking? Wenn ja willst du dann wirklich bereinigen?
__________________
--> Arbeitsplatz öffnet sich einfach automatisch

Alt 26.01.2013, 19:17   #7
suspect
 
Arbeitsplatz öffnet sich einfach automatisch - Standard

Arbeitsplatz öffnet sich einfach automatisch



Hi,

nein - Onlinebanking wird damit nicht betrieben. Bekommt man das richtig entfernt oder empfiehlst du eher die Neuaufsetzung des Systems?

Alt 26.01.2013, 21:08   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Arbeitsplatz öffnet sich einfach automatisch - Standard

Arbeitsplatz öffnet sich einfach automatisch



Besser wäre Neuinstallation aber wenn du unbedingt willst können wir eine Bereinigung probieren
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.01.2013, 21:22   #9
suspect
 
Arbeitsplatz öffnet sich einfach automatisch - Standard

Arbeitsplatz öffnet sich einfach automatisch



Ich werde das System dann wohl lieber morgen neu aufsetzen

Alt 26.01.2013, 22:13   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Arbeitsplatz öffnet sich einfach automatisch - Standard

Arbeitsplatz öffnet sich einfach automatisch



Ok ich poste dann nochmal das hier falls du noch Daten sichern musst:

Zum Thema Datensicherung von infizierten Systemen; mach das über ne Live-CD wie Knoppix, Ubuntu (zweiter Link in meiner Signatur) oder über PartedMagic. Grund: Bei einem Live-System sind keine Schädlinge des infizierten Windows-Systems aktiv, damit ist dann auch eine negative Beeinflussung des Backups durch Schädlinge ausgeschlossen.

Du brauchst natürlich auch ein Sicherungsmedium, am besten dürfte eine externe Platte sein. Sofern du nicht allzuviel sichern musst, kann auch ein USB-Stick ausreichen.

Hier eine kurze Anleitung zu PartedMagic, funktioniert prinzipiell so aber fast genauso mit allen anderen Live-Systemen auch.
  1. Lade Dir ISO-Image von PartedMagic
  2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
  3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist
  4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken
  5. Mounte die Partitionen wo Windows installiert ist, meistens ist das /dev/sda1 bzw. /dev/sda2 bei Win7 und natürlich noch etwaige andere Partitionen, wo noch Daten liegen und die gesichert werden müssen - natürlich auch die der externen Platte (du
    bekommmst nur Lese- und Schreibzugriffe auf die Dateisysteme, wenn diese gemountet sind)
  6. Kopiere die Daten der internen Platte auf die externe Platte - kopiere nur persönliche Dateien, Musik, Videos, etc. auf die Backupplatte, KEINE ausführbaren Dateien wie Programme/Spiele/Setups!!
  7. Wenn fertig, starte den Rechner neu, schalte die ext. Platte ab und boote von der Windows-DVD zur Neuinstallation (Anleitung beachten)
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.01.2013, 13:14   #11
suspect
 
Arbeitsplatz öffnet sich einfach automatisch - Standard

Arbeitsplatz öffnet sich einfach automatisch



Hallo,

habe die Daten dementsprechend gesichert und auch das System neu aufgesetzt. Rennt wie 'ne eins.

Allerdings besteht das Arbeitsplatz Problem immer noch, öffnet sich sporadisch und wirft mich dann immer sofort auf den Desktop zurück. Habe mal mit Hilfe des Fixes von Microsoft die Windows Taste deaktiert, das führte allerdings nicht gerade zum krönenden Erfolgt.

Kann das System in dem Fall immer noch verseucht sein, oder is das was anderes?

Alt 28.01.2013, 13:26   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Arbeitsplatz öffnet sich einfach automatisch - Standard

Arbeitsplatz öffnet sich einfach automatisch



Wird wohl was anderes sein. Mach für dieses Problem bitte einen neuen Strang in unserer Windows-Ecke auf. Schädlinge kann man jetzt auschließen, da du alles neu installiert hast
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Arbeitsplatz öffnet sich einfach automatisch
anti, anti vir, arbeitsplatz, automatisch, bereits, einfach, google, hallo zusammen, heute, konnte, langsam, malware, meldung, nerve, neuste, rechner, seltsamer, start, start von windows, surfe, surfen, tastatur, taste, windows, zusammen, öffnet



Ähnliche Themen: Arbeitsplatz öffnet sich einfach automatisch


  1. Watch4 öffnet sich einfach so
    Plagegeister aller Art und deren Bekämpfung - 11.10.2015 (13)
  2. Watch4.de öffnet sich einfach. Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 10.10.2015 (5)
  3. Die Seite Watch4 öffnet sich einfach so
    Plagegeister aller Art und deren Bekämpfung - 30.09.2015 (7)
  4. Es öffnet sich ständig einfach Werbung
    Plagegeister aller Art und deren Bekämpfung - 25.09.2015 (8)
  5. Die Seite Watch4 öffnet sich einfach so
    Plagegeister aller Art und deren Bekämpfung - 21.09.2015 (12)
  6. Es öffnet sich ständig einfach Werbung
    Plagegeister aller Art und deren Bekämpfung - 13.08.2015 (5)
  7. [Windows7] Computer (Arbeitsplatz) öffnet sich ständig!
    Log-Analyse und Auswertung - 28.10.2014 (11)
  8. Computer/Arbeitsplatz Vista 64 Bit öffnet sich ohne Aufforderung
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (2)
  9. Arbeitsplatz öffnet sich einfach automatisch
    Alles rund um Windows - 28.01.2013 (2)
  10. Internet Explorer öffnet sich einfach
    Plagegeister aller Art und deren Bekämpfung - 23.12.2010 (13)
  11. Internet Explorer öffnet sich automatisch und lässt sich nicht mehr schließen
    Log-Analyse und Auswertung - 27.08.2010 (2)
  12. Internet Explorer öffnet sich automatisch und öffnet Werbeseiten
    Log-Analyse und Auswertung - 18.06.2010 (1)
  13. IE öffnet sich einfach selbst mit Werbung
    Log-Analyse und Auswertung - 09.12.2009 (6)
  14. Inet Explorer öffnet sich einfach.
    Log-Analyse und Auswertung - 13.05.2009 (1)
  15. Taskmanager öffnet sich und schließt sich automatisch gleich
    Log-Analyse und Auswertung - 25.01.2009 (0)
  16. Bei mir öffnet sich immer einfach de explorer
    Log-Analyse und Auswertung - 10.10.2008 (2)
  17. Internet Explorer öffnet sich automatisch, hängt sich auf
    Mülltonne - 06.11.2007 (0)

Zum Thema Arbeitsplatz öffnet sich einfach automatisch - Hallo zusammen, seit heute öffnet sich mein Arbeitsplatz seltsamer automatisch während dem Surfen, bzw Zocken. Beim Start von Windows öffnet er sich NICHT. Anti Vir ist auf dem Rechner und - Arbeitsplatz öffnet sich einfach automatisch...
Archiv
Du betrachtest: Arbeitsplatz öffnet sich einfach automatisch auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.