Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojana mit städiger Werbung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.02.2013, 17:27   #1
djstana
 
Trojana mit städiger Werbung - Standard

Trojana mit städiger Werbung



Hallo an alle

Habe etliche Trojana vielleicht kann mir hier da jemand Helfen hier die Daten

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
ADMIN Martin :: ADMINMARTIN [Administrator]

Schutz: Aktiviert

15.02.2013 18:14:37
mbam-log-2013-02-15 (18-14-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 217965
Laufzeit: 5 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\ADMIN Martin\Downloads\SoftonicDownloader_fuer_ikea-home-planer.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\ADMIN Martin\Downloads\Stirb_Langsam_Quadrologie_German_AC3_DTS_DL_1080p_BluRay_x264.exe (PUP.Offerware) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


MFG

Alt 15.02.2013, 17:31   #2
markusg
/// Malware-holic
 
Trojana mit städiger Werbung - Standard

Trojana mit städiger Werbung



hi
wer läd denn nen film als exe runter...
illegale downloads machen und dannnicht mal auf dateityp gucken?

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 15.02.2013, 18:58   #3
djstana
 
Trojana mit städiger Werbung - Standard

Trojana mit städiger Werbung



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.02.2013 18:49:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ADMIN Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 39,25% Memory free
7,93 Gb Paging File | 5,47 Gb Available in Paging File | 68,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,11 Gb Total Space | 203,00 Gb Free Space | 44,51% Space Free | Partition Type: NTFS
 
Computer Name: ADMINMARTIN | User Name: ADMIN Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ADMIN Martin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\ADMIN Martin\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe ()
PRC - C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
PRC - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Users\ADMIN Martin\AppData\Roaming\tele.ring Verbindungsmanager\ouc.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\BySoft FreeRAM\FreeRAM.exe (BySoft)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll ()
MOD - C:\Program Files (x86)\IncrediMail\Bin\pmc.dll ()
MOD - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
MOD - C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (AddonsHelper) -- C:\Users\ADMIN Martin\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe ()
SRV - (SearchAnonymizer) -- C:\Users\ADMIN Martin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BrowserProtect) -- C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe ()
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (VUAgent) -- C:\Programme\Sony\VAIO Update\VUAgent.exe (Sony Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (VcmINSMgr) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (SpfService) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (VSNService) -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (VAIO Power Management) -- C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (tcpipBM) -- C:\Windows\SysNative\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV:64bit: - (BMLoad) -- C:\Windows\SysNative\drivers\BMLoad.sys (Bytemobile, Inc.)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Suche
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9}
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=3ef306280000000000000024d610728b
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{127E3622-83CB-46A5-9D53-9F9AE8DDB572}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{14003A82-886B-4F47-99E1-676F070101F0}: "URL" = hxxp://www.google.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E64652F7365617263683F686C3D646526713D7B7365617263685465726D737D266D657461&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{1B485D9C-D467-4E38-92AD-5B6D53DBD8EA}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{39A20890-B88B-401C-9603-57F369E8FCB6}: "URL" = hxxp://rover.ebay.com.anonymize-me.de/?anonymto=687474703A2F2F726F7665722E656261792E636F6D2F726F7665722F312F3730372D33373237362D31363630392D302F343F73617469746C653D7B7365617263685465726D737D&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com.anonymize-me.de/?anonymto=687474703A2F2F64652E7365617263682E7961686F6F2E636F6D2F7365617263682F3F703D7B7365617263685465726D737D2666723D76635F7472616E735F64655F3831393726747970653D64733273652664&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{85A9449E-7E45-4FDD-B36C-BBA59A7D3F47}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{D1E43FE5-8B1F-4AB2-8BCA-B0B078619A7B}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{E51C4769-A19C-48D6-86EC-DD0330324439}: "URL" = hxxp://services.zinio.com.anonymize-me.de/?anonymto=687474703A2F2F73657276696365732E7A696E696F2E636F6D2F7365617263683F733D7B73656C656374696F6E7D2672663D736F6E79736C69636573&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\..\SearchScopes\{F135AF61-2AD7-49C7-BF91-9F230758417A}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=9cd5112c-51dc-4a3d-b31b-b893fb08c6f3&pid=freewarede&mode=bounce&k=0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.startup.homepage: "hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197&type=ds2hp&d"
FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA%402020Technologies.com:5.0.7.0
FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.2
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.2.6
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:4.18
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120827
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.9
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40delta.com:1.5.0
FF - prefs.js..extensions.enabledAddons: %7B58bd07eb-0ee0-4df0-8121-dc9b693373df%7D:2.6.1095.52
FF - prefs.js..extensions.enabledAddons: testpilot%40labs.mozilla.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.3.47088
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.10
FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.10.15 12:30:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.18 17:33:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.20 18:43:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013.01.27 12:51:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\ADMIN Martin\AppData\Roaming\Helper [2013.02.15 17:34:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.14 17:40:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 19:22:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.02.09 18:16:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.14 17:40:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 19:22:36 | 000,000,000 | ---D | M]
 
[2009.12.01 13:18:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Extensions
[2013.02.14 20:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Firefox\Profiles\9glbp9q4.default\extensions
[2012.08.31 17:38:55 | 000,000,000 | ---D | M] (WOT) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Firefox\Profiles\9glbp9q4.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.30 18:59:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Firefox\Profiles\9glbp9q4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.02.14 17:52:06 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Firefox\Profiles\9glbp9q4.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.10.18 17:43:56 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Firefox\Profiles\9glbp9q4.default\extensions\2020Player_IKEA@2020Technologies.com
[2013.02.09 18:16:14 | 000,000,000 | ---D | M] (Delta Toolbar) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Firefox\Profiles\9glbp9q4.default\extensions\ffxtlbr@delta.com
[2012.09.03 07:10:35 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\Firefox\Profiles\9glbp9q4.default\extensions\foxmarks@kei.com
[2013.02.12 14:40:43 | 000,615,655 | ---- | M] () (No name found) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\extensions\testpilot@labs.mozilla.com.xpi
[2013.02.09 18:15:44 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\extensions\torntv@torntv.com.xpi
[2012.03.07 19:42:02 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.08.15 16:20:06 | 000,061,403 | ---- | M] () (No name found) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.08.15 16:03:01 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.15 17:34:00 | 000,002,080 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\searchplugins\21810ed5-6834-4656-9239-ca05b77cff5f.xml
[2013.02.09 18:16:18 | 000,001,294 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\searchplugins\delta.xml
[2013.02.15 17:19:48 | 000,002,188 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\searchplugins\{0D1CF61D-CABC-4939-87B5-70A520ACE72F}.xml
[2013.02.15 17:19:48 | 000,002,077 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\searchplugins\{A1B699AE-12AD-4AB3-90CA-B9ADA758E3DA}.xml
[2013.02.15 17:19:48 | 000,001,870 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Roaming\mozilla\firefox\profiles\9glbp9q4.default\searchplugins\{F0EAB79D-99B5-4293-9C1E-D6148D9A08B8}.xml
[2013.02.12 14:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.06 19:22:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013.02.06 19:22:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.02.14 17:40:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.11.18 17:33:32 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.02.09 18:16:23 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\PROGRAMDATA\BROWSERPROTECT\2.6.1095.52\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\FIREFOXEXTENSION
[2013.02.14 17:40:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.01 20:33:44 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.02.15 17:19:48 | 000,001,684 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.15 17:19:48 | 000,006,576 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013.02.15 17:19:48 | 000,001,935 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.15 17:19:48 | 000,001,271 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.15 17:19:48 | 000,007,051 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.15 17:19:48 | 000,001,278 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.15 17:19:48 | 000,001,170 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - homepage: Yahoo! Suche
CHR - Extension: No name found = C:\Users\ADMIN Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\ADMIN Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\ADMIN Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: No name found = C:\Users\ADMIN Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: No name found = C:\Users\ADMIN Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\
CHR - Extension: No name found = C:\Users\ADMIN Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.08.16 20:57:38 | 000,000,851 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\ADMIN Martin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\tele.ring Verbindungsmanager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000..\Run: [BySoft FreeRAM] C:\Program Files (x86)\BySoft FreeRAM\FreeRAM.exe (BySoft)
O4 - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000..\Run: [HW_OPENEYE_OUC_tele.ring Verbindungsmanager] C:\Program Files (x86)\tele.ring Verbindungsmanager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2443283166-3498647016-2580821641-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\ADMIN Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ADMIN Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\ADMIN Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.13.2)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} hxxp://webc.hsv-laufsport.com/auth/controls/IlosoftImageUpload.dll (IlosoftImageUploadCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 92.62.30.3 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BA17AE1-8B05-40B6-A3C4-88B3EB7E35E3}: DhcpNameServer = 213.162.69.170 213.162.69.169
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B9B565C-06D3-446B-9A57-80B91D0C36EB}: DhcpNameServer = 92.62.30.3 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91C51C54-2FB5-4517-A48D-D267060B0199}: DhcpNameServer = 213.162.69.169 213.162.65.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.02.14 20:49:32 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{27cfdfa9-05b8-11e2-82c4-0024be789a5d}\Shell - "" = AutoRun
O33 - MountPoints2\{27cfdfa9-05b8-11e2-82c4-0024be789a5d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{7374baaa-0d86-11df-99d3-002643749b49}\Shell - "" = AutoRun
O33 - MountPoints2\{7374baaa-0d86-11df-99d3-002643749b49}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{a3839830-2d2e-11df-8a4e-002643749b49}\Shell - "" = AutoRun
O33 - MountPoints2\{a3839830-2d2e-11df-8a4e-002643749b49}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{b7297a68-00a0-11e2-8fe5-002643749b49}\Shell - "" = AutoRun
O33 - MountPoints2\{b7297a68-00a0-11e2-8fe5-002643749b49}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b7297a75-00a0-11e2-8fe5-002643749b49}\Shell - "" = AutoRun
O33 - MountPoints2\{b7297a75-00a0-11e2-8fe5-002643749b49}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b7297a85-00a0-11e2-8fe5-002643749b49}\Shell - "" = AutoRun
O33 - MountPoints2\{b7297a85-00a0-11e2-8fe5-002643749b49}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX:64bit: >{E180241B-EB76-4C34-83A1-489F6DEE2BB7} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CCBCB3CD-DB11-9DF4-CA87-EA6704FCDADF} - Microsoft Windows Media Player
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.15 18:37:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ADMIN Martin\Desktop\OTL.exe
[2013.02.15 18:13:44 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Malwarebytes
[2013.02.15 18:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.15 18:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.15 18:13:32 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.15 18:13:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.15 17:34:00 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Helper
[2013.02.15 17:19:48 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Opera
[2013.02.15 17:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper
[2013.02.15 17:19:40 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\OCS
[2013.02.15 17:09:23 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\IN-MEDIAKG
[2013.02.15 17:08:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IntelligentNetClean
[2013.02.15 17:08:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IntelligentNetClean
[2013.02.15 17:08:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mresreg
[2013.02.14 21:15:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.02.14 21:11:36 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
[2013.02.14 20:48:35 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.02.14 20:44:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.02.14 17:52:15 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\QuickScan
[2013.02.13 19:04:22 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.13 19:04:14 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.13 19:04:14 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.13 19:04:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.13 19:04:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.13 19:04:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.13 19:04:08 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.13 19:03:20 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 19:03:17 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 19:03:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 19:03:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 19:03:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 19:03:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 19:02:41 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.13 19:01:22 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 19:01:19 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 19:01:18 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.12 15:18:48 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Pegasus Mail
[2013.02.12 15:18:25 | 000,000,000 | ---D | C] -- C:\PMAIL
[2013.02.12 15:07:36 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Thunderbird
[2013.02.12 15:07:36 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Local\Thunderbird
[2013.02.09 18:16:26 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
[2013.02.09 18:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserProtect
[2013.02.09 18:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013.02.09 18:16:11 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Delta
[2013.02.09 18:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.02.09 18:15:55 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Babylon
[2013.02.09 18:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013.02.09 18:15:40 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
[2013.02.09 18:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TornTV.com
[2013.02.08 20:57:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BySoft FreeRAM
[2013.02.08 20:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BySoft FreeRAM
[2013.02.08 20:56:43 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.08 20:56:29 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.08 20:56:29 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.08 20:56:29 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.07 17:45:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Photo Notifier and Animation Creator
[2013.02.07 17:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photo Notifier and Animation Creator
[2013.02.07 17:44:44 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Local\IM
[2013.02.07 17:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail
[2013.02.07 17:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\IncrediMail
[2013.02.07 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IncrediMail
[2013.02.07 17:44:20 | 000,000,000 | ---D | C] -- C:\ProgramData\IM
[2013.02.06 19:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.03 16:07:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{0F141AD0-9A8F-4DBC-A7F2-DCBF5ED1FF92}
[2013.02.03 16:07:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{FC8D5DAA-5791-4225-A173-7BF25575F648}
[2013.02.03 16:07:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{7AB2EEE1-F21F-4431-9549-BDEE9335BAE6}
[2013.02.03 16:07:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{F9FD83FE-5CD4-41B4-9065-C45477A1D364}
[2013.02.03 16:07:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{BD678B7F-2061-43DA-B7A0-FCCCD3564132}
[2013.02.03 16:07:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{8873B575-5590-46D0-ABB6-64D478FFB936}
[2013.02.03 16:07:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{960C181C-8BAF-4454-9485-C222360C989E}
[2013.02.03 16:06:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{AEDF99A0-656C-4ABA-B687-D8EC446B94B8}
[2013.02.03 16:06:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{CBA2BE5D-1816-4E52-9B44-67D66A261B27}
[2013.02.03 16:05:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{6575F59A-000F-4C1F-B5E3-AF92CE1F09F4}
[2013.02.03 16:05:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{957E720E-B299-4B86-8A03-DED43BF87292}
[2013.02.03 16:05:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{C0AB7B39-B8F7-400B-A1FC-175C28CCA03E}
[2013.02.03 16:05:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{96B45E4C-AA46-48CB-954B-BBDBD1FE7A0A}
[2013.02.03 16:05:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{FB935362-F692-4AF0-8B29-ED3B844F38B4}
[2013.02.03 16:05:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{8C9645D5-990E-419B-BC2A-0892CB65E9A9}
[2013.02.03 16:05:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{962E025A-6DB7-42F1-A20B-E9BE2361609F}
[2013.02.03 16:04:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{294EF732-A941-4563-9153-42EC96D23256}
[2013.02.03 16:04:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{1F3C5872-C260-40E3-BB0A-74E57CFB8F19}
[2013.02.03 16:04:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{88139E39-ADA8-4E1B-95B6-E514FB63B8E5}
[2013.02.03 16:04:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{E26D12A5-10C6-4731-BF50-420A21404F3C}
[2013.02.03 16:04:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{46A2A796-E1D2-424C-9C63-E9500FE5D6F7}
[2013.02.03 16:02:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{74BC2B42-2E6E-4260-8B19-4D6AB8F2B33F}
[2013.02.03 16:02:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7F99CC0A-5B85-4B92-AE4B-B09C6FC4C165}
[2013.02.03 16:02:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{09FD9EDD-2E73-43EC-A2D4-C2E94AAA0D98}
[2013.02.03 16:02:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{35BDFAEE-2E74-4EC4-92A2-C7FD4C5A8BBE}
[2013.02.03 16:02:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{E7AF2548-E699-42C9-A47D-87A12942BD8F}
[2013.02.03 16:02:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{A56605AC-DA31-480B-8D32-FDE061F24A29}
[2013.02.03 16:01:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{B2EE2127-933A-46C3-A901-F9E143F4B2B0}
[2013.02.03 16:01:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{550FD277-C7BA-4BA5-87C6-08166C39A950}
[2013.02.03 16:01:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{92D3F3F5-400D-4D64-A68F-13F4F2EF48BF}
[2013.02.03 16:01:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D13D9169-3C2E-41A4-8C95-681B16A22FEB}
[2013.02.03 16:00:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{0F423034-1CF9-4416-8097-9C7883B40160}
[2013.02.03 16:00:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{60B18D0B-059B-47EB-AAAF-DBCB027E335F}
[2013.02.03 16:00:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{849469BB-4944-49A9-9BAC-2529D3D72C7A}
[2013.02.03 16:00:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{614E35B9-3550-4462-B415-0F9D812C1401}
[2013.02.03 16:00:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{7FB4D0CD-9BF2-4D2A-A027-4E03BABEFA21}
[2013.02.03 15:59:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{941BEDD6-5FE2-4585-807F-88070723A0A9}
[2013.02.03 15:58:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{4BC0CA0B-DEDC-4F90-9451-77E1C3BEA097}
[2013.02.03 15:58:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{C0453023-D53A-4A1E-8D4B-70CD70657DC9}
[2013.02.03 15:58:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{B6DC0BE2-4D08-4420-AEC0-4814296E509E}
[2013.02.03 15:58:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{5A45CA50-CBA1-44C3-9A11-AAFF4948AC30}
[2013.02.03 15:58:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4875925A-46C5-48EB-A959-38239BA215D1}
[2013.02.03 15:56:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5AEF8284-57B0-48FA-BE49-3EDB1EAE886B}
[2013.02.03 15:56:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{0DFA62A0-5D1B-453C-ADC2-BF33A550E2E9}
[2013.02.03 15:56:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{F26BB389-356B-4A7F-828C-ACA695E551AA}
[2013.02.03 15:56:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{C9B40143-0B9C-4272-B966-2BE1CF1B43AF}
[2013.02.03 15:55:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{AA408B36-2C8F-4D3F-A21F-EB3431B3F930}
[2013.02.03 15:55:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{9AA605F9-7FA3-4DBC-8440-ED965426C70B}
[2013.02.03 15:55:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{FA6EBE04-7497-4AE9-975B-B77B88D64F4A}
[2013.02.03 15:55:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{4E604B3C-E504-4638-A176-96E916947531}
[2013.02.03 15:53:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{6CA18FEA-A629-4757-9265-18972952A9DC}
[2013.02.03 15:53:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{23A5C30D-E186-4C7E-BA21-3740223176BA}
[2013.02.03 15:53:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{6D7F5783-EA0B-4BF4-AB89-B102FB9DFBE9}
[2013.02.03 15:53:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{81EB7DBE-FC2E-4EE7-8756-1547F0FAA830}
[2013.02.03 15:49:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A23A5BB6-2DDD-4A5A-A4FC-B4349BBDDB4E}
[2013.02.03 15:49:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{B98EA7E8-12B6-458C-B284-78135F1C35CB}
[2013.02.03 15:49:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{90308D11-42AF-4A77-BBF3-F63E9D2A6E45}
[2013.02.03 15:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{D9075E57-55AF-48ED-B59F-2DE365D11DF5}
[2013.02.03 15:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{6584426A-00F7-46A1-8C7B-3BD847048777}
[2013.02.03 15:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{15391716-09EA-4B94-B633-4E1E8DFFB3CF}
[2013.02.03 15:33:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{628259B9-F8ED-4765-9D64-7EBD67B0DB2C}
[2013.02.03 15:33:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{5CFBEE09-AC9A-4416-AE2E-D6560AAEDC6F}
[2013.02.03 15:33:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{0260B41F-1105-4281-9656-B8A0C6D0DE6B}
[2013.02.03 15:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{881B7091-E7DA-47BF-B28D-8D384B51B1C9}
[2013.02.03 15:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{823377AE-9F1C-4EA0-8BB7-D24A4AA27354}
[2013.02.03 15:33:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{9D0B9BF9-6BB8-444E-BEF7-D816F35F22D8}
[2013.02.03 15:29:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C42FC20A-2E75-4723-B0A3-D786897E68D7}
[2013.02.03 15:29:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{C277576C-5F25-438C-90D8-658C08FC3590}
[2013.02.03 15:29:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{7AAD0434-C883-44D7-9ED9-FDB6153AB056}
[2013.02.03 15:29:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{0CBB48E4-0D89-4DC4-845C-D2ED90F812C6}
[2013.02.03 15:29:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4D7EFEDB-FCB7-4716-8910-4D6162392A74}
[2013.02.03 15:29:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{FBD38C1D-6B71-4C80-AEB8-D64E22A48248}
[2013.02.03 15:29:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{8E1A4918-F063-49DA-A18F-C1D8C5B2F8F9}
[2013.02.03 15:29:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{7BD46B1F-5C6E-4871-863B-8E7EDEA8BF90}
[2013.02.03 15:29:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{A76D5B1D-3B70-40DF-B0AF-2730BF314DE4}
[2013.02.03 15:29:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{9D6F71EE-9F71-45E6-A368-4314B27111A2}
[2013.02.03 15:29:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{29C4AFB5-E7C0-4D91-AAD5-6246BAE8FFA5}
[2013.02.03 15:29:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{22473CB0-EA87-4526-88B4-F17BAA7734DB}
[2013.02.03 15:29:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{AAB2FE19-362A-451E-A04D-FB299B6457E4}
[2013.02.03 15:29:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{E206A297-8134-4716-BEFF-81890706276C}
[2013.02.03 15:29:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3053B8A7-CF94-4953-8C90-C0B02B9E330D}
[2013.02.03 15:29:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{BEDACBB1-73A0-4A52-90AC-B3313F2CC12F}
[2013.02.03 15:29:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{B2033148-D2E0-40B6-BD07-17838D63D26F}
[2013.02.03 15:29:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{F805A152-2618-48BE-A104-CEBAB23F7C27}
[2013.02.03 15:29:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{F19DC849-C6F1-4522-A928-DEB7BF4C81DA}
[2013.02.03 15:29:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{050CEA33-B650-436E-A095-DE0FD27DCEFB}
[2013.02.03 15:29:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{2C7C9ABA-6F27-4799-ACCE-3322F67EC69F}
[2013.02.03 15:28:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{12C5D528-ED0F-4F11-B6E0-F5B9CC15985A}
[2013.02.03 15:28:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{5C5EE20D-4BAF-4408-8EFA-E0588FFECF3B}
[2013.02.03 15:28:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7D9B835A-CC38-445F-826A-2EDB110BCEE5}
[2013.02.03 15:28:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{2EA6371E-E407-4771-8DFE-D5D97ACDD57C}
[2013.02.03 15:28:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{BD14D190-4EFD-470C-A100-2D93CD482F5F}
[2013.02.03 15:26:57 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{80FF3CF9-AA6B-45A8-AA58-B73895C5DD96}
[2013.02.03 15:26:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{B92F21E7-3807-4E3E-AB36-D5F36247238A}
[2013.02.03 15:26:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9762E6AB-BBD4-4E93-88A6-ADA22C422231}{A52981B1-F32A-4F9D-960E-B895C29B5E2A}
[2013.02.03 15:26:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A2EE6CE5-BB6A-455F-A52D-E903476755FF}
[2013.02.03 13:22:24 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\Desktop\Filme Neu
[2013.01.27 14:14:33 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\Documents\Benutzerdefinierte Office-Vorlagen
[2013.01.27 12:51:52 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\Documents\Freemake
[2013.01.27 12:51:51 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.01.27 12:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.01.27 12:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013.01.27 12:51:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013.01.27 10:35:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2013.01.27 10:33:28 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013.01.27 10:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013.01.27 10:29:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2013.01.22 21:12:44 | 000,000,000 | R--D | C] -- C:\Users\ADMIN Martin\Dropbox
[2013.01.20 19:04:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{50285130-E65B-4C66-9A6A-A08F93A02781}
[2013.01.20 19:04:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{79C424F9-D96F-4C6A-AC92-0CF5796D210C}
[2013.01.20 19:03:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{433AD796-3396-4070-85C4-3209CBF9F7A1}
[2013.01.20 19:03:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{F2F7E25D-8E29-497A-A803-ED194FEB6726}
[2013.01.20 19:03:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{6C3430A9-AF21-49FF-A486-F855258FFCF9}
[2013.01.20 19:03:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{BBE17A63-E7A1-47D8-B927-FD19277F0FBB}
[2013.01.20 19:03:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{F9EDEB56-6B54-4EE9-89A9-BB38A446BF36}
[2013.01.20 19:03:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{B441D4AA-2A92-4FE7-A6C7-B9D618B4AF08}
[2013.01.20 19:03:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{9A4521A4-FD3A-4725-9851-9B4A1369BA08}{6D693C7F-82A0-4CBD-9D90-51369E79C367}
[2013.01.20 19:03:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{AFBE2E1B-195E-4E41-8A1E-5A12A4ED8EC6}
[2013.01.20 19:03:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{E3DDBB8A-0F3C-4315-97C2-A4E95A7D89BB}
[2013.01.20 19:03:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3DAC7CA9-6EC0-40C2-A4F6-E77EDD86AA82}
[2013.01.20 18:45:58 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\Desktop\youtube Musik
[2013.01.20 18:44:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.01.20 18:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.01.20 15:15:34 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\Documents\NeroVision
[2013.01.20 15:09:04 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Media Player Classic
[2013.01.20 15:06:19 | 000,000,000 | ---D | C] -- C:\videodvdmaker
[2013.01.20 15:06:19 | 000,000,000 | ---D | C] -- C:\Users\ADMIN Martin\AppData\Roaming\Video DVD Maker FREE
[2013.01.20 15:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013.01.20 15:05:28 | 000,839,680 | ---- | C] (www) -- C:\Windows\SysWow64\lameACM.acm
[2013.01.20 15:05:26 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2013.01.20 15:05:26 | 000,118,784 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2013.01.20 15:05:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013.01.20 15:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video DVD Maker
[2013.01.20 15:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video DVD Maker
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.15 18:37:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ADMIN Martin\Desktop\OTL.exe
[2013.02.15 18:27:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.15 18:13:35 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.15 17:10:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 17:10:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 17:08:53 | 000,001,093 | ---- | M] () -- C:\Users\ADMIN Martin\Desktop\IntelligentNetClean.lnk
[2013.02.15 17:02:13 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.02.15 17:00:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.15 17:00:18 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 21:43:10 | 000,000,123 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Local\rssbuilder.config
[2013.02.14 21:26:12 | 000,161,076 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Local\ars.cache
[2013.02.14 21:10:48 | 000,000,036 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Local\housecall.guid.cache
[2013.02.14 20:49:32 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.02.14 03:41:38 | 000,547,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.14 03:10:52 | 001,528,474 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.14 03:10:52 | 000,657,676 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.14 03:10:52 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.14 03:10:52 | 000,131,016 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.14 03:10:52 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.12 14:40:35 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.02.10 20:44:28 | 000,023,024 | ---- | M] () -- C:\Users\ADMIN Martin\Desktop\wir-bewegen-.html
[2013.02.09 08:27:29 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.09 08:27:29 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.08 20:56:24 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.08 20:56:20 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.08 20:56:20 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.08 20:56:19 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.08 20:56:17 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013.02.08 20:56:17 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.07 18:13:50 | 000,005,632 | ---- | M] () -- C:\Users\ADMIN Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.07 17:44:28 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2013.01.27 12:51:51 | 000,001,324 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013.01.27 12:44:28 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013.01.27 10:35:54 | 000,003,037 | ---- | M] () -- C:\Users\ADMIN Martin\Desktop\Excel 2013.lnk
[2013.01.27 10:35:54 | 000,003,015 | ---- | M] () -- C:\Users\ADMIN Martin\Desktop\Word 2013.lnk
[2013.01.27 10:35:54 | 000,002,937 | ---- | M] () -- C:\Users\ADMIN Martin\Desktop\PowerPoint 2013.lnk
[2013.01.27 10:35:54 | 000,002,864 | ---- | M] () -- C:\Users\ADMIN Martin\Desktop\Outlook 2013.lnk
[2013.01.26 21:37:23 | 000,151,773 | ---- | M] () -- C:\Users\Public\Documents\U11MK_U14BLMMK_Bruck_2012_Ergebnisse_Aussendung1.mht
[2013.01.20 18:45:25 | 000,000,462 | ---- | M] () -- C:\Users\ADMIN Martin\Corel.rar
[2013.01.20 18:44:38 | 000,001,402 | ---- | M] () -- C:\Users\ADMIN Martin\Desktop\Free YouTube to MP3 Converter.lnk
[2013.01.20 15:15:02 | 000,003,524 | ---- | M] () -- C:\Users\ADMIN Martin\Documents\SVCD1.nsd
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.15 18:13:35 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.15 17:08:53 | 000,001,093 | ---- | C] () -- C:\Users\ADMIN Martin\Desktop\IntelligentNetClean.lnk
[2013.02.14 21:26:12 | 000,161,076 | ---- | C] () -- C:\Users\ADMIN Martin\AppData\Local\ars.cache
[2013.02.14 21:10:48 | 000,000,036 | ---- | C] () -- C:\Users\ADMIN Martin\AppData\Local\housecall.guid.cache
[2013.02.14 20:49:32 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.02.10 20:49:26 | 000,023,024 | ---- | C] () -- C:\Users\ADMIN Martin\Desktop\wir-bewegen-.html
[2013.02.07 17:44:28 | 000,002,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail.lnk
[2013.02.07 17:44:28 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2013.01.27 12:51:51 | 000,001,324 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013.01.27 11:07:31 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2013.01.27 10:55:08 | 000,002,937 | ---- | C] () -- C:\Users\ADMIN Martin\Desktop\PowerPoint 2013.lnk
[2013.01.27 10:54:42 | 000,003,037 | ---- | C] () -- C:\Users\ADMIN Martin\Desktop\Excel 2013.lnk
[2013.01.27 10:53:39 | 000,002,864 | ---- | C] () -- C:\Users\ADMIN Martin\Desktop\Outlook 2013.lnk
[2013.01.27 10:53:25 | 000,003,015 | ---- | C] () -- C:\Users\ADMIN Martin\Desktop\Word 2013.lnk
[2013.01.27 10:29:47 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2013.01.26 21:37:20 | 000,151,773 | ---- | C] () -- C:\Users\Public\Documents\U11MK_U14BLMMK_Bruck_2012_Ergebnisse_Aussendung1.mht
[2013.01.20 18:45:25 | 000,000,462 | ---- | C] () -- C:\Users\ADMIN Martin\Corel.rar
[2013.01.20 18:44:38 | 000,001,402 | ---- | C] () -- C:\Users\ADMIN Martin\Desktop\Free YouTube to MP3 Converter.lnk
[2013.01.20 15:15:02 | 000,003,524 | ---- | C] () -- C:\Users\ADMIN Martin\Documents\SVCD1.nsd
[2013.01.20 15:05:32 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.01.20 15:05:31 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2013.01.20 15:05:28 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2013.01.20 15:05:26 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.01.20 15:05:25 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.01.20 15:05:23 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.01.09 19:02:46 | 000,000,184 | ---- | C] () -- C:\Users\ADMIN Martin\AppData\Local\rssbuilder.ftpconfig
[2013.01.09 19:01:20 | 000,000,123 | ---- | C] () -- C:\Users\ADMIN Martin\AppData\Local\rssbuilder.config
[2012.09.11 20:32:12 | 000,005,632 | ---- | C] () -- C:\Users\ADMIN Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.15 12:19:27 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.09.25 15:54:02 | 000,000,194 | ---- | C] () -- C:\Users\ADMIN Martin\AppData\Roaming\default.pls
[2010.01.04 09:31:03 | 000,001,024 | ---- | C] () -- C:\Users\ADMIN Martin\.rnd
[2009.12.03 17:11:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.12.02 13:59:11 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2009.12.01 15:02:25 | 000,000,000 | -HSD | M] -- C:\Users\ADMIN Martin\AppData\Roaming\.#
[2013.02.13 19:04:15 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Anvsoft
[2013.02.09 18:15:55 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Babylon
[2012.08.15 22:55:52 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.02.09 18:16:21 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Delta
[2013.01.21 20:42:13 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\DVDVideoSoft
[2011.10.10 17:14:47 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.28 12:49:54 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Eltima Software
[2013.01.04 15:08:23 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\FileZilla
[2010.09.24 10:54:06 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Ge org Internet Manager
[2013.01.04 14:30:58 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\GlobalSCAPE
[2013.02.15 17:09:23 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\IN-MEDIAKG
[2013.01.04 15:01:31 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\kompozer.net
[2013.02.15 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\OCS
[2013.01.04 15:35:14 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\OpenCandy
[2013.02.15 17:19:48 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Opera
[2012.11.23 17:56:58 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Origin
[2013.02.12 15:18:48 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Pegasus Mail
[2012.09.18 18:08:23 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Program Files (x86)
[2013.02.15 18:06:16 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\QuickScan
[2012.09.19 05:57:37 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\tele.ring Verbindungsmanager
[2013.02.12 15:07:36 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Thunderbird
[2012.12.18 10:22:19 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\TS3Client
[2013.01.04 15:35:57 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\TuneUp Software
[2013.02.15 19:00:38 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\uTorrent
[2013.01.20 15:06:19 | 000,000,000 | ---D | M] -- C:\Users\ADMIN Martin\AppData\Roaming\Video DVD Maker FREE
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009.12.01 15:30:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.12.01 16:27:54 | 000,000,000 | ---D | M] -- C:\Click to Disc
[2011.10.15 13:17:49 | 000,000,000 | ---D | M] -- C:\divx
[2009.09.07 06:07:08 | 000,000,000 | ---D | M] -- C:\Documentation
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.12.01 11:09:30 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.12.05 13:09:58 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.02.12 15:18:36 | 000,000,000 | ---D | M] -- C:\PMAIL
[2013.02.14 20:48:35 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.15 18:13:32 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.02.15 18:13:34 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.12.01 11:09:30 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.09.07 05:35:42 | 000,000,000 | -H-D | M] -- C:\SPLASH.000
[2009.09.07 05:35:34 | 000,000,000 | -H-D | M] -- C:\SPLASH.SYS
[2013.02.15 18:52:12 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.01.27 11:00:12 | 000,000,000 | ---D | M] -- C:\Update
[2009.12.01 11:09:40 | 000,000,000 | R--D | M] -- C:\Users
[2009.12.01 14:45:07 | 000,000,000 | ---D | M] -- C:\VAIO Entertainment
[2013.01.20 15:06:19 | 000,000,000 | ---D | M] -- C:\videodvdmaker
[2012.12.09 10:57:49 | 000,000,000 | ---D | M] -- C:\wamp
[2013.02.14 21:04:10 | 000,000,000 | ---D | M] -- C:\Windows
[2009.09.07 06:07:08 | 000,000,000 | ---D | M] -- C:\_FS_SWRINFO
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.31 05:02:11 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2008.12.10 15:36:09 | 017,815,374 | ---- | M] () .cab file -- C:\Users\ADMIN Martin\Desktop\Software\WIN XP\I386\sp3.cab:AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.12.10 15:36:09 | 017,815,374 | ---- | M] () .cab file -- C:\Users\ADMIN Martin\Desktop\Software\WIN XP\I386\sp3.cab:atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2010.01.06 11:26:57 | 000,001,024 | ---- | M] () -- C:\Users\ADMIN Martin\.rnd
[2013.01.20 18:45:25 | 000,000,462 | ---- | M] () -- C:\Users\ADMIN Martin\Corel.rar
[2013.02.15 19:18:35 | 005,242,880 | -HS- | M] () -- C:\Users\ADMIN Martin\ntuser.dat
[2013.02.15 19:18:35 | 000,262,144 | -HS- | M] () -- C:\Users\ADMIN Martin\ntuser.dat.LOG1
[2009.12.01 11:09:42 | 000,000,000 | -HS- | M] () -- C:\Users\ADMIN Martin\ntuser.dat.LOG2
[2009.12.01 13:20:13 | 000,065,536 | -HS- | M] () -- C:\Users\ADMIN Martin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2009.12.01 13:20:13 | 000,524,288 | -HS- | M] () -- C:\Users\ADMIN Martin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2009.12.01 13:20:13 | 000,524,288 | -HS- | M] () -- C:\Users\ADMIN Martin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.06.19 11:50:20 | 000,065,536 | -HS- | M] () -- C:\Users\ADMIN Martin\ntuser.dat{5ee0356b-9a61-11e0-bbc4-0024d610728a}.TM.blf
[2011.06.19 11:50:20 | 000,524,288 | -HS- | M] () -- C:\Users\ADMIN Martin\ntuser.dat{5ee0356b-9a61-11e0-bbc4-0024d610728a}.TMContainer00000000000000000001.regtrans-ms
[2011.06.19 11:50:20 | 000,524,288 | -HS- | M] () -- C:\Users\ADMIN Martin\ntuser.dat{5ee0356b-9a61-11e0-bbc4-0024d610728a}.TMContainer00000000000000000002.regtrans-ms
[2009.12.01 11:09:43 | 000,000,020 | -HS- | M] () -- C:\Users\ADMIN Martin\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          Schliesse bitte nun alle Programme >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:DED17083

< End of report >
         
--- --- ---
__________________

Alt 15.02.2013, 19:00   #4
djstana
 
Trojana mit städiger Werbung - Standard

Trojana mit städiger Werbung



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.02.2013 18:49:11 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ADMIN Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 39,25% Memory free
7,93 Gb Paging File | 5,47 Gb Available in Paging File | 68,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,11 Gb Total Space | 203,00 Gb Free Space | 44,51% Space Free | Partition Type: NTFS
 
Computer Name: ADMINMARTIN | User Name: ADMIN Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2443283166-3498647016-2580821641-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02779B68-F698-4733-A2EC-8A850B9C72E9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0501A505-FFB5-42D3-B99E-F65E7D8E5E8D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1EECCE20-9E43-4812-87FF-52A037299C50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1FD4E88C-E062-4B14-A2FE-CC4941FAB85D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{263090C9-7ACC-4FEE-B238-1E2307A45125}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2DDDFB0E-E357-4773-89D0-2ADA35DD5D92}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2E186A44-C4AB-4A0C-9750-8566DDF211B0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{38CE5062-078C-44F3-8D23-8F82CD8131C3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{52040D00-FD7F-43AA-A6A0-B164F0EBAB52}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5A27B867-7287-475F-8E1C-3CE435CD63F2}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5BA7F80D-9588-4EB5-BC3A-085657AAAEF3}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6FF6FA4F-8AD0-4A19-B06D-3F04B6EF8617}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{73DDD526-53B6-4B2A-B4C1-80CE0A9EEE68}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8152E58B-25E2-4FC3-9FF2-637F11A5427D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{84DFFB98-5E17-45BE-8BE4-010403976158}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{86604C29-308B-47DE-83B7-FCF0641883A1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{867E652C-6F26-4E55-A61C-86EA8033B5A1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A13D5D68-0BA0-49F9-9C06-8CEEB66E9003}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe | 
"{B17C596B-FBA7-4B33-BE03-75152D7F44E7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C85E62DA-9794-4B6B-AAE7-1D4777FF72F0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D06C87B2-4B64-4ED6-A564-2E4B6E81FC80}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DA3294C4-BA6E-4B62-96E3-4C0702AE06AF}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F727C5E8-1E87-4509-BEC1-EA6D982A3D51}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0475E733-BB62-4D9C-BFB4-E92FCA0E26A8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe | 
"{07F83483-9C7F-41E5-9FD3-B66073344674}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{0AA26753-05C7-472D-BE40-C921D2B6A4A0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{0D074B26-686D-42B2-A78F-17C2A1CDB064}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{15F37074-3137-4805-AC50-AC3BEBC0986E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{1B5197FC-DA03-4BD8-ADF6-C6F4DD180D99}" = protocol=6 | dir=out | app=system | 
"{1B7E406A-AB6E-485F-A727-9E5874D256F4}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{25600FA7-8748-484D-9A2A-7AA8FCFB2AEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{2604A15E-EC62-46D0-8150-58C5CF1A37F5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{28A0BAF6-29D9-4962-9C3D-F044FFFDA843}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{337D8A49-F8CF-4B5B-8C9C-F07CF86F3B30}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe | 
"{3EFE0355-6591-48FB-8510-E6BB36B17FAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5067BBF8-B42F-4174-A9DD-99068A26A432}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\ucmapi.exe | 
"{5651EF1B-5657-41E5-BD44-8CAE90C7CB42}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{572DE061-A77A-4630-866F-1CBD50F6A050}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5A425913-24E6-4B51-A219-A8BC755945B0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{5BD157C8-E153-4263-8AF0-5A8F42069793}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6979FA21-07D6-40EF-8C11-97192BA2254D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6CE0E055-32B9-4236-8078-10386203155F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7CE7CA46-436C-48E7-9F72-243DCFEED56E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8C97C589-C845-4944-87D2-F4F37DF4B37A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{98CDEE35-ED89-41DA-ABA3-8D8546374DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{A7B7A141-A312-40DF-A039-3594D5678B2C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AAF93DE8-1970-4C1B-B095-2F4EE11C891B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AB75E2B5-1F10-4062-A09B-50E3E81A9AB2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B014D545-AD5B-4F21-B9B4-04455F23BD10}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{BBA04611-55CF-445D-934F-FDC3C7F0F6E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BBA0C76F-0C0B-44C5-BB17-1AA9E33E1435}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{BD6449C6-BCF1-4867-88E7-AAB06E8BFA19}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C0EF61C0-E67E-4542-BF30-D140324E7E79}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C1BB0535-ED29-4F76-B67A-BC92F19441E9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C2DD03F5-CD52-4875-A312-6E7BA538999B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\lync.exe | 
"{C34C7CFA-B834-43B8-B259-69F683A2001D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CEA33328-5F75-4FE0-AC93-DA1619F938C6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{DC7B571B-1A19-4E82-9D38-B075B642602C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{E9A5DB36-9898-492B-8BA9-BE4890895CD7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{EEE4430D-E4ED-41B4-9986-E57EF3CDB5F6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F16722F6-341B-4907-B681-81545DB710E4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{FA04A460-FE96-48B8-8E42-26FA0932DE44}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"TCP Query User{21E9B133-C8F3-4804-8F7B-1F5B2D13AD66}F:\32bit\kmsmicrov3.11\qemu\qemu.exe" = protocol=6 | dir=in | app=f:\32bit\kmsmicrov3.11\qemu\qemu.exe | 
"TCP Query User{22A6FD8F-1776-4C21-A5F0-5049BD209889}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{4A946016-96C7-4764-AC73-38DCD508703D}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"TCP Query User{C0024A13-DE0D-498D-8A1A-9B61A753EB7B}C:\users\admin martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\admin martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{B033C91D-681C-4B0C-93A8-C6FB270A6C90}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{D79A07ED-E33A-4D09-A76E-71761BB47DBD}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{E85D3ADA-5F91-48F2-B643-3133CE3296B2}C:\users\admin martin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\admin martin\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{ED08A5C8-76AF-49E1-85D1-D26861D41B85}F:\32bit\kmsmicrov3.11\qemu\qemu.exe" = protocol=17 | dir=in | app=f:\32bit\kmsmicrov3.11\qemu\qemu.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}" = VAIO Content Metadata Intelligent Network Service Manager
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8AA7EE74-114A-FFFF-B1D2-AED4707763C9}" = ccc-utility64
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8FE3CF66-4484-4D39-B47D-DEBBA173619D}" = VAIO Content Metadata Manager Settings
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2013
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C58294-36D8-4594-8A49-7AB4AE096504}" = VAIO Content Metadata XML Interface Library
"{98C0896D-2367-4D73-A4D1-8A04E83B0828}" = Setup_VEP_x64_Contain_SSDB_VCSW
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A1255354-11F3-4D25-95CC-C9B1C2320761}" = VAIO Content Metadata Intelligent Analyzing Manager
"{A4BC24CB-F8C7-27FB-41D5-47A405031A41}" = ATI Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"SearchAnonymizer" = SearchAnonymizer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0271C003-CED0-2354-818F-A872734088B1}" = CCC Help Dutch
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = VAIO Original Funktion Einstellungen
"{06C05B90-2127-4933-8ABA-61833BDE13FA}" = Einstellungen für VAIO-Inhaltsüberwachung
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BrowserProtect
"{177586E7-E42E-4F38-83D1-D15B4AF5B714}" = Delta Chrome Toolbar
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.32.0.80
"{1E40FED6-E0D6-0AA2-BA08-75B6C1E2D02F}" = CCC Help Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FE69600-3A33-FFFF-C488-F3E40DBC2F68}" = CCC Help Czech
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{2D314DA3-96BC-4FD0-8067-70AAF054C3E2}" = RSS Builder
"{2FC5CB84-9110-DE89-379B-34E87AB8BDC1}" = CCC Help Italian
"{3662480D-028D-BE4E-DEC1-775818519CC2}" = CCC Help Norwegian
"{3BA4FBA3-35EE-3E3B-62D8-606AF0722950}" = ccc-core-static
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{48E29469-216B-1AE3-B156-A2DAA48E709E}" = Catalyst Control Center InstallProxy
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{4D029068-CE21-848B-5654-1409E47507BB}" = CCC Help Chinese Traditional
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E7FD54B-D551-70C1-CEE7-88FD59BE8063}" = CCC Help English
"{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}" = MusicStation
"{52AF7D37-EECF-535F-5226-E0DD16543CD1}" = CCC Help Thai
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{54108D57-A606-774B-BA31-6C9363B0B33A}" = Catalyst Control Center Graphics Light
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{575E77D1-29E9-28EC-7D28-F5ABAB72C270}" = Catalyst Control Center Graphics Full Existing
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64392EEB-38EF-45FD-822D-5C75CA136860}_is1" = Incomedia WebSite X5 v9 - Evolution
"{6529B443-1BD5-D7D3-7DAF-D6AD2C98C38A}" = CCC Help Finnish
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73330752-80F1-65AE-721D-8AA10AEFF99B}" = CCC Help Turkish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E1D9B1F-A5AE-737C-E0BC-96C42D19E2CC}" = CCC Help Russian
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{876172CF-1095-181F-B037-6A713235417F}" = Catalyst Control Center Graphics Previews Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AFAF619-1FD7-71BD-26F1-8EED9C1C8A8D}" = Catalyst Control Center Graphics Previews Common
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8EE47674-9AD3-B099-C6E4-7FB9F0D14D38}" = CCC Help Spanish
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0407-0000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-0000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-0000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-0000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-0000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-0000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-0000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-0000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-0000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-0000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8
"{9B00435C-61FA-BB7F-4B7A-98FCC4881C3F}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D179733-28AD-DF80-B74A-5A0F9FD4E332}" = CCC Help Japanese
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A1432157-D6B5-BD3C-42C8-E54BEED3EB0E}" = CCC Help Korean
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AB30697D-E02D-2FD7-2EF4-E60887B4B22E}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACE78B09-BD0C-E6A4-1250-2482B5A126B8}" = Catalyst Control Center Graphics Full New
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2A7278B-6D98-8640-760B-3D34485D1AD6}" = CCC Help Portuguese
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BBA68DFD-AA0F-2CD0-932A-17442B41A350}" = CCC Help Danish
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C8842F80-0E07-4424-916D-9F6B6A9968E4}" = IncrediMail
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E23CBEC5-533E-054A-4109-95751B7C3A81}" = CCC Help German
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0A034FE-0951-EF71-145E-F0DF36F5A203}" = Catalyst Control Center Core Implementation
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F05BDF-4AE4-096C-C8E9-4B4DAD2DE13D}" = CCC Help Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C91479-BDAC-4B42-0B7B-54D37EB63A12}" = CCC Help Hungarian
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F52EE3CE-A6B2-63E2-9445-EC92EEC1FB90}" = Catalyst Control Center Localization All
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FC55ADF1-53B6-269F-92F7-413AB697EE48}" = CCC Help Greek
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"avast" = avast! Free Antivirus
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"delta" = Delta toolbar  
"DivX Setup" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.6.0.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1
"IncrediMail" = IncrediMail 2.5
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"IntelligentNetClean_is1" = IntelligentNetClean
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MarketingTools" = VAIO Marketing Tools
"MFU Module" = 
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"splashtop" = VAIO Quick Web Access
"SWiSH miniMax4" = SWiSH miniMax4
"tele.ring Verbindungsmanager" = tele.ring Verbindungsmanager
"uTorrent" = µTorrent
"VAIO Help and Support" = 
"VAIO NW screensaver" = VAIO NW screensaver
"VAIO Premium Partners 1.00" = VAIO Premium Partners 1.00
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2443283166-3498647016-2580821641-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.01.2013 12:08:51 | Computer Name = ADMINMartin | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 15.0.4420.1017,
 Zeitstempel: 0x506734e2  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xdc6900fe  ID des fehlerhaften
 Prozesses: 0x16b0  Startzeit der fehlerhaften Anwendung: 0x01cdfd71a7d0a764  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 0126d013-6965-11e2-9799-002643749b49
 
Error - 28.01.2013 12:10:07 | Computer Name = ADMINMartin | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 15.0.4420.1017,
 Zeitstempel: 0x506734e2  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x5e81ee01  ID des fehlerhaften
 Prozesses: 0x11d4  Startzeit der fehlerhaften Anwendung: 0x01cdfd71dc54d492  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 2e65b03c-6965-11e2-9799-002643749b49
 
Error - 28.01.2013 12:13:02 | Computer Name = ADMINMartin | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 15.0.4420.1017,
 Zeitstempel: 0x506734e2  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x164bda01  ID des fehlerhaften
 Prozesses: 0x1b04  Startzeit der fehlerhaften Anwendung: 0x01cdfd71f6d071bf  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 96b23c63-6965-11e2-9799-002643749b49
 
Error - 28.01.2013 12:13:42 | Computer Name = ADMINMartin | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 15.0.4420.1017,
 Zeitstempel: 0x506734e2  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xda01278e  ID des fehlerhaften
 Prozesses: 0x153c  Startzeit der fehlerhaften Anwendung: 0x01cdfd725cf23636  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: aea49e28-6965-11e2-9799-002643749b49
 
Error - 31.01.2013 13:39:18 | Computer Name = ADMINMartin | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 31.01.2013 13:39:22 | Computer Name = ADMINMartin | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 31.01.2013 13:39:22 | Computer Name = ADMINMartin | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 01.02.2013 19:30:35 | Computer Name = ADMINMartin | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 01.02.2013 19:30:37 | Computer Name = ADMINMartin | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 01.02.2013 19:30:38 | Computer Name = ADMINMartin | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnapViewer.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ System Events ]
Error - 18.07.2011 04:05:25 | Computer Name = ADMINMartin | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
Error - 18.07.2011 10:05:05 | Computer Name = ADMINMartin | Source = bowser | ID = 8003
Description = 
 
Error - 20.07.2011 08:18:53 | Computer Name = ADMINMartin | Source = bowser | ID = 8003
Description = 
 
Error - 21.07.2011 05:23:57 | Computer Name = ADMINMartin | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 21.07.2011 06:38:29 | Computer Name = ADMINMartin | Source = BROWSER | ID = 8032
Description = 
 
Error - 22.07.2011 04:10:27 | Computer Name = ADMINMartin | Source = bowser | ID = 8003
Description = 
 
Error - 23.07.2011 03:36:43 | Computer Name = ADMINMartin | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 23.07.2011 03:36:43 | Computer Name = ADMINMartin | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 23.07.2011 03:37:03 | Computer Name = ADMINMartin | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Roxio Upnp Server 10 erreicht.
 
Error - 24.07.2011 04:50:05 | Computer Name = ADMINMartin | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---

Alt 18.02.2013, 17:09   #5
markusg
/// Malware-holic
 
Trojana mit städiger Werbung - Standard

Trojana mit städiger Werbung



hi,
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Trojana mit städiger Werbung
administrator, anti-malware, autostart, bösartige, dateien, downloads, erfolgreich, etliche, explorer, gelöscht, gen, langsam, loader, minute, quarantäne, registrierung, service, speicher, test, troja, trojana, trojana or virus, users, version, verzeichnisse, werbung



Ähnliche Themen: Trojana mit städiger Werbung


  1. FB Trojana wie bekomm ich den los?
    Log-Analyse und Auswertung - 30.07.2013 (4)
  2. Trojana.Agent.PS
    Log-Analyse und Auswertung - 27.11.2012 (13)
  3. Skype Trojana
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (17)
  4. Skype Trojana
    Plagegeister aller Art und deren Bekämpfung - 30.09.2012 (5)
  5. Polizei Trojana
    Log-Analyse und Auswertung - 06.09.2012 (2)
  6. BKA Trojana 06.08.2011 /mak
    Log-Analyse und Auswertung - 09.08.2011 (1)
  7. BKA Trojana
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (35)
  8. your protection trojana
    Log-Analyse und Auswertung - 09.04.2010 (6)
  9. verdacht auf Trojana
    Log-Analyse und Auswertung - 19.02.2010 (1)
  10. Trojana - hilfeeee
    Mülltonne - 21.11.2008 (1)
  11. Trojana virus
    Mülltonne - 29.09.2008 (0)
  12. Trojana TR/BHO.czo
    Log-Analyse und Auswertung - 29.07.2008 (5)
  13. hilfe trojana
    Plagegeister aller Art und deren Bekämpfung - 26.10.2007 (1)
  14. Hab ein Trojana!!!
    Plagegeister aller Art und deren Bekämpfung - 13.05.2005 (12)
  15. Trojana/Virus per ICQ?
    Plagegeister aller Art und deren Bekämpfung - 15.12.2004 (4)
  16. Ich hab nen trojana
    Plagegeister aller Art und deren Bekämpfung - 28.09.2004 (22)

Zum Thema Trojana mit städiger Werbung - Hallo an alle Habe etliche Trojana vielleicht kann mir hier da jemand Helfen hier die Daten Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.15.07 Windows 7 Service Pack 1 x64 - Trojana mit städiger Werbung...
Archiv
Du betrachtest: Trojana mit städiger Werbung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.