Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Überall taucht Werbung auf!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.03.2013, 16:08   #1
wango90
 
Überall taucht Werbung auf! - Standard

Überall taucht Werbung auf!



Hallo,
ich hab seit einigen Tagen das Problem dass Werbung überall auftauch sei es auf Facebook in Youtube oder auch hier im Forum. Das ist immer so ein Mittelgroßes kästchen von AdChoices und ab und zu werden da auch Nachrichtenvideos abgespielt.
Ich würde mich freuen wenn ihr mir da weiterhelfen könntet.

Evtl. könnte ich auch mehrere viren haben.

Ich hab mal die ersten 3 Schritte nach einem älteren Beitrag durchgeführt:
Logfiles:

OTL
Code:
ATTFilter
OTL logfile created on: 01.03.2013 12:16:32 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wango90\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,25 Gb Available Physical Memory | 81,37% Memory free
7,99 Gb Paging File | 6,45 Gb Available in Paging File | 80,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1388,77 Gb Total Space | 1221,63 Gb Free Space | 87,96% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: WANGO90-PC | User Name: Wango90 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.28 23:04:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wango90\Desktop\OTL.exe
PRC - [2013.02.26 22:09:04 | 000,701,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.12.06 17:45:19 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.02 08:36:50 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.02 03:14:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.27 16:49:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013.02.26 23:08:48 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.19 23:17:45 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.06 17:45:19 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.10.01 20:47:24 | 005,132,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.02 09:29:48 | 011,270,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.02 08:13:20 | 000,546,816 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.20 18:37:30 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.29 10:30:34 | 000,646,248 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.04 17:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.28 02:03:42 | 000,067,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.04.28 02:03:42 | 000,028,216 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.04.03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2012.04.09 09:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 C0 D6 2E D7 09 CE 01  [binary data]
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 23:17:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 23:17:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.20 19:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\Extensions
[2013.02.16 20:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\Firefox\Profiles\s2xpq4a8.default\extensions
[2013.02.16 18:30:59 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\firefox\profiles\s2xpq4a8.default\extensions\freehdsport@freehdsport.tv.xpi
[2013.01.19 16:35:28 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\firefox\profiles\s2xpq4a8.default\extensions\torntv@torntv.com.xpi
[2013.02.19 23:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.19 23:17:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [Akamai NetSession Interface] "C:\Users\Wango90\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{254C83CF-8C33-4842-93AF-592A0C7279AA}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.28 23:04:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wango90\Desktop\OTL.exe
[2013.02.28 22:36:00 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013.02.28 22:34:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.28 22:20:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.28 22:13:58 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\Wango90\Desktop\ComboFix.exe
[2013.02.28 22:02:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.28 22:02:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.28 22:02:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.28 21:59:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.28 21:58:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.28 21:48:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.28 21:47:46 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.27 16:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013.02.27 16:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2013.02.27 16:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO
[2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Documents\My ISO Files
[2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2013.02.26 12:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\OUTLAWS
[2013.02.23 13:57:20 | 000,000,000 | ---D | C] -- C:\Webzen
[2013.02.22 22:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetmarbleGlobal
[2013.02.22 22:07:48 | 000,000,000 | ---D | C] -- C:\NetmarbleGlobal
[2013.02.22 21:57:01 | 578,688,216 | ---- | C] (Acresso Software Inc.                                        ) -- C:\Users\Wango90\Desktop\netmarble_d187_v1003_ver2_full_xfire.exe
[2013.02.22 21:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.02.22 21:55:28 | 000,000,000 | ---D | C] -- C:\Users\Wango90\.swt
[2013.02.22 15:06:50 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Kollegah_und_Farid_Bang-Jung_Brutal_Gutaussehend_2-Premium_Edition-DE-2013-NOiR
[2013.02.22 03:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2013.02.22 02:53:51 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\vlc
[2013.02.22 02:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.02.22 02:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.02.22 02:40:16 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Neuer Ordner (4)
[2013.02.22 02:27:49 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Local\Shareaza
[2013.02.22 02:27:35 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\Shareaza
[2013.02.22 02:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shareaza
[2013.02.22 02:15:00 | 000,000,000 | ---D | C] -- C:\Users\Wango90\FrostWire
[2013.02.22 02:14:58 | 000,000,000 | ---D | C] -- C:\Users\Wango90\.frostwire5
[2013.02.19 23:17:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.16 20:36:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.02.16 18:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATDheNetTVApp.com
[2013.02.14 03:01:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 03:01:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 03:01:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 03:01:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 03:01:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 03:01:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 03:01:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 03:01:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 03:01:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 03:01:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 03:01:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 03:01:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 03:01:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 03:01:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 03:01:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 11:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.02.13 11:38:33 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 11:38:32 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 11:38:32 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 11:38:12 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.13 11:38:12 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.13 11:38:11 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.13 11:38:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.13 11:38:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.13 11:38:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 11:38:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 11:38:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.13 11:38:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 11:38:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 11:38:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.13 11:38:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.13 11:38:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 11:38:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.13 11:38:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.13 11:38:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.13 11:38:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.13 11:38:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.13 11:38:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.13 11:38:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 11:38:03 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.05 11:53:26 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Neuer Ordner (2)
[2013.02.05 11:51:45 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\ALLES
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.01 12:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.01 11:22:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.28 23:04:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wango90\Desktop\OTL.exe
[2013.02.28 23:01:39 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.28 23:01:39 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.28 23:01:39 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.28 23:01:39 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.28 23:01:39 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.28 22:55:49 | 000,371,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.28 22:55:25 | 3218,202,624 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.28 22:14:04 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\Wango90\Desktop\ComboFix.exe
[2013.02.28 21:32:30 | 000,009,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 21:32:30 | 000,009,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 12:50:45 | 000,172,835 | ---- | M] () -- C:\Users\Wango90\Desktop\tumblr_m8o6g0gkUp1r7wh28o1_1280.jpg
[2013.02.28 12:45:22 | 000,004,814 | ---- | M] () -- C:\Users\Wango90\Desktop\shisha_and_more.GIF
[2013.02.27 16:24:11 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2013.02.27 04:04:39 | 000,005,120 | ---- | M] () -- C:\Users\Wango90\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.26 23:08:48 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.26 23:08:48 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.22 22:07:01 | 578,688,216 | ---- | M] (Acresso Software Inc.                                        ) -- C:\Users\Wango90\Desktop\netmarble_d187_v1003_ver2_full_xfire.exe
[2013.02.22 16:49:30 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.02.22 16:49:30 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.22 13:15:00 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.02.22 02:53:16 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.13 11:39:27 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.28 22:02:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.28 22:02:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.28 22:02:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.28 22:02:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.28 22:02:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.28 12:50:45 | 000,172,835 | ---- | C] () -- C:\Users\Wango90\Desktop\tumblr_m8o6g0gkUp1r7wh28o1_1280.jpg
[2013.02.28 12:45:17 | 000,004,814 | ---- | C] () -- C:\Users\Wango90\Desktop\shisha_and_more.GIF
[2013.02.27 16:24:11 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2013.02.23 02:22:55 | 000,005,120 | ---- | C] () -- C:\Users\Wango90\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.22 02:53:16 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.07 01:07:39 | 268,435,456 | ---- | C] () -- C:\Users\Wango90\Desktop\5589.nds
[2013.02.05 11:36:54 | 067,108,864 | ---- | C] () -- C:\Users\Wango90\Desktop\Pokémon Diamant Edition.nds
[2012.11.20 23:51:20 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.20 23:51:18 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.20 23:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.11.20 18:10:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013.02.19 23:17:45 | 000,867,664 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013.02.19 23:17:45 | 000,867,664 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013.02.19 23:17:45 | 000,867,664 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2013.02.19 23:17:46 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2013.02.19 23:17:46 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2013.02.19 23:17:46 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012.11.20 18:49:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012.11.20 18:49:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012.11.20 18:49:15 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013.02.19 23:17:45 | 000,867,664 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013.02.19 23:17:45 | 000,867,664 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013.02.19 23:17:45 | 000,867,664 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2013.02.19 23:17:46 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2013.02.19 23:17:46 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2013.02.19 23:17:46 | 000,917,400 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012.11.20 18:49:14 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012.11.20 18:49:14 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012.11.20 18:49:14 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2013.01.08 23:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation)
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\Wango90\Downloads:Shareaza.GUID

< End of report >
         
OTL Extras
Code:
ATTFilter
OTL Extras logfile created on: 01.03.2013 12:16:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wango90\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,25 Gb Available Physical Memory | 81,37% Memory free
7,99 Gb Paging File | 6,45 Gb Available in Paging File | 80,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1388,77 Gb Total Space | 1221,63 Gb Free Space | 87,96% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: WANGO90-PC | User Name: Wango90 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CE3D965F-1E25-4D47-AFBE-7A90565C3B58}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CD3864-1F26-4D62-8BD0-F63BFCCB08C6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{0AE888FC-957F-46CC-B92C-ABB3191D7137}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{0DF4ACF9-2463-4397-B3FD-1EDD00E46223}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{13BF4763-F92B-4845-BE7E-C5DE42A0D19E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{173C40E6-D43C-48E9-BCE5-5F8AB7CE98F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{1A0B68CC-042C-41E9-8F84-8F82D733618E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{23646371-714B-4CF5-B3C9-43A0BCEE86EF}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{23D5FCB8-447A-4A6B-86A0-DEE6DF9B4485}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{248DB0B8-F428-4D2A-B889-833EC3348D57}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{27234DBF-1C2A-4048-AD86-A41E6ABE2B1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{2B5C9793-C0EC-46ED-BA2F-545F9259FB54}" = protocol=6 | dir=in | app=c:\webzen\arcticcombat\system\arcticcombat.exe | 
"{2F984ACB-C539-4245-A952-7C13531A782A}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{33D68D35-15BB-404C-AAD6-498A4D0B6AD2}" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 13\game\fifa13.exe | 
"{3D8C6A59-EA1B-4AA9-B32A-5BE3B2B90152}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{45BF5F2D-17F3-474C-92D6-B58F998E4160}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{4BA22568-9A13-433E-A05C-07786ACB36FE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{4F94FF05-897F-45E1-B14B-506D18C0882F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{52728B53-FC91-4DE8-8CC5-D15C4A265B29}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{5D464D61-35F6-4116-AF90-191A16612CA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{60856B82-5902-4512-BB7A-65DB9FD309D4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"{65ED4986-291D-4183-9E4C-8B0438A26F78}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{6AC379CF-7EC1-4EC8-A698-31FC6F0CD156}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{73B06A35-3B1E-406C-B3CF-02A84525F5A1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{74350D88-16C2-460B-A2A1-4F0622ED4789}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{74BA5AEB-7CFC-4BC4-8663-7E185CA042A7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | 
"{7B33B8FD-4268-45CA-B836-F8BEA1CCCD05}" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 13\game\fifa13.exe | 
"{7BDA9AED-2217-4EAA-8FA1-0E839960E540}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{8A3164CC-7AC1-4BFA-B70C-D96FD2430818}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | 
"{8E8BF489-06D0-4990-BD77-553200DBEEDF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{8EF8EE83-AB78-4A3F-B82F-BD9FBEBA8F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{A0AF8C91-E2C9-4A7C-B136-5390868221AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A1FE7794-9E33-4EED-9405-E13854F8E268}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | 
"{C8F1A035-EE5A-4B73-A9C5-8F892357710B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | 
"{D73F21D7-B7A6-4293-B1FE-AB72F3826476}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{DC303069-7D0A-47A6-97F2-32E55C4FCF0D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"{E6AE3CC4-DDFF-4BBD-8306-780EA465DA42}" = protocol=17 | dir=in | app=c:\webzen\arcticcombat\system\arcticcombat.exe | 
"{EF7DEDC6-D784-408A-8DC7-8EC5E61A78BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{FD6EB6D2-4AEB-46AB-9C09-09C90E94D884}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"TCP Query User{075A59ED-600F-4F26-9065-35AC5797E3C4}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=6 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe | 
"TCP Query User{19314820-EC5B-4078-9986-F86C9BA8CD4D}C:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe | 
"TCP Query User{2320CBB0-E27F-4D01-9B53-7421EE6E62AB}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | 
"TCP Query User{6BF4660E-7741-48CC-AA74-B1E56B129C98}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{ACA4FDC6-23CD-45DF-B258-F0841D65DB53}C:\users\wango90\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\wango90\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{BB9BA315-FE56-46B7-B401-EB7AA77B37F6}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe" = protocol=6 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe | 
"TCP Query User{DCE7D546-AB65-4B28-866E-917EA8C0195B}C:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=6 | dir=in | app=c:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe | 
"UDP Query User{048D149B-0377-47C3-B43A-0FF06A75C683}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=17 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe | 
"UDP Query User{2A04A0F4-0ED0-43B7-A523-3338B8CCEE66}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{7A2AB41B-D70C-42E2-82D9-AEA77A7BC73C}C:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=17 | dir=in | app=c:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe | 
"UDP Query User{9CC25FBC-E637-4411-A698-473A6143E705}C:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe | 
"UDP Query User{A964C138-E72E-4879-A65E-8ABA25C3D8C6}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe" = protocol=17 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe | 
"UDP Query User{B3DB4DE3-0875-440F-9278-F7CB29BCFF3D}C:\users\wango90\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\wango90\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{B7B0C93B-4F82-4D3D-BCEE-799E62604BB8}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{065B40C5-5F4C-9CF1-7A21-2B2EAA74E44D}" = AMD Fuel
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5BA8D4F0-C15F-57FE-2B6C-C4AF214833CE}" = AMD Accelerated Video Transcoding
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2013
"{9064F37C-66B4-BAF2-E8A7-EDE5E72BB16D}" = AMD Media Foundation Decoders
"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
"{BECAA3A9-CC5A-615C-5FF5-F5261E153CF0}" = ccc-utility64
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F436A08B-63BB-72A2-17C0-6D8E5182CA49}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{12E777A1-74B6-AD5A-D2CD-C792464E425B}" = CCC Help Turkish
"{2B8D8529-DA80-74D8-4898-DAA028746E08}" = CCC Help Korean
"{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}" = CCC Help Thai
"{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}" = CCC Help Portuguese
"{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}" = Catalyst Control Center Localization All
"{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}" = CCC Help Chinese Standard
"{613C67FF-E71D-124A-6380-E0E77F9438F7}" = CCC Help Polish
"{632B73D1-C23A-0BD4-FBE2-175B680876A9}" = CCC Help Norwegian
"{659F48FB-0A8A-49A1-3FD2-C6F069C10893}" = Catalyst Control Center Graphics Previews Common
"{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A3C7EE-10A4-EA61-AC31-335E0500DE48}" = CCC Help English
"{77F94BE8-A504-352B-E873-FC78E5FA9CD7}" = CCC Help Japanese
"{79AAA7A5-6917-2C53-7FCB-C00B54602149}" = CCC Help Chinese Traditional
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0407-0000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-0000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-0000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-0000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-0000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-0000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-0000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-0000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-0000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-0000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{926E4789-8065-6F3B-9D9A-5E6AABA000BC}" = CCC Help Czech
"{9700C74F-1D07-FD53-6430-A858B34E30B7}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III
"{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}" = CCC Help Greek
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}" = CCC Help Hungarian
"{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}" = CCC Help French
"{ABA15F5D-057C-2677-3C90-04838682F66B}" = CCC Help Dutch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACC88BAA-D748-E9D9-3F72-B359EFD11912}" = CCC Help Swedish
"{D33CE733-2DE9-D582-9D35-323F9F79A1EB}" = CCC Help Italian
"{D67A9023-307F-B5A0-8621-5258D3FA9813}" = CCC Help German
"{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}" = AMD VISION Engine Control Center
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{EF666029-2EDF-C792-D438-34940ED13A46}" = CCC Help Finnish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}" = CCC Help Danish
"{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}" = CCC Help Spanish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DAEMON Tools Lite" = DAEMON Tools Lite
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.5.0
"Steam App 43110" = Metro 2033
"UltraISO_is1" = UltraISO Premium V9.53
"Uplay" = Uplay
"Wildlife Park 2 - Dino World_is1" = Wildlife Park 2 - Dino World v2.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d8be6c3f847d7d92" = Ghost Recon Online
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 28.02.2013 17:55:49 | Computer Name = Wango90-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
[ System Events ]
Error - 28.02.2013 17:06:07 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 28.02.2013 17:08:53 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 28.02.2013 17:17:16 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 28.02.2013 17:19:00 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 28.02.2013 17:49:49 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 28.02.2013 17:55:37 | Computer Name = Wango90-PC | Source = amdsata | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
 
Error - 28.02.2013 17:55:44 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 28.02.2013 17:55:52 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 01.03.2013 02:37:27 | Computer Name = Wango90-PC | Source = DCOM | ID = 10001
Description = 
 
 
< End of report >
         
Defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:33 on 01/03/2013 (Wango90)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Gmer
Code:
ATTFilter
GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-01 13:10:12
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\00000058 SAMSUNG_ rev.1AG0 1397,27GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\Wango90\AppData\Local\Temp\uxliyfod.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\svchost.exe [1140:3532]                                                                                                                                                                                                                                      000007fee98d506c
Thread  C:\Windows\system32\svchost.exe [1140:2764]                                                                                                                                                                                                                                      000007fef3b91ab0
Thread  C:\Windows\system32\svchost.exe [1140:4948]                                                                                                                                                                                                                                      000007fef3ae4164
Thread  C:\Windows\system32\svchost.exe [1140:4648]                                                                                                                                                                                                                                      000007fee8b7cb70
Thread  C:\Windows\System32\spoolsv.exe [1508:2340]                                                                                                                                                                                                                                      000007fef7d410c8
Thread  C:\Windows\System32\spoolsv.exe [1508:2344]                                                                                                                                                                                                                                      000007fef7d06144
Thread  C:\Windows\System32\spoolsv.exe [1508:2348]                                                                                                                                                                                                                                      000007fef7af5fd0
Thread  C:\Windows\System32\spoolsv.exe [1508:2352]                                                                                                                                                                                                                                      000007fef7ae3438
Thread  C:\Windows\System32\spoolsv.exe [1508:2356]                                                                                                                                                                                                                                      000007fef7af63ec
Thread  C:\Windows\System32\spoolsv.exe [1508:2364]                                                                                                                                                                                                                                      000007fef7fd5e5c
Thread  C:\Windows\System32\spoolsv.exe [1508:2368]                                                                                                                                                                                                                                      000007fef807484c
Thread  C:\Windows\System32\WUDFHost.exe [2020:3416]                                                                                                                                                                                                                                     000007fef1a924a0


---- EOF - GMER 2.1 ----
         

Alt 01.03.2013, 16:14   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Überall taucht Werbung auf! - Standard

Überall taucht Werbung auf!



Hallo und

Zitat:
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)

Warum bitte eine Professional Edition für Windows?
Wer braucht das als Heimanwender?
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!
__________________

__________________

Alt 01.03.2013, 17:52   #3
wango90
 
Überall taucht Werbung auf! - Standard

Überall taucht Werbung auf!



Weiß ich selber nicht, aber das war schon vorinstalliert als ich den PC gekauft hatte.

Logs hatte ich bis hierhinn keine.

Gerade eben hab ich die hier gemacht, und alle Funde hab ich auch gelöscht:

AVG (free edition) war nicht fündig. (weiß jetzt leider nicht wo ich den bericht finde)

und hier der negative Bericht von Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.01.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Wango90 :: WANGO90-PC [Administrator]

01.03.2013 17:03:34
mbam-log-2013-03-01 (17-03-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 346339
Laufzeit: 47 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________

Alt 02.03.2013, 01:21   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Überall taucht Werbung auf! - Standard

Überall taucht Werbung auf!



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten


MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.03.2013, 03:39   #5
wango90
 
Überall taucht Werbung auf! - Standard

Überall taucht Werbung auf!



MBAR war hatte keinen Fund, somit kam es nicht zum cleanup

MBAR:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.02.01

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Wango90 :: WANGO90-PC [administrator]

02.03.2013 03:12:57
mbar-log-2013-03-02 (03-12-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28370
Time elapsed: 8 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
aswMBR:
Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-02 03:19:22
-----------------------------
03:19:22.285    OS Version: Windows x64 6.1.7600 
03:19:22.285    Number of processors: 4 586 0x402
03:19:22.285    ComputerName: WANGO90-PC  UserName: Wango90
03:19:29.447    Initialize success
03:21:02.750    AVAST engine defs: 13030100
03:22:50.613    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
03:22:50.618    Disk 0 Vendor: SAMSUNG_ 1AG0 Size: 1430799MB BusType: 11
03:22:50.632    Disk 0 MBR read successfully
03:22:50.638    Disk 0 MBR scan
03:22:50.646    Disk 0 Windows 7 default MBR code
03:22:50.662    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          500 MB offset 2048
03:22:50.686    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1422105 MB offset 1026048
03:22:50.720    Disk 0 Partition 3 00     27 Hidden NTFS WinRE NTFS         8192 MB offset 2913497088
03:22:50.781    Disk 0 scanning C:\Windows\system32\drivers
03:22:59.621    Service scanning
03:23:17.007    Modules scanning
03:23:17.024    Disk 0 trace - called modules:
03:23:17.045    ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys 
03:23:17.054    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a24790]
03:23:17.059    3 CLASSPNP.SYS[fffff880019cc43f] -> nt!IofCallDriver -> [0xfffffa8003a1d690]
03:23:17.064    5 amdxata.sys[fffff880010878b9] -> nt!IofCallDriver -> [0xfffffa80048cda30]
03:23:17.069    7 ACPI.sys[fffff88000efb781] -> nt!IofCallDriver -> \Device\00000059[0xfffffa80048c99c0]
03:23:25.776    AVAST engine scan C:\Windows
03:23:38.431    AVAST engine scan C:\Windows\system32
03:27:29.395    AVAST engine scan C:\Windows\system32\drivers
03:28:03.531    AVAST engine scan C:\Users\Wango90
03:31:05.874    AVAST engine scan C:\ProgramData
03:31:18.757    Scan finished successfully
03:31:54.872    Disk 0 MBR has been saved successfully to "C:\Users\Wango90\Desktop\MBR.dat"
03:31:54.883    The log file has been saved successfully to "C:\Users\Wango90\Desktop\aswMBR.txt"
         
TDSSKiller:
Code:
ATTFilter
03:35:52.0408 6648  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
03:35:52.0568 6648  ============================================================
03:35:52.0569 6648  Current date / time: 2013/03/02 03:35:52.0568
03:35:52.0569 6648  SystemInfo:
03:35:52.0569 6648  
03:35:52.0569 6648  OS Version: 6.1.7600 ServicePack: 0.0
03:35:52.0569 6648  Product type: Workstation
03:35:52.0569 6648  ComputerName: WANGO90-PC
03:35:52.0569 6648  UserName: Wango90
03:35:52.0569 6648  Windows directory: C:\Windows
03:35:52.0569 6648  System windows directory: C:\Windows
03:35:52.0569 6648  Running under WOW64
03:35:52.0569 6648  Processor architecture: Intel x64
03:35:52.0569 6648  Number of processors: 4
03:35:52.0569 6648  Page size: 0x1000
03:35:52.0570 6648  Boot type: Normal boot
03:35:52.0570 6648  ============================================================
03:35:53.0955 6648  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C5B8D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
03:35:54.0018 6648  ============================================================
03:35:54.0018 6648  \Device\Harddisk0\DR0:
03:35:54.0018 6648  MBR partitions:
03:35:54.0018 6648  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFA000
03:35:54.0018 6648  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFA800, BlocksNum 0xAD98C800
03:35:54.0018 6648  ============================================================
03:35:54.0061 6648  C: <-> \Device\Harddisk0\DR0\Partition2
03:35:54.0061 6648  ============================================================
03:35:54.0061 6648  Initialize success
03:35:54.0061 6648  ============================================================
03:37:15.0577 6964  ============================================================
03:37:15.0577 6964  Scan started
03:37:15.0577 6964  Mode: Manual; SigCheck; TDLFS; 
03:37:15.0577 6964  ============================================================
03:37:16.0446 6964  ================ Scan system memory ========================
03:37:16.0446 6964  System memory - ok
03:37:16.0447 6964  ================ Scan services =============================
03:37:16.0704 6964  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
03:37:16.0958 6964  1394ohci - ok
03:37:16.0975 6964  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
03:37:16.0995 6964  ACPI - ok
03:37:17.0010 6964  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
03:37:17.0082 6964  AcpiPmi - ok
03:37:17.0150 6964  [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
03:37:17.0176 6964  AdobeARMservice - ok
03:37:17.0327 6964  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:37:17.0338 6964  AdobeFlashPlayerUpdateSvc - ok
03:37:17.0363 6964  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
03:37:17.0378 6964  adp94xx - ok
03:37:17.0392 6964  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
03:37:17.0405 6964  adpahci - ok
03:37:17.0423 6964  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
03:37:17.0434 6964  adpu320 - ok
03:37:17.0486 6964  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
03:37:17.0702 6964  AeLookupSvc - ok
03:37:17.0760 6964  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
03:37:17.0859 6964  AFD - ok
03:37:17.0895 6964  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
03:37:17.0922 6964  agp440 - ok
03:37:17.0936 6964  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
03:37:18.0056 6964  ALG - ok
03:37:18.0084 6964  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
03:37:18.0106 6964  aliide - ok
03:37:18.0141 6964  [ 603358D65A9ABF0DA21BB99A32D14C44 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
03:37:18.0235 6964  AMD External Events Utility - ok
03:37:18.0308 6964  AMD FUEL Service - ok
03:37:18.0328 6964  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
03:37:18.0357 6964  amdide - ok
03:37:18.0383 6964  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
03:37:18.0430 6964  AmdK8 - ok
03:37:18.0627 6964  [ 2FE0FD18358C4F58B70BC008324A971D ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
03:37:18.0807 6964  amdkmdag - ok
03:37:18.0836 6964  [ A28AA0D1F6B7D5FB1932A0D72B492BFF ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
03:37:18.0872 6964  amdkmdap - ok
03:37:18.0895 6964  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
03:37:18.0915 6964  AmdPPM - ok
03:37:18.0941 6964  [ 12A5062C06E03FF70DB47800F91C7A13 ] amdsata         C:\Windows\system32\DRIVERS\amdsata.sys
03:37:18.0949 6964  amdsata - ok
03:37:18.0973 6964  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
03:37:18.0984 6964  amdsbs - ok
03:37:18.0996 6964  [ 8A7F289B45CEACAC761E14D5FAC59EB9 ] amdxata         C:\Windows\system32\DRIVERS\amdxata.sys
03:37:19.0002 6964  amdxata - ok
03:37:19.0044 6964  [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
03:37:19.0051 6964  AODDriver4.2 - ok
03:37:19.0089 6964  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
03:37:19.0185 6964  AppID - ok
03:37:19.0215 6964  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
03:37:19.0288 6964  AppIDSvc - ok
03:37:19.0302 6964  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
03:37:19.0337 6964  Appinfo - ok
03:37:19.0369 6964  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
03:37:19.0401 6964  AppMgmt - ok
03:37:19.0416 6964  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
03:37:19.0427 6964  arc - ok
03:37:19.0431 6964  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
03:37:19.0442 6964  arcsas - ok
03:37:19.0465 6964  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
03:37:19.0512 6964  AsyncMac - ok
03:37:19.0530 6964  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
03:37:19.0540 6964  atapi - ok
03:37:19.0563 6964  [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
03:37:19.0572 6964  AtiHDAudioService - ok
03:37:19.0589 6964  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
03:37:19.0596 6964  AtiPcie - ok
03:37:19.0630 6964  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:37:19.0670 6964  AudioEndpointBuilder - ok
03:37:19.0679 6964  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
03:37:19.0709 6964  AudioSrv - ok
03:37:19.0886 6964  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
03:37:19.0992 6964  AVGIDSAgent - ok
03:37:20.0013 6964  [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
03:37:20.0023 6964  AVGIDSDriver - ok
03:37:20.0040 6964  [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
03:37:20.0047 6964  AVGIDSHA - ok
03:37:20.0075 6964  [ 5989592A91A17587799792A81E1541D4 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
03:37:20.0085 6964  Avgldx64 - ok
03:37:20.0112 6964  [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
03:37:20.0122 6964  Avgloga - ok
03:37:20.0137 6964  [ 841C40C193889730848849AC220D9242 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
03:37:20.0145 6964  Avgmfx64 - ok
03:37:20.0168 6964  [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
03:37:20.0176 6964  Avgrkx64 - ok
03:37:20.0186 6964  [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
03:37:20.0196 6964  Avgtdia - ok
03:37:20.0218 6964  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
03:37:20.0228 6964  avgwd - ok
03:37:20.0250 6964  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
03:37:20.0344 6964  AxInstSV - ok
03:37:20.0393 6964  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
03:37:20.0433 6964  b06bdrv - ok
03:37:20.0484 6964  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
03:37:20.0542 6964  b57nd60a - ok
03:37:20.0581 6964  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
03:37:20.0628 6964  BDESVC - ok
03:37:20.0650 6964  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
03:37:20.0742 6964  Beep - ok
03:37:20.0777 6964  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
03:37:20.0842 6964  BFE - ok
03:37:20.0882 6964  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\system32\qmgr.dll
03:37:20.0953 6964  BITS - ok
03:37:20.0973 6964  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
03:37:20.0997 6964  blbdrive - ok
03:37:21.0026 6964  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
03:37:21.0077 6964  bowser - ok
03:37:21.0091 6964  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
03:37:21.0131 6964  BrFiltLo - ok
03:37:21.0142 6964  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
03:37:21.0154 6964  BrFiltUp - ok
03:37:21.0185 6964  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
03:37:21.0228 6964  BridgeMP - ok
03:37:21.0252 6964  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
03:37:21.0281 6964  Browser - ok
03:37:21.0304 6964  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
03:37:21.0357 6964  Brserid - ok
03:37:21.0373 6964  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
03:37:21.0396 6964  BrSerWdm - ok
03:37:21.0414 6964  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
03:37:21.0429 6964  BrUsbMdm - ok
03:37:21.0440 6964  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
03:37:21.0457 6964  BrUsbSer - ok
03:37:21.0472 6964  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
03:37:21.0497 6964  BTHMODEM - ok
03:37:21.0524 6964  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
03:37:21.0607 6964  bthserv - ok
03:37:21.0631 6964  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
03:37:21.0660 6964  cdfs - ok
03:37:21.0691 6964  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
03:37:21.0701 6964  cdrom - ok
03:37:21.0721 6964  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
03:37:21.0751 6964  CertPropSvc - ok
03:37:21.0767 6964  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
03:37:21.0791 6964  circlass - ok
03:37:21.0814 6964  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
03:37:21.0827 6964  CLFS - ok
03:37:21.0879 6964  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:37:21.0906 6964  clr_optimization_v2.0.50727_32 - ok
03:37:21.0964 6964  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:37:21.0994 6964  clr_optimization_v2.0.50727_64 - ok
03:37:22.0063 6964  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:37:22.0092 6964  clr_optimization_v4.0.30319_32 - ok
03:37:22.0131 6964  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:37:22.0145 6964  clr_optimization_v4.0.30319_64 - ok
03:37:22.0149 6964  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
03:37:22.0177 6964  CmBatt - ok
03:37:22.0190 6964  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
03:37:22.0203 6964  cmdide - ok
03:37:22.0226 6964  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
03:37:22.0313 6964  CNG - ok
03:37:22.0334 6964  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
03:37:22.0361 6964  Compbatt - ok
03:37:22.0389 6964  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
03:37:22.0412 6964  CompositeBus - ok
03:37:22.0431 6964  COMSysApp - ok
03:37:22.0449 6964  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
03:37:22.0461 6964  crcdisk - ok
03:37:22.0490 6964  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
03:37:22.0526 6964  CryptSvc - ok
03:37:22.0562 6964  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys
03:37:22.0600 6964  CSC - ok
03:37:22.0624 6964  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
03:37:22.0665 6964  CscService - ok
03:37:22.0703 6964  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
03:37:22.0753 6964  DcomLaunch - ok
03:37:22.0778 6964  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
03:37:22.0861 6964  defragsvc - ok
03:37:22.0890 6964  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
03:37:22.0927 6964  DfsC - ok
03:37:22.0947 6964  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
03:37:23.0043 6964  Dhcp - ok
03:37:23.0082 6964  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
03:37:23.0168 6964  discache - ok
03:37:23.0270 6964  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
03:37:23.0314 6964  Disk - ok
03:37:23.0348 6964  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
03:37:23.0409 6964  Dnscache - ok
03:37:23.0450 6964  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
03:37:23.0495 6964  dot3svc - ok
03:37:23.0508 6964  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
03:37:23.0545 6964  DPS - ok
03:37:23.0583 6964  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
03:37:23.0592 6964  drmkaud - ok
03:37:23.0628 6964  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
03:37:23.0662 6964  dtsoftbus01 - ok
03:37:23.0712 6964  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
03:37:23.0775 6964  DXGKrnl - ok
03:37:23.0786 6964  EagleX64 - ok
03:37:23.0800 6964  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
03:37:23.0865 6964  EapHost - ok
03:37:23.0958 6964  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
03:37:24.0055 6964  ebdrv - ok
03:37:24.0083 6964  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
03:37:24.0124 6964  EFS - ok
03:37:24.0183 6964  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
03:37:24.0231 6964  ehRecvr - ok
03:37:24.0255 6964  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
03:37:24.0284 6964  ehSched - ok
03:37:24.0320 6964  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
03:37:24.0344 6964  elxstor - ok
03:37:24.0357 6964  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
03:37:24.0375 6964  ErrDev - ok
03:37:24.0419 6964  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
03:37:24.0480 6964  EventSystem - ok
03:37:24.0512 6964  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
03:37:24.0539 6964  exfat - ok
03:37:24.0553 6964  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
03:37:24.0593 6964  fastfat - ok
03:37:24.0637 6964  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
03:37:24.0708 6964  Fax - ok
03:37:24.0731 6964  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
03:37:24.0771 6964  fdc - ok
03:37:24.0787 6964  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
03:37:24.0864 6964  fdPHost - ok
03:37:24.0884 6964  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
03:37:24.0915 6964  FDResPub - ok
03:37:24.0931 6964  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
03:37:24.0939 6964  FileInfo - ok
03:37:24.0947 6964  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
03:37:24.0973 6964  Filetrace - ok
03:37:25.0060 6964  [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
03:37:25.0090 6964  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
03:37:25.0090 6964  FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
03:37:25.0103 6964  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
03:37:25.0115 6964  flpydisk - ok
03:37:25.0137 6964  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
03:37:25.0156 6964  FltMgr - ok
03:37:25.0195 6964  [ BC00505CFDA789ED3BE95D2FF38C4875 ] FontCache       C:\Windows\system32\FntCache.dll
03:37:25.0237 6964  FontCache - ok
03:37:25.0279 6964  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:37:25.0302 6964  FontCache3.0.0.0 - ok
03:37:25.0315 6964  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
03:37:25.0328 6964  FsDepends - ok
03:37:25.0360 6964  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
03:37:25.0386 6964  Fs_Rec - ok
03:37:25.0425 6964  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
03:37:25.0469 6964  fvevol - ok
03:37:25.0497 6964  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
03:37:25.0518 6964  gagp30kx - ok
03:37:25.0551 6964  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
03:37:25.0598 6964  gpsvc - ok
03:37:25.0614 6964  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
03:37:25.0662 6964  hcw85cir - ok
03:37:25.0696 6964  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:37:25.0724 6964  HdAudAddService - ok
03:37:25.0743 6964  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
03:37:25.0782 6964  HDAudBus - ok
03:37:25.0791 6964  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
03:37:25.0834 6964  HidBatt - ok
03:37:25.0851 6964  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
03:37:25.0883 6964  HidBth - ok
03:37:25.0906 6964  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
03:37:25.0938 6964  HidIr - ok
03:37:25.0951 6964  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
03:37:26.0012 6964  hidserv - ok
03:37:26.0038 6964  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
03:37:26.0080 6964  HidUsb - ok
03:37:26.0114 6964  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
03:37:26.0186 6964  hkmsvc - ok
03:37:26.0203 6964  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
03:37:26.0239 6964  HomeGroupListener - ok
03:37:26.0269 6964  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
03:37:26.0283 6964  HomeGroupProvider - ok
03:37:26.0298 6964  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
03:37:26.0308 6964  HpSAMD - ok
03:37:26.0339 6964  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
03:37:26.0381 6964  HTTP - ok
03:37:26.0393 6964  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
03:37:26.0400 6964  hwpolicy - ok
03:37:26.0414 6964  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
03:37:26.0422 6964  i8042prt - ok
03:37:26.0449 6964  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
03:37:26.0462 6964  iaStorV - ok
03:37:26.0520 6964  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:37:26.0568 6964  idsvc - ok
03:37:26.0583 6964  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
03:37:26.0596 6964  iirsp - ok
03:37:26.0618 6964  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
03:37:26.0665 6964  IKEEXT - ok
03:37:26.0681 6964  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
03:37:26.0689 6964  intelide - ok
03:37:26.0708 6964  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
03:37:26.0726 6964  intelppm - ok
03:37:26.0743 6964  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
03:37:26.0784 6964  IPBusEnum - ok
03:37:26.0805 6964  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:37:26.0831 6964  IpFilterDriver - ok
03:37:26.0859 6964  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
03:37:26.0944 6964  iphlpsvc - ok
03:37:26.0957 6964  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
03:37:26.0974 6964  IPMIDRV - ok
03:37:26.0987 6964  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
03:37:27.0023 6964  IPNAT - ok
03:37:27.0037 6964  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
03:37:27.0048 6964  IRENUM - ok
03:37:27.0063 6964  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
03:37:27.0071 6964  isapnp - ok
03:37:27.0082 6964  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
03:37:27.0093 6964  iScsiPrt - ok
03:37:27.0114 6964  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
03:37:27.0122 6964  kbdclass - ok
03:37:27.0130 6964  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
03:37:27.0145 6964  kbdhid - ok
03:37:27.0159 6964  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
03:37:27.0167 6964  KeyIso - ok
03:37:27.0191 6964  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
03:37:27.0200 6964  KSecDD - ok
03:37:27.0204 6964  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
03:37:27.0214 6964  KSecPkg - ok
03:37:27.0226 6964  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
03:37:27.0251 6964  ksthunk - ok
03:37:27.0288 6964  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
03:37:27.0361 6964  KtmRm - ok
03:37:27.0386 6964  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\System32\srvsvc.dll
03:37:27.0453 6964  LanmanServer - ok
03:37:27.0480 6964  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:37:27.0529 6964  LanmanWorkstation - ok
03:37:27.0571 6964  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
03:37:27.0696 6964  lltdio - ok
03:37:27.0715 6964  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
03:37:27.0760 6964  lltdsvc - ok
03:37:27.0784 6964  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
03:37:27.0809 6964  lmhosts - ok
03:37:27.0834 6964  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
03:37:27.0843 6964  LSI_FC - ok
03:37:27.0854 6964  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
03:37:27.0862 6964  LSI_SAS - ok
03:37:27.0870 6964  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
03:37:27.0879 6964  LSI_SAS2 - ok
03:37:27.0883 6964  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
03:37:27.0891 6964  LSI_SCSI - ok
03:37:27.0909 6964  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
03:37:27.0955 6964  luafv - ok
03:37:27.0981 6964  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
03:37:27.0990 6964  Mcx2Svc - ok
03:37:28.0008 6964  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
03:37:28.0016 6964  megasas - ok
03:37:28.0032 6964  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
03:37:28.0044 6964  MegaSR - ok
03:37:28.0060 6964  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
03:37:28.0102 6964  MMCSS - ok
03:37:28.0118 6964  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
03:37:28.0143 6964  Modem - ok
03:37:28.0152 6964  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
03:37:28.0174 6964  monitor - ok
03:37:28.0191 6964  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
03:37:28.0199 6964  mouclass - ok
03:37:28.0215 6964  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
03:37:28.0228 6964  mouhid - ok
03:37:28.0242 6964  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
03:37:28.0251 6964  mountmgr - ok
03:37:28.0290 6964  [ 5C5E45DDABEFBC9F564F1D5C83258B8F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:37:28.0335 6964  MozillaMaintenance - ok
03:37:28.0349 6964  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
03:37:28.0364 6964  mpio - ok
03:37:28.0384 6964  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
03:37:28.0442 6964  mpsdrv - ok
03:37:28.0473 6964  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
03:37:28.0515 6964  MpsSvc - ok
03:37:28.0532 6964  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
03:37:28.0552 6964  MRxDAV - ok
03:37:28.0570 6964  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
03:37:28.0604 6964  mrxsmb - ok
03:37:28.0627 6964  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:37:28.0648 6964  mrxsmb10 - ok
03:37:28.0668 6964  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:37:28.0708 6964  mrxsmb20 - ok
03:37:28.0737 6964  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
03:37:28.0750 6964  msahci - ok
03:37:28.0755 6964  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
03:37:28.0771 6964  msdsm - ok
03:37:28.0784 6964  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
03:37:28.0800 6964  MSDTC - ok
03:37:28.0839 6964  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
03:37:28.0889 6964  Msfs - ok
03:37:28.0913 6964  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
03:37:29.0024 6964  mshidkmdf - ok
03:37:29.0040 6964  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
03:37:29.0050 6964  msisadrv - ok
03:37:29.0087 6964  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
03:37:29.0159 6964  MSiSCSI - ok
03:37:29.0163 6964  msiserver - ok
03:37:29.0183 6964  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
03:37:29.0247 6964  MSKSSRV - ok
03:37:29.0259 6964  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
03:37:29.0284 6964  MSPCLOCK - ok
03:37:29.0297 6964  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
03:37:29.0331 6964  MSPQM - ok
03:37:29.0354 6964  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
03:37:29.0367 6964  MsRPC - ok
03:37:29.0375 6964  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
03:37:29.0383 6964  mssmbios - ok
03:37:29.0393 6964  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
03:37:29.0418 6964  MSTEE - ok
03:37:29.0428 6964  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
03:37:29.0446 6964  MTConfig - ok
03:37:29.0460 6964  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
03:37:29.0468 6964  Mup - ok
03:37:29.0499 6964  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
03:37:29.0589 6964  napagent - ok
03:37:29.0612 6964  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
03:37:29.0638 6964  NativeWifiP - ok
03:37:29.0677 6964  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
03:37:29.0726 6964  NDIS - ok
03:37:29.0751 6964  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
03:37:29.0791 6964  NdisCap - ok
03:37:29.0809 6964  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
03:37:29.0842 6964  NdisTapi - ok
03:37:29.0862 6964  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
03:37:29.0897 6964  Ndisuio - ok
03:37:29.0915 6964  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
03:37:29.0941 6964  NdisWan - ok
03:37:29.0951 6964  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
03:37:29.0992 6964  NDProxy - ok
03:37:30.0004 6964  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
03:37:30.0028 6964  NetBIOS - ok
03:37:30.0042 6964  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
03:37:30.0082 6964  NetBT - ok
03:37:30.0101 6964  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
03:37:30.0109 6964  Netlogon - ok
03:37:30.0139 6964  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
03:37:30.0228 6964  Netman - ok
03:37:30.0237 6964  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
03:37:30.0275 6964  netprofm - ok
03:37:30.0304 6964  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:37:30.0312 6964  NetTcpPortSharing - ok
03:37:30.0338 6964  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
03:37:30.0346 6964  nfrd960 - ok
03:37:30.0361 6964  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
03:37:30.0400 6964  NlaSvc - ok
03:37:30.0409 6964  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
03:37:30.0441 6964  Npfs - ok
03:37:30.0467 6964  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
03:37:30.0499 6964  nsi - ok
03:37:30.0506 6964  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
03:37:30.0548 6964  nsiproxy - ok
03:37:30.0610 6964  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
03:37:30.0659 6964  Ntfs - ok
03:37:30.0664 6964  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
03:37:30.0726 6964  Null - ok
03:37:30.0749 6964  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
03:37:30.0759 6964  nvraid - ok
03:37:30.0782 6964  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
03:37:30.0792 6964  nvstor - ok
03:37:30.0810 6964  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
03:37:30.0819 6964  nv_agp - ok
03:37:30.0837 6964  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
03:37:30.0874 6964  ohci1394 - ok
03:37:30.0932 6964  [ 2B8E4C792BED0E5882702720BC528AE5 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:37:30.0967 6964  ose - ok
03:37:31.0133 6964  [ FE9C0029E1AF26350D9985D00520E5C8 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
03:37:31.0225 6964  osppsvc - ok
03:37:31.0248 6964  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
03:37:31.0276 6964  p2pimsvc - ok
03:37:31.0302 6964  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
03:37:31.0316 6964  p2psvc - ok
03:37:31.0329 6964  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
03:37:31.0338 6964  Parport - ok
03:37:31.0354 6964  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
03:37:31.0362 6964  partmgr - ok
03:37:31.0373 6964  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
03:37:31.0398 6964  PcaSvc - ok
03:37:31.0414 6964  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
03:37:31.0425 6964  pci - ok
03:37:31.0433 6964  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
03:37:31.0441 6964  pciide - ok
03:37:31.0461 6964  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
03:37:31.0472 6964  pcmcia - ok
03:37:31.0484 6964  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
03:37:31.0493 6964  pcw - ok
03:37:31.0512 6964  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
03:37:31.0557 6964  PEAUTH - ok
03:37:31.0608 6964  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
03:37:31.0640 6964  PeerDistSvc - ok
03:37:31.0791 6964  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
03:37:31.0838 6964  PerfHost - ok
03:37:31.0883 6964  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
03:37:31.0936 6964  pla - ok
03:37:31.0982 6964  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
03:37:32.0049 6964  PlugPlay - ok
03:37:32.0075 6964  PnkBstrA - ok
03:37:32.0086 6964  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
03:37:32.0131 6964  PNRPAutoReg - ok
03:37:32.0167 6964  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
03:37:32.0183 6964  PNRPsvc - ok
03:37:32.0217 6964  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
03:37:32.0268 6964  PolicyAgent - ok
03:37:32.0287 6964  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
03:37:32.0314 6964  Power - ok
03:37:32.0345 6964  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
03:37:32.0405 6964  PptpMiniport - ok
03:37:32.0428 6964  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
03:37:32.0461 6964  Processor - ok
03:37:32.0500 6964  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
03:37:32.0535 6964  ProfSvc - ok
03:37:32.0545 6964  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
03:37:32.0558 6964  ProtectedStorage - ok
03:37:32.0563 6964  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
03:37:32.0618 6964  Psched - ok
03:37:32.0650 6964  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
03:37:32.0681 6964  ql2300 - ok
03:37:32.0696 6964  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
03:37:32.0705 6964  ql40xx - ok
03:37:32.0718 6964  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
03:37:32.0744 6964  QWAVE - ok
03:37:32.0758 6964  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
03:37:32.0786 6964  QWAVEdrv - ok
03:37:32.0805 6964  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
03:37:32.0840 6964  RasAcd - ok
03:37:32.0871 6964  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
03:37:32.0895 6964  RasAgileVpn - ok
03:37:32.0902 6964  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
03:37:32.0939 6964  RasAuto - ok
03:37:32.0953 6964  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
03:37:32.0989 6964  Rasl2tp - ok
03:37:33.0012 6964  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
03:37:33.0050 6964  RasMan - ok
03:37:33.0064 6964  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
03:37:33.0105 6964  RasPppoe - ok
03:37:33.0118 6964  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
03:37:33.0144 6964  RasSstp - ok
03:37:33.0166 6964  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
03:37:33.0202 6964  rdbss - ok
03:37:33.0217 6964  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
03:37:33.0227 6964  rdpbus - ok
03:37:33.0239 6964  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
03:37:33.0263 6964  RDPCDD - ok
03:37:33.0284 6964  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
03:37:33.0310 6964  RDPDR - ok
03:37:33.0335 6964  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
03:37:33.0369 6964  RDPENCDD - ok
03:37:33.0380 6964  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
03:37:33.0404 6964  RDPREFMP - ok
03:37:33.0430 6964  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
03:37:33.0460 6964  RDPWD - ok
03:37:33.0477 6964  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
03:37:33.0488 6964  rdyboost - ok
03:37:33.0522 6964  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
03:37:33.0607 6964  RemoteAccess - ok
03:37:33.0626 6964  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
03:37:33.0654 6964  RemoteRegistry - ok
03:37:33.0680 6964  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
03:37:33.0707 6964  RpcEptMapper - ok
03:37:33.0718 6964  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
03:37:33.0727 6964  RpcLocator - ok
03:37:33.0751 6964  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
03:37:33.0780 6964  RpcSs - ok
03:37:33.0794 6964  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
03:37:33.0825 6964  rspndr - ok
03:37:33.0880 6964  [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
03:37:33.0919 6964  RTL8167 - ok
03:37:33.0942 6964  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
03:37:33.0995 6964  s3cap - ok
03:37:34.0016 6964  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
03:37:34.0028 6964  SamSs - ok
03:37:34.0042 6964  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
03:37:34.0056 6964  sbp2port - ok
03:37:34.0076 6964  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
03:37:34.0185 6964  SCardSvr - ok
03:37:34.0201 6964  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
03:37:34.0242 6964  scfilter - ok
03:37:34.0283 6964  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
03:37:34.0338 6964  Schedule - ok
03:37:34.0363 6964  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
03:37:34.0389 6964  SCPolicySvc - ok
03:37:34.0403 6964  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
03:37:34.0450 6964  SDRSVC - ok
03:37:34.0472 6964  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
03:37:34.0539 6964  secdrv - ok
03:37:34.0550 6964  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
03:37:34.0588 6964  seclogon - ok
03:37:34.0604 6964  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
03:37:34.0636 6964  SENS - ok
03:37:34.0645 6964  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
03:37:34.0688 6964  SensrSvc - ok
03:37:34.0716 6964  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
03:37:34.0747 6964  Serenum - ok
03:37:34.0765 6964  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
03:37:34.0779 6964  Serial - ok
03:37:34.0790 6964  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
03:37:34.0802 6964  sermouse - ok
03:37:34.0828 6964  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
03:37:34.0871 6964  SessionEnv - ok
03:37:34.0884 6964  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
03:37:34.0905 6964  sffdisk - ok
03:37:34.0917 6964  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
03:37:34.0932 6964  sffp_mmc - ok
03:37:34.0948 6964  [ 5588B8C6193EB1522490C122EB94DFFA ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
03:37:34.0964 6964  sffp_sd - ok
03:37:34.0980 6964  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
03:37:34.0988 6964  sfloppy - ok
03:37:35.0007 6964  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
03:37:35.0044 6964  SharedAccess - ok
03:37:35.0072 6964  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:37:35.0116 6964  ShellHWDetection - ok
03:37:35.0125 6964  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
03:37:35.0138 6964  SiSRaid2 - ok
03:37:35.0143 6964  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
03:37:35.0157 6964  SiSRaid4 - ok
03:37:35.0183 6964  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
03:37:35.0233 6964  Smb - ok
03:37:35.0255 6964  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
03:37:35.0265 6964  SNMPTRAP - ok
03:37:35.0280 6964  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
03:37:35.0287 6964  spldr - ok
03:37:35.0330 6964  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
03:37:35.0414 6964  Spooler - ok
03:37:35.0509 6964  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
03:37:35.0581 6964  sppsvc - ok
03:37:35.0611 6964  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
03:37:35.0638 6964  sppuinotify - ok
03:37:35.0670 6964  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
03:37:35.0718 6964  srv - ok
03:37:35.0755 6964  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
03:37:35.0800 6964  srv2 - ok
03:37:35.0819 6964  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
03:37:35.0833 6964  srvnet - ok
03:37:35.0862 6964  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
03:37:35.0918 6964  SSDPSRV - ok
03:37:35.0938 6964  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
03:37:35.0964 6964  SstpSvc - ok
03:37:35.0991 6964  Steam Client Service - ok
03:37:36.0020 6964  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
03:37:36.0047 6964  stexstor - ok
03:37:36.0101 6964  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
03:37:36.0157 6964  stisvc - ok
03:37:36.0181 6964  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
03:37:36.0194 6964  storflt - ok
03:37:36.0214 6964  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
03:37:36.0241 6964  StorSvc - ok
03:37:36.0251 6964  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
03:37:36.0264 6964  storvsc - ok
03:37:36.0276 6964  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
03:37:36.0285 6964  swenum - ok
03:37:36.0313 6964  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
03:37:36.0352 6964  swprv - ok
03:37:36.0390 6964  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
03:37:36.0425 6964  SysMain - ok
03:37:36.0443 6964  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:37:36.0493 6964  TabletInputService - ok
03:37:36.0511 6964  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
03:37:36.0572 6964  TapiSrv - ok
03:37:36.0598 6964  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
03:37:36.0624 6964  TBS - ok
03:37:36.0686 6964  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
03:37:36.0738 6964  Tcpip - ok
03:37:36.0773 6964  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
03:37:36.0801 6964  TCPIP6 - ok
03:37:36.0815 6964  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
03:37:36.0840 6964  tcpipreg - ok
03:37:36.0853 6964  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
03:37:36.0872 6964  TDPIPE - ok
03:37:36.0891 6964  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
03:37:36.0926 6964  TDTCP - ok
03:37:36.0950 6964  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
03:37:37.0021 6964  tdx - ok
03:37:37.0039 6964  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
03:37:37.0047 6964  TermDD - ok
03:37:37.0074 6964  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
03:37:37.0113 6964  TermService - ok
03:37:37.0130 6964  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
03:37:37.0171 6964  Themes - ok
03:37:37.0195 6964  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
03:37:37.0236 6964  THREADORDER - ok
03:37:37.0241 6964  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
03:37:37.0278 6964  TrkWks - ok
03:37:37.0324 6964  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:37:37.0346 6964  TrustedInstaller - ok
03:37:37.0360 6964  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
03:37:37.0408 6964  tssecsrv - ok
03:37:37.0437 6964  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
03:37:37.0485 6964  tunnel - ok
03:37:37.0496 6964  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
03:37:37.0504 6964  uagp35 - ok
03:37:37.0523 6964  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
03:37:37.0593 6964  udfs - ok
03:37:37.0613 6964  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
03:37:37.0652 6964  UI0Detect - ok
03:37:37.0676 6964  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
03:37:37.0689 6964  uliagpkx - ok
03:37:37.0709 6964  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
03:37:37.0732 6964  umbus - ok
03:37:37.0748 6964  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
03:37:37.0760 6964  UmPass - ok
03:37:37.0783 6964  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
03:37:37.0811 6964  UmRdpService - ok
03:37:37.0825 6964  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
03:37:37.0872 6964  upnphost - ok
03:37:37.0905 6964  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
03:37:37.0958 6964  usbccgp - ok
03:37:37.0978 6964  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
03:37:38.0008 6964  usbcir - ok
03:37:38.0021 6964  [ 92969BA5AC44E229C55A332864F79677 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
03:37:38.0033 6964  usbehci - ok
03:37:38.0057 6964  [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
03:37:38.0068 6964  usbfilter - ok
03:37:38.0086 6964  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
03:37:38.0112 6964  usbhub - ok
03:37:38.0126 6964  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
03:37:38.0138 6964  usbohci - ok
03:37:38.0151 6964  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
03:37:38.0167 6964  usbprint - ok
03:37:38.0181 6964  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:37:38.0218 6964  USBSTOR - ok
03:37:38.0236 6964  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
03:37:38.0261 6964  usbuhci - ok
03:37:38.0281 6964  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
03:37:38.0322 6964  UxSms - ok
03:37:38.0329 6964  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
03:37:38.0342 6964  VaultSvc - ok
03:37:38.0353 6964  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
03:37:38.0366 6964  vdrvroot - ok
03:37:38.0395 6964  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
03:37:38.0434 6964  vds - ok
03:37:38.0444 6964  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
03:37:38.0459 6964  vga - ok
03:37:38.0471 6964  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
03:37:38.0527 6964  VgaSave - ok
03:37:38.0546 6964  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
03:37:38.0557 6964  vhdmp - ok
03:37:38.0573 6964  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
03:37:38.0580 6964  viaide - ok
03:37:38.0613 6964  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
03:37:38.0624 6964  vmbus - ok
03:37:38.0633 6964  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
03:37:38.0647 6964  VMBusHID - ok
03:37:38.0663 6964  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
03:37:38.0671 6964  volmgr - ok
03:37:38.0688 6964  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
03:37:38.0701 6964  volmgrx - ok
03:37:38.0734 6964  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
03:37:38.0761 6964  volsnap - ok
03:37:38.0782 6964  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
03:37:38.0797 6964  vsmraid - ok
03:37:38.0830 6964  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
03:37:38.0871 6964  VSS - ok
03:37:38.0888 6964  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
03:37:38.0897 6964  vwifibus - ok
03:37:38.0910 6964  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
03:37:38.0940 6964  W32Time - ok
03:37:38.0953 6964  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
03:37:38.0976 6964  WacomPen - ok
03:37:39.0018 6964  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
03:37:39.0086 6964  WANARP - ok
03:37:39.0090 6964  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
03:37:39.0121 6964  Wanarpv6 - ok
03:37:39.0182 6964  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
03:37:39.0236 6964  WatAdminSvc - ok
03:37:39.0259 6964  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
03:37:39.0326 6964  wbengine - ok
03:37:39.0386 6964  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
03:37:39.0461 6964  WbioSrvc - ok
03:37:39.0559 6964  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
03:37:39.0712 6964  wcncsvc - ok
03:37:39.0737 6964  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:37:39.0784 6964  WcsPlugInService - ok
03:37:39.0797 6964  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
03:37:39.0822 6964  Wd - ok
03:37:39.0850 6964  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
03:37:39.0882 6964  Wdf01000 - ok
03:37:39.0892 6964  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
03:37:39.0946 6964  WdiServiceHost - ok
03:37:39.0949 6964  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
03:37:39.0969 6964  WdiSystemHost - ok
03:37:40.0004 6964  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
03:37:40.0081 6964  WebClient - ok
03:37:40.0102 6964  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
03:37:40.0189 6964  Wecsvc - ok
03:37:40.0210 6964  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
03:37:40.0258 6964  wercplsupport - ok
03:37:40.0278 6964  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
03:37:40.0326 6964  WerSvc - ok
03:37:40.0356 6964  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
03:37:40.0380 6964  WfpLwf - ok
03:37:40.0397 6964  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
03:37:40.0405 6964  WIMMount - ok
03:37:40.0442 6964  WinDefend - ok
03:37:40.0445 6964  WinHttpAutoProxySvc - ok
03:37:40.0530 6964  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
03:37:40.0602 6964  Winmgmt - ok
03:37:40.0662 6964  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
03:37:40.0731 6964  WinRM - ok
03:37:40.0779 6964  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
03:37:40.0809 6964  WinUsb - ok
03:37:40.0844 6964  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
03:37:40.0890 6964  Wlansvc - ok
03:37:40.0899 6964  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
03:37:40.0926 6964  WmiAcpi - ok
03:37:40.0951 6964  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
03:37:40.0980 6964  wmiApSrv - ok
03:37:40.0997 6964  WMPNetworkSvc - ok
03:37:41.0014 6964  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
03:37:41.0044 6964  WPCSvc - ok
03:37:41.0056 6964  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
03:37:41.0099 6964  WPDBusEnum - ok
03:37:41.0103 6964  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
03:37:41.0148 6964  ws2ifsl - ok
03:37:41.0178 6964  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\system32\wscsvc.dll
03:37:41.0212 6964  wscsvc - ok
03:37:41.0220 6964  WSearch - ok
03:37:41.0288 6964  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
03:37:41.0341 6964  wuauserv - ok
03:37:41.0356 6964  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
03:37:41.0372 6964  WudfPf - ok
03:37:41.0404 6964  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
03:37:41.0435 6964  WUDFRd - ok
03:37:41.0457 6964  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
03:37:41.0472 6964  wudfsvc - ok
03:37:41.0500 6964  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
03:37:41.0523 6964  WwanSvc - ok
03:37:41.0551 6964  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
03:37:41.0593 6964  xusb21 - ok
03:37:41.0619 6964  ================ Scan global ===============================
03:37:41.0643 6964  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
03:37:41.0664 6964  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
03:37:41.0682 6964  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
03:37:41.0710 6964  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
03:37:41.0756 6964  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
03:37:41.0766 6964  [Global] - ok
03:37:41.0767 6964  ================ Scan MBR ==================================
03:37:41.0782 6964  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
03:37:42.0401 6964  \Device\Harddisk0\DR0 - ok
03:37:42.0402 6964  ================ Scan VBR ==================================
03:37:42.0407 6964  [ 07AB18EFFC61F18C8D267AE1C5C15E28 ] \Device\Harddisk0\DR0\Partition1
03:37:42.0411 6964  \Device\Harddisk0\DR0\Partition1 - ok
03:37:42.0446 6964  [ 42BABEBACE388762D844D6945D257901 ] \Device\Harddisk0\DR0\Partition2
03:37:42.0450 6964  \Device\Harddisk0\DR0\Partition2 - ok
03:37:42.0452 6964  ============================================================
03:37:42.0452 6964  Scan finished
03:37:42.0452 6964  ============================================================
03:37:42.0475 8272  Detected object count: 1
03:37:42.0475 8272  Actual detected object count: 1
03:38:05.0280 8272  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
03:38:05.0280 8272  FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 02.03.2013, 12:32   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Überall taucht Werbung auf! - Standard

Überall taucht Werbung auf!



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
--> Überall taucht Werbung auf!

Alt 02.03.2013, 13:40   #7
wango90
 
Überall taucht Werbung auf! - Standard

Überall taucht Werbung auf!



so problem ist weiterhinn da hab jetzt auch mal ein pic gemacht wie es mit der werbeanzeige in fb aussieht bei wunsch hänge ich es gern an oder lade es hoch

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Windows 7 Professional x64
Ran by Wango90 on 02.03.2013 at 12:56:36,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Wango90\AppData\Roaming\mozilla\firefox\profiles\s2xpq4a8.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.03.2013 at 13:01:23,08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
awdCleaner:
Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 02/03/2013 um 13:25:37 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Professional  (64 bits)
# Benutzer : Wango90 - WANGO90-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Wango90\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Wango90\AppData\Roaming\Mozilla\Firefox\Profiles\s2xpq4a8.default\jetpack

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\Wango90\AppData\Roaming\Mozilla\Firefox\Profiles\s2xpq4a8.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [5516 octets] - [28/02/2013 21:31:15]
AdwCleaner[S2].txt - [879 octets] - [02/03/2013 13:25:37]

########## EOF - C:\AdwCleaner[S2].txt - [938 octets] ##########
         
OTL:
Code:
ATTFilter
OTL logfile created on: 02.03.2013 13:31:36 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wango90\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,44% Memory free
7,99 Gb Paging File | 6,22 Gb Available in Paging File | 77,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1388,77 Gb Total Space | 1225,41 Gb Free Space | 88,24% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: WANGO90-PC | User Name: Wango90 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Wango90\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\SDL.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 C0 D6 2E D7 09 CE 01  [binary data]
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 23:17:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 23:17:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.20 19:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\Extensions
[2013.02.16 20:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\Firefox\Profiles\s2xpq4a8.default\extensions
[2013.02.16 18:30:59 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\firefox\profiles\s2xpq4a8.default\extensions\freehdsport@freehdsport.tv.xpi
[2013.01.19 16:35:28 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\firefox\profiles\s2xpq4a8.default\extensions\torntv@torntv.com.xpi
[2013.02.19 23:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.19 23:17:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [Akamai NetSession Interface] "C:\Users\Wango90\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{254C83CF-8C33-4842-93AF-592A0C7279AA}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.02 12:52:41 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Wango90\Desktop\JRT.exe
[2013.03.02 03:35:11 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Wango90\Desktop\tdsskiller.exe
[2013.03.02 03:17:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Wango90\Desktop\aswMBR.exe
[2013.03.02 03:03:05 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\mbar
[2013.03.01 16:32:40 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\Malwarebytes
[2013.03.01 16:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.01 16:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.01 16:32:26 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.01 16:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.01 16:32:14 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Local\Programs
[2013.02.28 23:04:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wango90\Desktop\OTL.exe
[2013.02.28 22:34:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.02.28 22:20:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.02.28 22:13:58 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\Wango90\Desktop\ComboFix.exe
[2013.02.28 22:02:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.28 22:02:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.28 22:02:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.28 21:59:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.28 21:58:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.28 21:48:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.28 21:47:46 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.27 16:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013.02.27 16:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2013.02.27 16:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO
[2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Documents\My ISO Files
[2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2013.02.26 12:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\OUTLAWS
[2013.02.23 13:57:20 | 000,000,000 | ---D | C] -- C:\Webzen
[2013.02.22 22:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetmarbleGlobal
[2013.02.22 22:07:48 | 000,000,000 | ---D | C] -- C:\NetmarbleGlobal
[2013.02.22 21:57:01 | 578,688,216 | ---- | C] (Acresso Software Inc.                                        ) -- C:\Users\Wango90\Desktop\netmarble_d187_v1003_ver2_full_xfire.exe
[2013.02.22 21:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.02.22 21:55:28 | 000,000,000 | ---D | C] -- C:\Users\Wango90\.swt
[2013.02.22 15:06:50 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Kollegah_und_Farid_Bang-Jung_Brutal_Gutaussehend_2-Premium_Edition-DE-2013-NOiR
[2013.02.22 03:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2013.02.22 02:53:51 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\vlc
[2013.02.22 02:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.02.22 02:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.02.22 02:40:16 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Neuer Ordner (4)
[2013.02.22 02:27:49 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Local\Shareaza
[2013.02.22 02:27:35 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\Shareaza
[2013.02.22 02:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shareaza
[2013.02.22 02:15:00 | 000,000,000 | ---D | C] -- C:\Users\Wango90\FrostWire
[2013.02.22 02:14:58 | 000,000,000 | ---D | C] -- C:\Users\Wango90\.frostwire5
[2013.02.19 23:17:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.16 20:36:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.02.16 18:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATDheNetTVApp.com
[2013.02.14 03:01:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 03:01:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 03:01:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 03:01:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 03:01:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 03:01:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 03:01:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 03:01:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 03:01:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 03:01:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 03:01:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 03:01:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 03:01:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 03:01:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 03:01:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 11:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.02.13 11:38:33 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 11:38:32 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 11:38:32 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 11:38:12 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.13 11:38:12 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.13 11:38:11 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.13 11:38:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.13 11:38:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.13 11:38:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 11:38:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 11:38:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.13 11:38:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 11:38:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 11:38:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.13 11:38:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.13 11:38:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 11:38:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.13 11:38:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.13 11:38:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.13 11:38:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.13 11:38:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.13 11:38:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.13 11:38:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 11:38:03 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.05 11:53:26 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Neuer Ordner (2)
[2013.02.05 11:51:45 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\ALLES
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.02 13:29:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.02 13:29:15 | 3218,202,624 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.02 13:24:43 | 000,594,019 | ---- | M] () -- C:\Users\Wango90\Desktop\adwcleaner.exe
[2013.03.02 13:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.02 12:52:42 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Wango90\Desktop\JRT.exe
[2013.03.02 03:35:12 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Wango90\Desktop\tdsskiller.exe
[2013.03.02 03:31:54 | 000,000,512 | ---- | M] () -- C:\Users\Wango90\Desktop\MBR.dat
[2013.03.02 03:18:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Wango90\Desktop\aswMBR.exe
[2013.03.01 17:02:13 | 000,000,914 | ---- | M] () -- C:\Users\Wango90\Desktop\kkk.csv
[2013.03.01 16:32:30 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 13:29:20 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.01 13:29:20 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.01 13:29:20 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.01 13:29:20 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.01 13:29:20 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.01 12:32:40 | 000,000,168 | ---- | M] () -- C:\Users\Wango90\defogger_reenable
[2013.03.01 12:32:25 | 000,050,477 | ---- | M] () -- C:\Users\Wango90\Desktop\Defogger.exe
[2013.02.28 23:04:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wango90\Desktop\OTL.exe
[2013.02.28 22:55:49 | 000,371,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.28 22:14:04 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\Wango90\Desktop\ComboFix.exe
[2013.02.28 21:32:30 | 000,009,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 21:32:30 | 000,009,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 12:50:45 | 000,172,835 | ---- | M] () -- C:\Users\Wango90\Desktop\tumblr_m8o6g0gkUp1r7wh28o1_1280.jpg
[2013.02.28 12:45:22 | 000,004,814 | ---- | M] () -- C:\Users\Wango90\Desktop\shisha_and_more.GIF
[2013.02.27 16:24:11 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2013.02.27 04:04:39 | 000,005,120 | ---- | M] () -- C:\Users\Wango90\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.26 23:08:48 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.26 23:08:48 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.22 22:07:01 | 578,688,216 | ---- | M] (Acresso Software Inc.                                        ) -- C:\Users\Wango90\Desktop\netmarble_d187_v1003_ver2_full_xfire.exe
[2013.02.22 16:49:30 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.02.22 16:49:30 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.22 13:15:00 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.02.22 02:53:16 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.13 11:39:27 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.02 13:24:42 | 000,594,019 | ---- | C] () -- C:\Users\Wango90\Desktop\adwcleaner.exe
[2013.03.02 03:31:54 | 000,000,512 | ---- | C] () -- C:\Users\Wango90\Desktop\MBR.dat
[2013.03.01 17:02:13 | 000,000,914 | ---- | C] () -- C:\Users\Wango90\Desktop\kkk.csv
[2013.03.01 16:32:30 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 12:32:40 | 000,000,168 | ---- | C] () -- C:\Users\Wango90\defogger_reenable
[2013.03.01 12:32:24 | 000,050,477 | ---- | C] () -- C:\Users\Wango90\Desktop\Defogger.exe
[2013.02.28 22:02:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.28 22:02:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.28 22:02:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.28 22:02:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.28 22:02:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.28 12:50:45 | 000,172,835 | ---- | C] () -- C:\Users\Wango90\Desktop\tumblr_m8o6g0gkUp1r7wh28o1_1280.jpg
[2013.02.28 12:45:17 | 000,004,814 | ---- | C] () -- C:\Users\Wango90\Desktop\shisha_and_more.GIF
[2013.02.27 16:24:11 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2013.02.23 02:22:55 | 000,005,120 | ---- | C] () -- C:\Users\Wango90\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.22 02:53:16 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.07 01:07:39 | 268,435,456 | ---- | C] () -- C:\Users\Wango90\Desktop\5589.nds
[2013.02.05 11:36:54 | 067,108,864 | ---- | C] () -- C:\Users\Wango90\Desktop\Pokémon Diamant Edition.nds
[2012.11.20 23:51:20 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.20 23:51:18 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.20 23:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.11.20 18:10:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\Wango90\Downloads:Shareaza.GUID

< End of report >
         
OTL Extra:
Code:
ATTFilter
OTL Extras logfile created on: 02.03.2013 13:31:36 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wango90\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,44% Memory free
7,99 Gb Paging File | 6,22 Gb Available in Paging File | 77,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1388,77 Gb Total Space | 1225,41 Gb Free Space | 88,24% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: WANGO90-PC | User Name: Wango90 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{CE3D965F-1E25-4D47-AFBE-7A90565C3B58}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office15\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CD3864-1F26-4D62-8BD0-F63BFCCB08C6}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{0AE888FC-957F-46CC-B92C-ABB3191D7137}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{0DF4ACF9-2463-4397-B3FD-1EDD00E46223}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{13BF4763-F92B-4845-BE7E-C5DE42A0D19E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{173C40E6-D43C-48E9-BCE5-5F8AB7CE98F5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{1A0B68CC-042C-41E9-8F84-8F82D733618E}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{23646371-714B-4CF5-B3C9-43A0BCEE86EF}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{23D5FCB8-447A-4A6B-86A0-DEE6DF9B4485}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{248DB0B8-F428-4D2A-B889-833EC3348D57}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe | 
"{27234DBF-1C2A-4048-AD86-A41E6ABE2B1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{2B5C9793-C0EC-46ED-BA2F-545F9259FB54}" = protocol=6 | dir=in | app=c:\webzen\arcticcombat\system\arcticcombat.exe | 
"{2F984ACB-C539-4245-A952-7C13531A782A}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal-de\_launcher.exe | 
"{33D68D35-15BB-404C-AAD6-498A4D0B6AD2}" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 13\game\fifa13.exe | 
"{3D8C6A59-EA1B-4AA9-B32A-5BE3B2B90152}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{45BF5F2D-17F3-474C-92D6-B58F998E4160}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{4BA22568-9A13-433E-A05C-07786ACB36FE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{4F94FF05-897F-45E1-B14B-506D18C0882F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{52728B53-FC91-4DE8-8CC5-D15C4A265B29}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe | 
"{5D464D61-35F6-4116-AF90-191A16612CA4}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro 2033\metro2033.exe | 
"{60856B82-5902-4512-BB7A-65DB9FD309D4}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"{65ED4986-291D-4183-9E4C-8B0438A26F78}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{6AC379CF-7EC1-4EC8-A698-31FC6F0CD156}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{73B06A35-3B1E-406C-B3CF-02A84525F5A1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{74350D88-16C2-460B-A2A1-4F0622ED4789}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{74BA5AEB-7CFC-4BC4-8663-7E185CA042A7}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | 
"{7B33B8FD-4268-45CA-B836-F8BEA1CCCD05}" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 13\game\fifa13.exe | 
"{7BDA9AED-2217-4EAA-8FA1-0E839960E540}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{8A3164CC-7AC1-4BFA-B70C-D96FD2430818}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | 
"{8E8BF489-06D0-4990-BD77-553200DBEEDF}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{8EF8EE83-AB78-4A3F-B82F-BD9FBEBA8F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"{A0AF8C91-E2C9-4A7C-B136-5390868221AD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{A1FE7794-9E33-4EED-9405-E13854F8E268}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | 
"{C8F1A035-EE5A-4B73-A9C5-8F892357710B}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | 
"{D73F21D7-B7A6-4293-B1FE-AB72F3826476}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{DC303069-7D0A-47A6-97F2-32E55C4FCF0D}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"{E6AE3CC4-DDFF-4BBD-8306-780EA465DA42}" = protocol=17 | dir=in | app=c:\webzen\arcticcombat\system\arcticcombat.exe | 
"{EF7DEDC6-D784-408A-8DC7-8EC5E61A78BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe | 
"{FD6EB6D2-4AEB-46AB-9C09-09C90E94D884}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe | 
"TCP Query User{075A59ED-600F-4F26-9065-35AC5797E3C4}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=6 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe | 
"TCP Query User{19314820-EC5B-4078-9986-F86C9BA8CD4D}C:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe | 
"TCP Query User{2320CBB0-E27F-4D01-9B53-7421EE6E62AB}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe | 
"TCP Query User{6BF4660E-7741-48CC-AA74-B1E56B129C98}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{ACA4FDC6-23CD-45DF-B258-F0841D65DB53}C:\users\wango90\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\wango90\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{BB9BA315-FE56-46B7-B401-EB7AA77B37F6}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe" = protocol=6 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe | 
"TCP Query User{DCE7D546-AB65-4B28-866E-917EA8C0195B}C:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=6 | dir=in | app=c:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe | 
"UDP Query User{048D149B-0377-47C3-B43A-0FF06A75C683}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe" = protocol=17 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_f787194a90b5ba90\launcher.exe | 
"UDP Query User{2A04A0F4-0ED0-43B7-A523-3338B8CCEE66}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{7A2AB41B-D70C-42E2-82D9-AEA77A7BC73C}C:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe" = protocol=17 | dir=in | app=c:\ubisoft\ghost recon online\pdc-live\ghostrecononline.exe | 
"UDP Query User{9CC25FBC-E637-4411-A698-473A6143E705}C:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\atdhenettvapp.com\atdhenettvapp.exe | 
"UDP Query User{A964C138-E72E-4879-A65E-8ABA25C3D8C6}C:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe" = protocol=17 | dir=in | app=c:\users\wango90\appdata\local\apps\2.0\o1mvxy83.trq\wrb4pnza.e8b\laun...app_59711684aa47878d_0001.001d_82c2447510b53390\launcher.exe | 
"UDP Query User{B3DB4DE3-0875-440F-9278-F7CB29BCFF3D}C:\users\wango90\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\wango90\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{B7B0C93B-4F82-4D3D-BCEE-799E62604BB8}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0407893F-352C-B182-E04A-A8C3333DA29B}" = AMD Drag and Drop Transcoding
"{065B40C5-5F4C-9CF1-7A21-2B2EAA74E44D}" = AMD Fuel
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5BA8D4F0-C15F-57FE-2B6C-C4AF214833CE}" = AMD Accelerated Video Transcoding
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2013
"{9064F37C-66B4-BAF2-E8A7-EDE5E72BB16D}" = AMD Media Foundation Decoders
"{9F0D08A0-5623-4EF6-A513-40048E20C4E0}" = AVG 2013
"{BECAA3A9-CC5A-615C-5FF5-F5261E153CF0}" = ccc-utility64
"{D9B7744C-1C39-49B8-86B3-F930631B4FE2}" = AVG 2013
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F436A08B-63BB-72A2-17C0-6D8E5182CA49}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{12E777A1-74B6-AD5A-D2CD-C792464E425B}" = CCC Help Turkish
"{2B8D8529-DA80-74D8-4898-DAA028746E08}" = CCC Help Korean
"{34E7E124-7AA8-1274-1BA2-90CBD7F6B708}" = CCC Help Thai
"{3C912BF1-73FE-B493-C7D6-04EBF14F57A2}" = CCC Help Portuguese
"{549FACD7-A5F5-6EA8-7A19-8F7E8CE282A7}" = Catalyst Control Center Localization All
"{5753C527-E2AA-2B8B-AFD1-D4325A0A44B4}" = CCC Help Chinese Standard
"{613C67FF-E71D-124A-6380-E0E77F9438F7}" = CCC Help Polish
"{632B73D1-C23A-0BD4-FBE2-175B680876A9}" = CCC Help Norwegian
"{659F48FB-0A8A-49A1-3FD2-C6F069C10893}" = Catalyst Control Center Graphics Previews Common
"{70CEC2B6-BE72-E9B1-D6B8-C1A3CA170D1F}" = Catalyst Control Center InstallProxy
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74A3C7EE-10A4-EA61-AC31-335E0500DE48}" = CCC Help English
"{77F94BE8-A504-352B-E873-FC78E5FA9CD7}" = CCC Help Japanese
"{79AAA7A5-6917-2C53-7FCB-C00B54602149}" = CCC Help Chinese Traditional
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0407-0000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-0000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-0000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-0000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-0000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-0000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-0000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-0000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-0000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00E1-0407-0000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-0000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{926E4789-8065-6F3B-9D9A-5E6AABA000BC}" = CCC Help Czech
"{9700C74F-1D07-FD53-6430-A858B34E30B7}" = CCC Help Russian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed (R) III
"{A0E64741-5C93-FCCD-6A90-248D3C92CAFA}" = CCC Help Greek
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A8D4FFA9-94CA-B0E4-7ED0-A7FD4DEDB106}" = CCC Help Hungarian
"{A9D5BCE3-6D8B-95B0-925F-F39BFAAB4177}" = CCC Help French
"{ABA15F5D-057C-2677-3C90-04838682F66B}" = CCC Help Dutch
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{ACC88BAA-D748-E9D9-3F72-B359EFD11912}" = CCC Help Swedish
"{D33CE733-2DE9-D582-9D35-323F9F79A1EB}" = CCC Help Italian
"{D67A9023-307F-B5A0-8621-5258D3FA9813}" = CCC Help German
"{D7D6CCD3-D9BD-EA92-288E-EFCBDE939FF5}" = AMD VISION Engine Control Center
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{EF666029-2EDF-C792-D438-34940ED13A46}" = CCC Help Finnish
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F38EF546-DCE4-E290-AB73-4C57A3AC70A0}" = CCC Help Danish
"{FE6A55DF-D79E-7469-37CC-3E7F08098FCA}" = CCC Help Spanish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DAEMON Tools Lite" = DAEMON Tools Lite
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"PunkBusterSvc" = PunkBuster Services
"SopCast" = SopCast 3.5.0
"Steam App 43110" = Metro 2033
"UltraISO_is1" = UltraISO Premium V9.53
"Uplay" = Uplay
"Wildlife Park 2 - Dino World_is1" = Wildlife Park 2 - Dino World v2.1
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"d8be6c3f847d7d92" = Ghost Recon Online
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.03.2013 08:29:24 | Computer Name = Wango90-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x80070005.
 
[ System Events ]
Error - 02.03.2013 08:29:21 | Computer Name = Wango90-PC | Source = amdsata | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\RaidPort0 gefunden.
 
Error - 02.03.2013 08:29:23 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
Error - 02.03.2013 08:29:35 | Computer Name = Wango90-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
 Fehlers fehlgeschlagen:   %%5
 
 
< End of report >
         

Alt 02.03.2013, 13:45   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Überall taucht Werbung auf! - Standard

Überall taucht Werbung auf!



Dann bitte jetzt CF ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.03.2013, 13:54   #9
wango90
 
Überall taucht Werbung auf! - Standard

Überall taucht Werbung auf!



ComboFix:
Code:
ATTFilter
ComboFix 13-03-01.01 - Wango90 02.03.2013  13:48:38.3.4 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.4092.2777 [GMT 1:00]
ausgeführt von:: c:\users\Wango90\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-02 bis 2013-03-02  ))))))))))))))))))))))))))))))
.
.
2013-03-02 12:51 . 2013-03-02 12:51	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-01 15:32 . 2013-03-01 15:32	--------	d-----w-	c:\users\Wango90\AppData\Roaming\Malwarebytes
2013-03-01 15:32 . 2013-03-01 15:32	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-01 15:32 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-01 15:32 . 2013-03-01 15:32	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-01 15:32 . 2013-03-01 15:32	--------	d-----w-	c:\users\Wango90\AppData\Local\Programs
2013-02-28 20:48 . 2013-02-28 20:48	--------	d-----w-	c:\windows\ERUNT
2013-02-28 20:47 . 2013-03-02 11:56	--------	d-----w-	C:\JRT
2013-02-27 15:50 . 2013-02-27 15:50	--------	d-----w-	c:\programdata\FLEXnet
2013-02-27 15:49 . 2013-02-27 15:49	--------	d-----w-	c:\program files (x86)\Common Files\Macrovision Shared
2013-02-27 15:24 . 2013-02-27 15:24	--------	d-----w-	c:\program files (x86)\UltraISO
2013-02-27 15:24 . 2013-02-27 15:24	--------	d-----w-	c:\program files (x86)\Common Files\EZB Systems
2013-02-26 11:51 . 2013-02-26 11:51	--------	d-----w-	c:\programdata\OUTLAWS
2013-02-23 12:57 . 2013-02-28 21:37	--------	d-----w-	C:\Webzen
2013-02-22 21:07 . 2013-02-23 00:07	--------	d-----w-	C:\NetmarbleGlobal
2013-02-22 20:56 . 2013-02-28 21:55	--------	d-----w-	c:\program files (x86)\Pando Networks
2013-02-22 20:55 . 2013-02-22 20:55	--------	d-----w-	c:\users\Wango90\.swt
2013-02-22 02:17 . 2013-02-22 23:42	--------	d-----w-	c:\programdata\eMule
2013-02-22 01:53 . 2013-02-25 10:36	--------	d-----w-	c:\users\Wango90\AppData\Roaming\vlc
2013-02-22 01:52 . 2013-02-22 01:52	--------	d-----w-	c:\program files\VideoLAN
2013-02-22 01:27 . 2013-02-22 01:27	--------	d-----w-	c:\users\Wango90\AppData\Local\Shareaza
2013-02-22 01:27 . 2013-02-28 21:46	--------	d-----w-	c:\users\Wango90\AppData\Roaming\Shareaza
2013-02-22 01:27 . 2013-02-28 21:46	--------	d-----w-	c:\program files (x86)\Shareaza
2013-02-22 01:15 . 2013-02-22 01:16	--------	d-----w-	c:\users\Wango90\FrostWire
2013-02-22 01:14 . 2013-02-22 01:23	--------	d-----w-	c:\users\Wango90\.frostwire5
2013-02-16 19:36 . 2013-02-16 19:36	--------	d-----w-	c:\windows\system32\appmgmt
2013-02-16 17:30 . 2013-02-18 09:29	--------	d-----w-	c:\program files (x86)\ATDheNetTVApp.com
2013-02-14 02:03 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 02:03 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 10:38 . 2013-01-05 05:57	5500776	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-26 22:08 . 2012-11-20 18:40	71024	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-26 22:08 . 2012-11-20 18:40	691568	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-22 15:49 . 2012-11-20 22:52	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-02-22 15:49 . 2012-11-20 22:51	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-02-22 12:15 . 2012-11-20 22:51	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-01-04 04:43 . 2013-02-13 10:38	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-20 12:15 . 2009-07-13 23:56	419840	----a-w-	c:\windows\system32\systemcpl.dll
2012-12-16 16:52 . 2012-12-22 02:01	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:40 . 2012-12-22 02:01	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:25 . 2012-12-22 02:01	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:25 . 2012-12-22 02:01	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-06 16:45 . 2012-11-20 22:51	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-11-20 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385] .. c:\windows\system32\user32.dll
.
[-] 2012-11-20 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\433767575943dacb697ee0558fc08c06\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-02-25 1602984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-02 642216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-20 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-11-20 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-02 240640]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-02 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-20 22:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:47	2322576	----a-w-	c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:47	2322576	----a-w-	c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:47	2322576	----a-w-	c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Wango90\AppData\Roaming\Mozilla\Firefox\Profiles\s2xpq4a8.default\
FF - ExtSQL: 2013-01-19 16:35; torntv@torntv.com; c:\users\Wango90\AppData\Roaming\Mozilla\Firefox\Profiles\s2xpq4a8.default\extensions\torntv@torntv.com.xpi
FF - ExtSQL: 2013-02-16 18:30; freehdsport@freehdsport.tv; c:\users\Wango90\AppData\Roaming\Mozilla\Firefox\Profiles\s2xpq4a8.default\extensions\freehdsport@freehdsport.tv.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Wango90\AppData\Local\Akamai\netsession_win.exe
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-02  13:52:57
ComboFix-quarantined-files.txt  2013-03-02 12:52
ComboFix2.txt  2013-02-28 21:20
ComboFix3.txt  2013-02-28 21:10
.
Vor Suchlauf: 16 Verzeichnis(se), 1.315.753.107.456 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 1.315.900.260.352 Bytes frei
.
- - End Of File - - 6CA878B0B5555A9E45E72E8D6C5707FE
         

Alt 03.03.2013, 17:29   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Überall taucht Werbung auf! - Standard

Überall taucht Werbung auf!



Code:
ATTFilter
2013-02-22 02:17 . 2013-02-22 23:42 d-----w- c:\programdata\eMule
2013-02-22 01:27 . 2013-02-28 21:46 d-----w- c:\program files (x86)\Shareaza
2013-02-22 01:15 . 2013-02-22 01:16 d-----w- c:\users\Wango90\FrostWire
         
Kann es sein, dass du es ein klein wenig mit Filesharing übertreibst?!
Dir sind die Gefahren des Filesharings bekannt? Was alles lädst du damit eigentlich?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.03.2013, 20:33   #11
wango90
 
Überall taucht Werbung auf! - Standard

Überall taucht Werbung auf!



die programme sind eigentlich schon deinstalliert hatte ich mir mal einfach so runtergeladen da die vom kumpel empfohlen wurden frostwire und emule hab ich auch nicht benutzt nur einmal shareeza aber auch nur für ca 2 std ansonsten wars das schon dass hatte ich auch um sogesehen eine größere datei vom kumpel zu empfangen da es mit rapidshare (ohne premium acc) zu lange dauern würde..

deswegen wunder ich mich auch dass die eigentlich noch da aufgelistet werden ich hab auch kein problem wenn du mit teamviewer dir selber einen blick verschaffen würdest

Alt 03.03.2013, 20:47   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Überall taucht Werbung auf! - Standard

Überall taucht Werbung auf!



Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.03.2013, 21:12   #13
wango90
 
Überall taucht Werbung auf! - Standard

Überall taucht Werbung auf!



OTL ist fertig
im übrigen krieg ich keine werbungen mehr weder im forum noch in fb noch in youtube oder woanders
nur bin ich nicht sicher ob das komplett bereinigt wurde.

Code:
ATTFilter
OTL logfile created on: 03.03.2013 21:05:20 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Wango90\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 66,21% Memory free
7,99 Gb Paging File | 5,61 Gb Available in Paging File | 70,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1388,77 Gb Total Space | 1224,49 Gb Free Space | 88,17% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: WANGO90-PC | User Name: Wango90 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Wango90\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\SDL.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (AODDriver4.2) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 37 C0 D6 2E D7 09 CE 01  [binary data]
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 23:17:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.19 23:17:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.11.20 19:27:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\Extensions
[2013.02.16 20:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\Firefox\Profiles\s2xpq4a8.default\extensions
[2013.02.16 18:30:59 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\firefox\profiles\s2xpq4a8.default\extensions\freehdsport@freehdsport.tv.xpi
[2013.01.19 16:35:28 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\Wango90\AppData\Roaming\mozilla\firefox\profiles\s2xpq4a8.default\extensions\torntv@torntv.com.xpi
[2013.02.19 23:17:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.02.19 23:17:46 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000 File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1912176476-229640534-1509025152-1000\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{254C83CF-8C33-4842-93AF-592A0C7279AA}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.02 13:52:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.02 12:52:41 | 000,547,491 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Wango90\Desktop\JRT.exe
[2013.03.02 03:35:11 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Wango90\Desktop\tdsskiller.exe
[2013.03.02 03:17:23 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Wango90\Desktop\aswMBR.exe
[2013.03.02 03:03:05 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\mbar
[2013.03.01 16:32:40 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\Malwarebytes
[2013.03.01 16:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.01 16:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.01 16:32:26 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.01 16:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.01 16:32:14 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Local\Programs
[2013.02.28 23:04:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wango90\Desktop\OTL.exe
[2013.02.28 22:13:58 | 005,035,876 | R--- | C] (Swearware) -- C:\Users\Wango90\Desktop\ComboFix.exe
[2013.02.28 22:02:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.02.28 22:02:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.02.28 22:02:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.02.28 21:59:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.02.28 21:58:33 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.02.28 21:48:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.02.28 21:47:46 | 000,000,000 | ---D | C] -- C:\JRT
[2013.02.27 16:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013.02.27 16:49:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2013.02.27 16:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO
[2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Documents\My ISO Files
[2013.02.27 16:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2013.02.26 12:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\OUTLAWS
[2013.02.23 13:57:20 | 000,000,000 | ---D | C] -- C:\Webzen
[2013.02.22 22:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetmarbleGlobal
[2013.02.22 22:07:48 | 000,000,000 | ---D | C] -- C:\NetmarbleGlobal
[2013.02.22 21:57:01 | 578,688,216 | ---- | C] (Acresso Software Inc.                                        ) -- C:\Users\Wango90\Desktop\netmarble_d187_v1003_ver2_full_xfire.exe
[2013.02.22 21:56:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013.02.22 21:55:28 | 000,000,000 | ---D | C] -- C:\Users\Wango90\.swt
[2013.02.22 15:06:50 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Kollegah_und_Farid_Bang-Jung_Brutal_Gutaussehend_2-Premium_Edition-DE-2013-NOiR
[2013.02.22 03:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2013.02.22 02:53:51 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\vlc
[2013.02.22 02:53:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.02.22 02:52:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.02.22 02:40:16 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Neuer Ordner (4)
[2013.02.22 02:27:49 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Local\Shareaza
[2013.02.22 02:27:35 | 000,000,000 | ---D | C] -- C:\Users\Wango90\AppData\Roaming\Shareaza
[2013.02.22 02:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shareaza
[2013.02.22 02:15:00 | 000,000,000 | ---D | C] -- C:\Users\Wango90\FrostWire
[2013.02.22 02:14:58 | 000,000,000 | ---D | C] -- C:\Users\Wango90\.frostwire5
[2013.02.19 23:17:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.02.16 20:36:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.02.16 18:30:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATDheNetTVApp.com
[2013.02.14 03:01:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 03:01:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 03:01:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 03:01:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 03:01:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 03:01:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 03:01:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 03:01:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 03:01:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 03:01:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 03:01:22 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 03:01:22 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 03:01:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 03:01:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 03:01:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.13 11:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.02.13 11:38:33 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.13 11:38:32 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.13 11:38:32 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.13 11:38:12 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.02.13 11:38:12 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.02.13 11:38:11 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.02.13 11:38:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.02.13 11:38:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.02.13 11:38:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.13 11:38:11 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.13 11:38:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.02.13 11:38:11 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.13 11:38:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.13 11:38:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.13 11:38:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.02.13 11:38:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.13 11:38:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.02.13 11:38:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.02.13 11:38:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.02.13 11:38:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.02.13 11:38:09 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.02.13 11:38:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.02.13 11:38:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.02.13 11:38:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.02.13 11:38:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.13 11:38:03 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.05 11:53:26 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\Neuer Ordner (2)
[2013.02.05 11:51:45 | 000,000,000 | ---D | C] -- C:\Users\Wango90\Desktop\ALLES
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.03 21:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.03 20:28:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.02 13:47:18 | 005,035,876 | R--- | M] (Swearware) -- C:\Users\Wango90\Desktop\ComboFix.exe
[2013.03.02 13:35:20 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.02 13:35:20 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.02 13:35:20 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.02 13:35:20 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.02 13:35:20 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.02 13:29:15 | 3218,202,624 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.02 13:24:43 | 000,594,019 | ---- | M] () -- C:\Users\Wango90\Desktop\adwcleaner.exe
[2013.03.02 12:52:42 | 000,547,491 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Wango90\Desktop\JRT.exe
[2013.03.02 03:35:12 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Wango90\Desktop\tdsskiller.exe
[2013.03.02 03:31:54 | 000,000,512 | ---- | M] () -- C:\Users\Wango90\Desktop\MBR.dat
[2013.03.02 03:18:41 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Wango90\Desktop\aswMBR.exe
[2013.03.01 17:02:13 | 000,000,914 | ---- | M] () -- C:\Users\Wango90\Desktop\kkk.csv
[2013.03.01 16:32:30 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 12:32:40 | 000,000,168 | ---- | M] () -- C:\Users\Wango90\defogger_reenable
[2013.03.01 12:32:25 | 000,050,477 | ---- | M] () -- C:\Users\Wango90\Desktop\Defogger.exe
[2013.02.28 23:04:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wango90\Desktop\OTL.exe
[2013.02.28 22:55:49 | 000,371,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.28 21:32:30 | 000,009,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 21:32:30 | 000,009,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.28 12:50:45 | 000,172,835 | ---- | M] () -- C:\Users\Wango90\Desktop\tumblr_m8o6g0gkUp1r7wh28o1_1280.jpg
[2013.02.28 12:45:22 | 000,004,814 | ---- | M] () -- C:\Users\Wango90\Desktop\shisha_and_more.GIF
[2013.02.27 16:24:11 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2013.02.27 04:04:39 | 000,005,120 | ---- | M] () -- C:\Users\Wango90\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.26 23:08:48 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.02.26 23:08:48 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.02.22 22:07:01 | 578,688,216 | ---- | M] (Acresso Software Inc.                                        ) -- C:\Users\Wango90\Desktop\netmarble_d187_v1003_ver2_full_xfire.exe
[2013.02.22 16:49:30 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.02.22 16:49:30 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.22 13:15:00 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.02.22 02:53:16 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.13 11:39:27 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.02 13:24:42 | 000,594,019 | ---- | C] () -- C:\Users\Wango90\Desktop\adwcleaner.exe
[2013.03.02 03:31:54 | 000,000,512 | ---- | C] () -- C:\Users\Wango90\Desktop\MBR.dat
[2013.03.01 17:02:13 | 000,000,914 | ---- | C] () -- C:\Users\Wango90\Desktop\kkk.csv
[2013.03.01 16:32:30 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.03.01 12:32:40 | 000,000,168 | ---- | C] () -- C:\Users\Wango90\defogger_reenable
[2013.03.01 12:32:24 | 000,050,477 | ---- | C] () -- C:\Users\Wango90\Desktop\Defogger.exe
[2013.02.28 22:02:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.02.28 22:02:04 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.02.28 22:02:04 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.02.28 22:02:04 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.02.28 22:02:04 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.28 12:50:45 | 000,172,835 | ---- | C] () -- C:\Users\Wango90\Desktop\tumblr_m8o6g0gkUp1r7wh28o1_1280.jpg
[2013.02.28 12:45:17 | 000,004,814 | ---- | C] () -- C:\Users\Wango90\Desktop\shisha_and_more.GIF
[2013.02.27 16:24:11 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2013.02.23 02:22:55 | 000,005,120 | ---- | C] () -- C:\Users\Wango90\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.02.22 02:53:16 | 000,000,871 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.07 01:07:39 | 268,435,456 | ---- | C] () -- C:\Users\Wango90\Desktop\5589.nds
[2013.02.05 11:36:54 | 067,108,864 | ---- | C] () -- C:\Users\Wango90\Desktop\Pokémon Diamant Edition.nds
[2012.11.20 23:51:20 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.11.20 23:51:18 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.20 23:32:40 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.11.20 18:10:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.28 02:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.09.28 02:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 13:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\Wango90\Downloads:Shareaza.GUID

< End of report >
         

Alt 03.03.2013, 21:35   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Überall taucht Werbung auf! - Standard

Überall taucht Werbung auf!



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
@Alternate Data Stream - 16 bytes -> C:\Users\Wango90\Downloads:Shareaza.GUID
[2013.03.02 03:31:54 | 000,000,512 | ---- | M] () -- C:\Users\Wango90\Desktop\MBR.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.03.2013, 21:48   #15
wango90
 
Überall taucht Werbung auf! - Standard

Überall taucht Werbung auf!



FIX ist fertig.
Falls der ganze vorgang mit dem bereinigen fertig ist hätte ich zum abschuluss noch zwei fragen bezüglich den prefetch und den temp ordnern wenn es hier reingehört

Code:
ATTFilter
All processes killed
========== OTL ==========
Unable to delete ADS C:\Users\Wango90\Downloads:Shareaza.GUID .
C:\Users\Wango90\Desktop\MBR.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Wango90\Desktop\cmd.bat deleted successfully.
C:\Users\Wango90\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Wango90
->Temp folder emptied: 432 bytes
->Temporary Internet Files folder emptied: 1666979446 bytes
->FireFox cache emptied: 419016539 bytes
->Flash cache emptied: 24636 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.989,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 03032013_213817

Files\Folders moved on Reboot...
C:\Users\Wango90\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Antwort

Themen zu Überall taucht Werbung auf!
4d36e972-e325-11ce-bfc1-08002be10318, adchoices, adobe, adobe flash player, adobe reader xi, akamai, autorun, avg, bho, explorer, fehler, firefox, flash player, format, helper, helper.exe, iexplore.exe, install.exe, mozilla, nodrives, problem, programme, realtek, registry, rundll, scan, svchost.exe, udp, viren, visual studio, werbung, windows



Ähnliche Themen: Überall taucht Werbung auf!


  1. Überall Werbung! Ein Virus?
    Plagegeister aller Art und deren Bekämpfung - 10.04.2015 (13)
  2. Windows Vista -64 Bit - Werbung, überall Werbung!
    Log-Analyse und Auswertung - 29.03.2015 (15)
  3. Überall taucht Werbung auf , weiß nicht was ich tun soll , liegt es an blockand surf ?
    Log-Analyse und Auswertung - 27.03.2015 (73)
  4. werbung taucht überall auf !
    Plagegeister aller Art und deren Bekämpfung - 16.03.2015 (8)
  5. Überall Werbung... Fenster öffnen sich automatisch mit werbung HILFE!!!
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (5)
  6. Pc langsam, überall Werbung, neue Fenster mit Werbung, Adblocker verschlimmerte alles
    Plagegeister aller Art und deren Bekämpfung - 14.11.2014 (3)
  7. Überall Werbung auf den Internetseiten
    Log-Analyse und Auswertung - 02.10.2014 (3)
  8. Windows explorer funktioniert erst nicht, dann taucht überall Werbung auf.
    Log-Analyse und Auswertung - 19.05.2014 (3)
  9. Werbung überall
    Log-Analyse und Auswertung - 13.04.2014 (1)
  10. Überall Werbung
    Plagegeister aller Art und deren Bekämpfung - 13.03.2014 (5)
  11. Internet-Überall Werbung
    Plagegeister aller Art und deren Bekämpfung - 03.03.2014 (1)
  12. Überall werbung im Browser
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (13)
  13. plötzlich überall werbung
    Mülltonne - 29.08.2013 (0)
  14. Werbung überall
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (9)
  15. Im Browser ist überall Werbung
    Plagegeister aller Art und deren Bekämpfung - 13.08.2013 (17)
  16. Pc langsam, überall Werbung
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (16)
  17. Werbung taucht plötzlich und ungewollt im IE auf!
    Log-Analyse und Auswertung - 23.11.2008 (1)

Zum Thema Überall taucht Werbung auf! - Hallo, ich hab seit einigen Tagen das Problem dass Werbung überall auftauch sei es auf Facebook in Youtube oder auch hier im Forum. Das ist immer so ein Mittelgroßes kästchen - Überall taucht Werbung auf!...
Archiv
Du betrachtest: Überall taucht Werbung auf! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.