Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.03.2013, 17:09   #1
Pupel
 
GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit - Standard

GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit



GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit!

Liebe Helfer, ich habe folgendes Problem:

Gestern Abend gegen 20.00 Uhr öffnete sich auf meinem Laptop ein Fenster, in welchem die "GVU" darauf hinweist, dass ich verschiedene Straftaten begangen habe, die strafrechtlich verfolgt werden, wenn ich nicht innerhalb von 48 Std. eine Geldbuße von 100 € zahle. Es gibt ein Feld für einen "paycard" Code, den ich durch Einlösung der 100 € an verschiedenen Stellen, wie z.B. Rossmann erhalten kann. Darunter ist eine Zeituhr, die stetig abläuft.
Weiter unten wird darauf hingewiesen, dass die Polizei alles auch bildlich verfolgt und festgehalten haben soll. Es ist die Webcam eingeschaltet, die mich zeigt, wie ich gerade diese Nachricht lese.
Das Fenster ist nicht zu minimieren oder zu schließen. Es heißt, dass alleine bei Versuch dieses zu tun, weitere Schritte eingeleitet werden.
Dieses Problem betrifft allerdings nur einen Benutzer. Der andere Benutzer, der auf meinem Laptop eingerichtet ist, funktioniert einwandfrei und zeigt keine Störungen. Von diesem habe ich mich auch hier angemeldet. Den Benutzer mit dem Trojaner kann ich jetzt zwar auswählen, es erscheint dann aber sofort wieder die GVU-Meldung.

Ich hoffe, mir kann geholfen werden! Lg, Pupel OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 3/2/2013 4:20:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Party\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 63.64% Memory free
8.00 Gb Paging File | 6.40 Gb Available in Paging File | 80.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 1.84 Gb Free Space | 2.47% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 151.63 Gb Free Space | 72.58% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Party | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/03/02 16:18:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Party\Downloads\OTL.exe
PRC - [2013/03/01 20:45:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/03/01 20:44:50 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/03/01 20:44:49 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/02/16 01:33:51 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2011/07/29 20:31:40 | 001,249,064 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2011/06/10 19:28:47 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/07/04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
PRC - [2010/02/18 17:57:36 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009/11/28 22:48:27 | 000,009,728 | ---- | M] () -- C:\Windows\SysWOW64\netset.exe
PRC - [2009/11/24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/11/12 19:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/09/25 18:24:36 | 000,174,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/08/17 18:58:46 | 006,859,392 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/06/19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 19:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2009/05/19 00:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/20 20:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/12/23 02:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 06:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2007/11/30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/02/16 01:34:12 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/07/04 22:32:36 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerHook.dll
MOD - [2010/07/04 20:51:26 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe
MOD - [2009/11/28 22:48:27 | 000,009,728 | ---- | M] () -- C:\Windows\SysWOW64\netset.exe
MOD - [2009/11/24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009/11/12 19:10:06 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007/11/30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009/10/02 04:38:17 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/09/29 17:32:31 | 000,570,632 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/09/29 17:32:29 | 000,917,768 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/09/29 16:57:23 | 000,838,528 | ---- | M] (Trend Micro Inc.) [Disabled | Stopped] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009/09/28 16:24:00 | 000,610,048 | ---- | M] (O&O Software GmbH) [Disabled | Stopped] -- C:\Program Files\OO Software\DriveLED\oodlag.exe -- (O&O DriveLED)
SRV:64bit: - [2009/09/17 20:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 09:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2013/03/01 20:45:29 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/03/01 20:44:50 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/02/16 01:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/07/29 20:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2011/07/27 12:06:44 | 000,267,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/06/10 19:28:47 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/09/15 02:03:42 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/06/16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/03/01 20:45:51 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/03/01 20:45:51 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/03/01 20:45:50 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/17 09:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 09:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 09:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 09:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/05/31 20:29:28 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/05/31 20:29:27 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/05/12 00:45:50 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/12/04 17:40:30 | 000,265,744 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2009/12/04 17:39:44 | 000,042,000 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2009/12/04 17:30:22 | 002,007,056 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vsapint.sys -- (vsapint)
DRV:64bit: - [2009/10/15 10:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/10/05 02:33:59 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/02 05:11:13 | 006,182,400 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/09/29 17:33:17 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/09/28 16:24:14 | 000,030,216 | ---- | M] (O&O Software GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\OODrvled.sys -- (OODrvled)
DRV:64bit: - [2009/08/21 07:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/12 04:38:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/07/20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/17 07:00:11 | 000,068,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/17 07:00:11 | 000,029,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 09:11:31 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/18 21:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 12:53:42 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/05/22 23:52:29 | 000,215,040 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 02:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/05/05 15:00:27 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/12/26 11:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:64bit: - [2008/12/08 16:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008/05/24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 20:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2010/07/04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/01 21:19:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/01 21:19:23 | 000,000,000 | ---D | M]
 
[2011/03/26 14:48:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Party\AppData\Roaming\mozilla\Extensions
[2013/03/01 21:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Party\AppData\Roaming\mozilla\Firefox\Profiles\ug619v0q.default\extensions
[2013/03/01 21:25:58 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Party\AppData\Roaming\mozilla\firefox\profiles\ug619v0q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/03/01 21:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/01 13:24:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/04/21 21:29:16 | 000,000,000 | ---D | M] (XhodBot) -- C:\Program Files (x86)\Mozilla Firefox\extensions\helloworld@xuldev.org
[2013/03/01 21:00:59 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de
[2013/02/16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2013/02/16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/02/16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013/02/16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013/02/16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013/02/16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - Extension: Docs = C:\Users\Party\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Party\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Party\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Party\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DealPly = C:\Users\Party\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Party\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Google Mail = C:\Users\Party\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [EeeStorageBackup] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [netset] C:\Windows\SysWOW64\netset.exe ()
O4 - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D63F860A-4641-43FE-833D-039F153F422A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/03/01 21:28:02 | 000,000,000 | ---D | C] -- C:\Users\Party\AppData\Local\Google
[2013/03/01 21:19:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/03/01 21:19:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/01 21:00:57 | 000,000,000 | ---D | C] -- C:\Users\Party\AppData\Roaming\QuickStoresToolbar
[2013/03/01 21:00:56 | 000,000,000 | ---D | C] -- C:\Users\Party\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2013/03/01 21:00:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2013/03/01 20:52:05 | 000,000,000 | ---D | C] -- C:\Users\Party\AppData\Roaming\Avira
[2013/03/01 20:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/03/01 20:47:58 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/01 20:47:58 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/01 20:47:57 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/01 20:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/03/01 20:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2008/08/12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/03/02 16:22:15 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 16:22:15 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 16:15:09 | 000,001,193 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
[2013/03/02 16:14:35 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/02 16:14:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/02 16:14:09 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/02 16:13:13 | 000,000,020 | ---- | M] () -- C:\Users\Party\defogger_reenable
[2013/03/02 15:55:35 | 095,023,320 | ---- | M] () -- C:\ProgramData\6106796.pad
[2013/03/02 15:52:54 | 000,001,515 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013/03/01 23:26:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/01 21:28:09 | 000,002,217 | ---- | M] () -- C:\Users\Party\Desktop\Google Chrome.lnk
[2013/03/01 21:19:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/01 21:14:40 | 000,002,092 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/03/01 21:00:59 | 000,000,186 | ---- | M] () -- C:\Users\Party\Desktop\QuickStores.url
[2013/03/01 20:59:16 | 000,802,113 | ---- | M] () -- C:\Users\Party\Desktop\Unlocker1.9.1.exe
[2013/03/01 20:48:15 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/03/01 20:45:51 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/01 20:45:51 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/01 20:45:50 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/01 20:42:03 | 002,086,240 | ---- | M] () -- C:\Users\Party\Desktop\avira_free_antivirus.exe
[2013/03/01 20:04:32 | 000,002,782 | ---- | M] () -- C:\ProgramData\6106796.js
[2013/03/01 20:04:32 | 000,000,153 | ---- | M] () -- C:\ProgramData\6106796.reg
[2013/03/01 20:04:32 | 000,000,062 | ---- | M] () -- C:\ProgramData\6106796.bat
[2013/02/14 14:26:53 | 000,450,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/03/02 16:13:13 | 000,000,020 | ---- | C] () -- C:\Users\Party\defogger_reenable
[2013/03/01 21:19:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/01 21:19:33 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/01 21:00:59 | 000,000,186 | ---- | C] () -- C:\Users\Party\Desktop\QuickStores.url
[2013/03/01 20:59:11 | 000,802,113 | ---- | C] () -- C:\Users\Party\Desktop\Unlocker1.9.1.exe
[2013/03/01 20:48:15 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013/03/01 20:41:58 | 002,086,240 | ---- | C] () -- C:\Users\Party\Desktop\avira_free_antivirus.exe
[2013/03/01 20:30:25 | 000,002,217 | ---- | C] () -- C:\Users\Party\Desktop\Google Chrome.lnk
[2013/03/01 20:04:32 | 000,002,782 | ---- | C] () -- C:\ProgramData\6106796.js
[2013/03/01 20:04:32 | 000,000,153 | ---- | C] () -- C:\ProgramData\6106796.reg
[2013/03/01 20:04:32 | 000,000,062 | ---- | C] () -- C:\ProgramData\6106796.bat
[2013/03/01 20:04:23 | 095,023,320 | ---- | C] () -- C:\ProgramData\6106796.pad
[2012/01/26 21:31:24 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/06/10 19:28:50 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/06/10 19:28:47 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/05/12 19:25:07 | 000,000,176 | ---- | C] () -- C:\Windows\SysWow64\msvcsv60.dll
[2011/05/12 19:25:07 | 000,000,176 | ---- | C] () -- C:\Windows\msocreg32.dat
[2011/04/05 11:01:05 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\netset.exe
[2010/11/27 20:18:16 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/17 16:35:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/18 17:39:16 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/04/08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008/05/22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010/07/31 13:33:47 | 000,000,000 | ---D | M] -- C:\Users\Party\AppData\Roaming\Asus WebStorage
[2011/12/14 00:14:07 | 000,000,000 | ---D | M] -- C:\Users\Party\AppData\Roaming\Opera
[2013/03/01 21:00:59 | 000,000,000 | ---D | M] -- C:\Users\Party\AppData\Roaming\QuickStoresToolbar
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 3/2/2013 4:20:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Party\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 63.64% Memory free
8.00 Gb Paging File | 6.40 Gb Available in Paging File | 80.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 1.84 Gb Free Space | 2.47% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 151.63 Gb Free Space | 72.58% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Party | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{136E69AA-E396-4CD9-ABCA-B15B6ECE8E1C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1457016E-5148-46DF-9B80-B95FDAC341C8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2BDFAD89-C6BE-47D7-A9A1-B60F11018BE8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3F07E423-5861-4EEA-BCA7-3A7F08EDC809}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{56C14B2A-E804-4467-9D0F-422515814271}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5D4F7F8C-0AFE-4D2F-BF00-B5D119AA43F4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{6AB14B2A-942E-4BC4-9CDD-7ECD338B365C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7E01EA05-EFD7-4877-A7BB-75BA5CB8F4FB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{851A230D-E63A-4DB6-A1C5-D482BBCBA6B2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C2EEECFB-B28A-4241-8F65-7968F936BFA3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EC97E72C-E261-4D9C-9836-ED54492A5B96}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F4F29DA5-42AE-4C82-97B3-911813E003A2}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{150457D2-A0B8-4027-8439-0C9C64B9EF3C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1B56D2A3-71ED-490B-800D-4242D2A05727}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{1CF42699-2462-4246-B8C2-F32DD17DF441}" = dir=out | app=%userprofile%\appdata\local\tversity\media server\mediaserver.exe | 
"{2AD8BC7D-BD64-47A1-9DA6-E649BF6D6CCD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2D9CB418-4105-4D70-AE49-2863230855EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{48409F46-F410-40F0-8F8F-2B97C24A7078}" = protocol=6 | dir=in | app=c:\users\tinchen\appdata\roaming\dropbox\bin\dropbox.exe | 
"{55D3457E-08B7-44F7-BB19-E12BF2BDA84D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{6A00B4D1-0990-4131-B8F4-2F0A338C3AB0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{76091CA0-6AB3-4B83-B4CF-53B19BC67156}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{88B04BB0-108A-4782-A768-FDE1E68A726C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{8BF639BF-53CA-4373-8813-2E0DC62251CE}" = dir=in | app=%userprofile%\appdata\local\tversity\media server\mediaserver.exe | 
"{95DCE11A-5F66-4AF6-9CED-40D579A11EF3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A92A6D96-1083-40BD-BF71-F307877071C1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AEA98F26-5CFD-4724-A2EF-CAD4077624D7}" = protocol=17 | dir=in | app=c:\users\tinchen\appdata\roaming\dropbox\bin\dropbox.exe | 
"{CACF52FA-40C8-4AF8-AB72-D4FB52E5DE34}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E040391C-052E-43CB-A14C-A6B3E963336E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E071D009-DFE2-4AA5-A407-88ED4A4D311E}" = dir=in | app=c:\programdata\tversity\media server\mediaserver.exe | 
"{F8B0F201-4873-480E-B3AE-2A10694E054D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{0A7CED18-2574-41F6-81B6-5F54DE05CB38}D:\spiele\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | 
"TCP Query User{1C48A356-8935-41FF-8E48-79CC471D538A}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{32A46E10-9820-4A8A-9AB7-737F63F5EDD0}C:\users\tinchen\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tinchen\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{3B43A724-BDB7-49D3-8CD0-F022A1685C40}C:\users\tinchen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\tinchen\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{63AE2403-2646-4A81-8960-7B89FEC309C2}D:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{C70F4A48-D770-4E41-954C-6D21AE7A049A}D:\spiele\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{D8486D3F-D8E7-4E59-941B-1E18690A85AD}D:\spiele\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=d:\spiele\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{5027812B-513D-44C9-9075-D3B13B89A68C}D:\spiele\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{5E0E7495-2382-4D67-9EB5-C8556150962A}C:\users\tinchen\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tinchen\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{8AC2B6E7-CE1F-450A-BC3A-F41A6CB2761D}C:\users\tinchen\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\tinchen\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{979C0E07-9B1D-404A-B951-C41AA98286D4}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"UDP Query User{D6D8B2BB-6111-483D-BBA9-B60B31316E29}D:\spiele\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{DC919156-556B-425F-82F2-EAF9D6EC84F7}D:\spiele\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\starcraft ii.exe | 
"UDP Query User{EC5C8140-2672-4F08-AB8A-60FD7E9E85F1}D:\spiele\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=d:\spiele\starcraft ii\versions\base19679\sc2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{53480150-81CB-4A86-B378-86B6F08AF80B}" = O&O DriveLED
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0028-0404-1000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0404-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Chinese (Traditional)) 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0408-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Greek) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-040D-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Hebrew) 2007
"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{90120000-002A-0816-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Portugal)) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B4F9E407-95F4-EAA4-B253-C1FE391E0A6C}" = ATI Catalyst Install Manager
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{FF8BC37A-2DFB-95B6-4F09-05C7304891F3}" = ccc-utility64
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"ASUS USB2.0 UVC VGA WebCam" = ASUS USB2.0 UVC VGA WebCam
"ASUS WebStorage" = ASUS WebStorage
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"EPSON SX100 Series" = Druckerdeinstallation für EPSON SX100 Series
"Explorer Suite_is1" = Explorer Suite III
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0058143E-0C1F-530B-C75D-4B4D272BA857}" = CCC Help Portuguese
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0C5D9A6B-FF26-9DD9-8CFE-6348C6216F90}" = Catalyst Control Center Graphics Full Existing
"{0E00E89C-D6C1-4736-CBE0-F97566641F2D}" = CCC Help Swedish
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1B75F827-8404-871C-908D-FE2841809879}" = ccc-core-static
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2582CC36-8FF2-37A4-E4DF-20D98AFC2FD2}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{29906EE7-6EDB-8336-4455-A65A5343EA49}" = CCC Help English
"{2F300A26-2149-4BE3-4E46-0244DE26243A}" = CCC Help Greek
"{37DBA48D-B4D0-FEFD-AC97-A3B02A41D7BD}" = CCC Help Finnish
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{423C4130-EBC3-410A-B3A0-37BBF9D607D5}" = T-RackS 3 Deluxe
"{455CD05F-2041-F120-992C-8B390FD902B9}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4C6F31F8-81E0-CFCE-DCF8-63D0179BE7E8}" = CCC Help Italian
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F5B18A3-E921-4FFE-BEF4-ACBB98964FC2}" = AMD USB Filter Driver
"{51B618BD-9DD2-BEDA-9CF3-EE7A7D574234}" = CCC Help French
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5C6BF318-B9A6-E5FC-6FED-BB010CA4879C}" = CCC Help Chinese Standard
"{5CF94DB3-AD09-8E75-6780-9CA707E16579}" = CCC Help Hungarian
"{5DB2F906-140A-E5A1-6CF8-7F8D4D84EE0A}" = CCC Help Korean
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C3496DF-CC4C-4CDE-87A1-8657619EE2D6}_is1" = Game Park Console
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7664A6B5-A117-67E2-E49A-AE7E4C64FDCE}" = Catalyst Control Center Graphics Full New
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{7F9975A8-C8FF-4C1F-A672-EC4591EB4F03}" = honestech Audio Recorder 2.0 Deluxe
"{81601299-AD02-403C-9A47-93C509FE2EC2}" = Catalyst Control Center - Branding
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81B9F470-8E68-C4EC-9E3C-DE176811887E}" = CCC Help Japanese
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110304260}" = Island Wars 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110413757}" = Smileyville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116864777}" = Piggly
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8C73B81B-2BBA-744F-2BDA-E2ACFA9E94AA}" = CCC Help Turkish
"{8EEE95B9-D3AD-C483-7F3E-BA643FF5A3FE}" = CCC Help Thai
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0408-0000-0000000FF1CE}" = Microsoft Office Access MUI (Greek) 2007
"{90120000-0015-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2007
"{90120000-0015-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0015-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0408-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Greek) 2007
"{90120000-0016-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2007
"{90120000-0016-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0408-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Greek) 2007
"{90120000-0018-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2007
"{90120000-0018-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0408-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Greek) 2007
"{90120000-0019-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2007
"{90120000-0019-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0408-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Greek) 2007
"{90120000-001A-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2007
"{90120000-001A-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0408-0000-0000000FF1CE}" = Microsoft Office Word MUI (Greek) 2007
"{90120000-001B-0408-0000-0000000FF1CE}_PROHYBRIDR_{F86B508B-F1A2-4841-B906-CDDA3A548A2A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2007
"{90120000-001B-040D-0000-0000000FF1CE}_PROHYBRIDR_{F328D99F-F535-4753-B2D4-3CD9603715F6}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_PROHYBRIDR_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_PROHYBRIDR_{26257879-B20D-4D30-A429-B387A4890929}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}_PROHYBRIDR_{F812A9CD-23C6-4BBC-B168-ED2C68B0F003}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROHYBRIDR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROHYBRIDR_{E4E8AF9E-0F8C-40E8-950A-CA40B7138049}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0408-0000-0000000FF1CE}" = Microsoft Office Proof (Greek) 2007
"{90120000-001F-0408-0000-0000000FF1CE}_PROHYBRIDR_{DB0C1C5A-7998-4B95-8BD5-ACACD18B0B53}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2007
"{90120000-001F-040D-0000-0000000FF1CE}_PROHYBRIDR_{51590837-F141-43A8-B0EC-AEF16F1CBE78}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROHYBRIDR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2007
"{90120000-001F-0419-0000-0000000FF1CE}_PROHYBRIDR_{EFE123B8-9F0A-4C50-A67B-0BADF3CB00DC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_PROHYBRIDR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_PROHYBRIDR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0816-0000-0000000FF1CE}_PROHYBRIDR_{C8246FCF-12F8-4212-BC89-6ED049BA2FB8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROHYBRIDR_{55F3B092-C18B-4E04-9E53-F794641B39F4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-1000-0000000FF1CE}_PROHYBRIDR_{490B52AE-965C-460C-9E0F-EE65C96F7AA1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0404-1000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0408-1000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040D-1000-0000000FF1CE}_PROHYBRIDR_{CA35966E-C879-49CB-A61C-B2EF26AE54B7}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0410-1000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0413-1000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0816-1000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0C0A-1000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0408-0000-0000000FF1CE}" = Microsoft Office Proofing (Greek) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0408-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Greek) 2007
"{90120000-006E-0408-0000-0000000FF1CE}_PROHYBRIDR_{58D10C7E-20DE-47F0-BAFA-37A870A625F9}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2007
"{90120000-006E-040D-0000-0000000FF1CE}_PROHYBRIDR_{CA35966E-C879-49CB-A61C-B2EF26AE54B7}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_PROHYBRIDR_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_PROHYBRIDR_{1D12BC91-360E-424C-97C4-813651313660}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}_PROHYBRIDR_{5E03E01D-304F-474D-B85F-06B2C9AE0583}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-0120-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{989D40A8-7162-415D-9DEB-BE2A7D56652A}" = Rift ALPHA patcher
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A0BC5BCD-893F-47F4-8903-FDC7CAC2AFB1}" = honestech Audio Recorder 2.0 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI
"{ADC7E65C-63C5-34EA-E1A9-A6F85D094CC9}" = Catalyst Control Center Graphics Previews Vista
"{AE5553AA-1429-5618-2B44-82C7B3DA6ACC}" = CCC Help Danish
"{B20B3F6C-F56A-EFED-F806-BCBAECF4D3A9}" = CCC Help German
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7D7704F-7B56-54D4-1E4F-165EC7ABC5A2}" = CCC Help Norwegian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C306FB81-7859-C9BB-7C63-5DCC53AD0706}" = CCC Help Russian
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C67AFDF7-9A23-2D8D-6CE1-4F13796118C9}" = CCC Help Czech
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E2364C90-B2EB-0B43-2462-07F6D4EA3BE0}" = CCC Help Chinese Traditional
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB4BB51C-88D4-5022-5CE9-47DF2A626F75}" = Catalyst Control Center Core Implementation
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F9FDA329-6CDA-BDBB-5B81-F5AF757BE969}" = Catalyst Control Center Localization All
"{FA9DA7C9-6CF8-25EB-87DE-E0411067E14C}" = CCC Help Dutch
"{FB74EE62-8513-682F-A55D-31B7A2205D2F}" = Catalyst Control Center Graphics Light
"{FCFEB590-8CCD-8171-69F4-EA19AEDD8A3A}" = CCC Help Spanish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Antares Autotune VST RTAS TDM_is1" = Antares Autotune VST RTAS TDM v5.08
"APB Reloaded" = APB Reloaded
"ASIO4ALL" = ASIO4ALL
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS_Screensaver" = ASUS_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlazeAudio WebEQ Trial" = WebEQ Trial
"bx_cleansweep V2_is1" = bx_cleansweep V2 2.0.2
"Die_Schoenheit_der_Parasiten_is1" = Die_Schoenheit_der_Parasiten
"EADM" = EA Download Manager
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"GamersFirst LIVE!" = GamersFirst LIVE!
"Google Chrome" = Google Chrome
"hon" = Heroes of Newerth
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Opera 12.14.1738" = Opera 12.14
"PartyPoker" = PartyPoker
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0
"REAPER" = REAPER
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Sonitus:fx Plugin Suite" = Sonitus:fx Plugin Suite
"Sonnox Oxford Inflator Native VST_is1" = Sonnox Oxford Inflator Native VST v1.5.1
"Sonnox Oxford Limiter Native VST_is1" = Sonnox Oxford Limiter Native VST v1.1.1
"Sonnox Oxford R3 Dynamics Native VST_is1" = Sonnox Oxford R3 Dynamics Native VST v1.3.1
"Sonnox Oxford R3 EQ Native VST_is1" = Sonnox Oxford R3 EQ Native VST v1.6.1
"Sonnox Oxford Reverb Native VST_is1" = Sonnox Oxford Reverb Native VST v1.0
"Sonnox Oxford TransMod Native VST_is1" = Sonnox Oxford TransMod Native VST v1.3.1
"StarCraft II" = StarCraft II
"StartNow Toolbar" = StartNow Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TVersity Codec Pack" = TVersity Codec Pack 1.7
"TVersity Media Server" = TVersity Media Server 1.9.7
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.7
"WaveLabPro" = WaveLab 6
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/28/2011 9:31:48 PM | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10/28/2011 9:46:34 PM | Computer Name = PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\zaG\AppData\Local\Temp\EADFFB2.exe".
 Fehler in Manifest- oder Richtliniendatei "c:\Users\zaG\AppData\Local\Temp\EADFFB2.exe"
 in Zeile 0.  Ungültige XML-Syntax.
 
Error - 10/28/2011 9:46:50 PM | Computer Name = PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\sepsearchhelperie.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 10/29/2011 7:39:12 PM | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10/30/2011 7:05:51 PM | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10/31/2011 4:06:45 PM | Computer Name = PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\zaG\AppData\Local\Temp\EADFFB2.exe".
 Fehler in Manifest- oder Richtliniendatei "c:\Users\zaG\AppData\Local\Temp\EADFFB2.exe"
 in Zeile 0.  Ungültige XML-Syntax.
 
Error - 10/31/2011 4:07:01 PM | Computer Name = PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\sepsearchhelperie.dll" in Zeile 2.  Ungültige XML-Syntax.
 
Error - 11/1/2011 11:03:09 AM | Computer Name = PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 11/1/2011 11:35:55 AM | Computer Name = PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Users\zaG\AppData\Local\Temp\EADFFB2.exe".
 Fehler in Manifest- oder Richtliniendatei "c:\Users\zaG\AppData\Local\Temp\EADFFB2.exe"
 in Zeile 0.  Ungültige XML-Syntax.
 
Error - 11/1/2011 11:36:01 AM | Computer Name = PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll". Fehler
 in Manifest- oder Richtliniendatei "c:\program files (x86)\microsoft\search enhancement
 pack\search helper\sepsearchhelperie.dll" in Zeile 2.  Ungültige XML-Syntax.
 
[ Media Center Events ]
Error - 5/27/2011 8:00:59 PM | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 02:00:56 - Fehler beim Herstellen der Internetverbindung.  02:00:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 5/27/2011 9:01:02 PM | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 03:01:02 - Fehler beim Herstellen der Internetverbindung.  03:01:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 5/27/2011 9:01:09 PM | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 03:01:07 - Fehler beim Herstellen der Internetverbindung.  03:01:07 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 5/27/2011 10:01:13 PM | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 04:01:13 - Fehler beim Herstellen der Internetverbindung.  04:01:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 5/27/2011 10:01:19 PM | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 04:01:18 - Fehler beim Herstellen der Internetverbindung.  04:01:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 5/27/2011 11:01:24 PM | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 05:01:24 - Fehler beim Herstellen der Internetverbindung.  05:01:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 5/27/2011 11:01:30 PM | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 05:01:29 - Fehler beim Herstellen der Internetverbindung.  05:01:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 10/25/2011 12:41:36 PM | Computer Name = PC | Source = MCUpdate | ID = 0
Description = 18:41:24 - Fehler beim Herstellen der Internetverbindung.  18:41:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/11/2011 3:53:00 PM | Computer Name = PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
Error - 1/17/2012 7:08:41 AM | Computer Name = PC | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description = 
 
[ System Events ]
Error - 3/1/2013 4:06:59 PM | Computer Name = PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
 Files (x86)\Unlocker\UnlockerDriver5.sys nicht geladen. Wenden Sie sich an den 
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
Error - 3/1/2013 4:06:59 PM | Computer Name = PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
 Files (x86)\Unlocker\UnlockerDriver5.sys nicht geladen. Wenden Sie sich an den 
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
Error - 3/1/2013 4:07:13 PM | Computer Name = PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
 Files (x86)\Unlocker\UnlockerDriver5.sys nicht geladen. Wenden Sie sich an den 
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
Error - 3/1/2013 4:07:13 PM | Computer Name = PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
 Files (x86)\Unlocker\UnlockerDriver5.sys nicht geladen. Wenden Sie sich an den 
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
Error - 3/1/2013 4:07:37 PM | Computer Name = PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
 Files (x86)\Unlocker\UnlockerDriver5.sys nicht geladen. Wenden Sie sich an den 
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
Error - 3/1/2013 4:07:37 PM | Computer Name = PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
 Files (x86)\Unlocker\UnlockerDriver5.sys nicht geladen. Wenden Sie sich an den 
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
Error - 3/1/2013 4:09:02 PM | Computer Name = PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
 Files (x86)\Unlocker\UnlockerDriver5.sys nicht geladen. Wenden Sie sich an den 
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
Error - 3/1/2013 4:09:02 PM | Computer Name = PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Program
 Files (x86)\Unlocker\UnlockerDriver5.sys nicht geladen. Wenden Sie sich an den 
Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
 
Error - 3/1/2013 4:15:40 PM | Computer Name = PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Media Player-Netzwerkfreigabedienst erreicht.
 
Error - 3/1/2013 4:15:40 PM | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
 
< End of report >
         
--- --- ---


GMER Logfile:
Code:
ATTFilter
GMER 2.1.19115 - hxxp://www.gmer.net
Rootkit scan 2013-03-02 16:44:46
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000063 Hitachi_ rev.PB3O 298,09GB
Running: gmer_2.1.19115.exe; Driver: C:\Users\Party\AppData\Local\Temp\fxldapow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000077721465 2 bytes [72, 77]
.text  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                * 2
.text  C:\Windows\SysWOW64\PnkBstrA.exe[872] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                             00000000749d1a22 2 bytes [9D, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[872] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                             00000000749d1ad0 2 bytes [9D, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[872] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                             00000000749d1b08 2 bytes [9D, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[872] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                             00000000749d1bba 2 bytes [9D, 74]
.text  C:\Windows\SysWOW64\PnkBstrA.exe[872] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                             00000000749d1bda 2 bytes [9D, 74]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!init_vlc_sparse + 217               000000006ad82671 4 bytes [C0, 2D, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!init_vlc_sparse + 232               000000006ad82680 4 bytes [C0, 2D, 60, 00]
.text  ...                                                                                                                                                * 7
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_get_chroma_sub_sample + 8   000000006ae63fa8 4 bytes [40, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_get_pix_fmt_name + 14       000000006ae63fd2 4 bytes [40, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_pix_fmt_string + 94         000000006ae64046 4 bytes [40, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_is_hwaccel_pix_fmt + 10          000000006ae6408a 4 bytes [47, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_fill_linesize + 36               000000006ae641b8 4 bytes [40, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_fill_linesize + 150              000000006ae6422a 4 bytes [4A, 31, 60, 00]
.text  ...                                                                                                                                                * 7
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_fill_pointer + 82                000000006ae643e6 4 bytes [46, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_fill_pointer + 138               000000006ae6441e 4 bytes [46, 31, 60, 00]
.text  ...                                                                                                                                                * 2
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avpicture_layout + 503              000000006ae64737 4 bytes [45, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avpicture_layout + 554              000000006ae6476a 4 bytes [46, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_get_pix_fmt_loss + 97       000000006ae64959 4 bytes [40, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_get_pix_fmt_loss + 108      000000006ae64964 4 bytes [40, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_find_best_pix_fmt + 57      000000006ae64af9 4 bytes [45, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_find_best_pix_fmt + 91      000000006ae64b1b 4 bytes [44, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_get_plane_bytewidth + 122        000000006ae64cf2 4 bytes [45, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!av_picture_copy + 352               000000006ae64e6c 4 bytes [46, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!av_picture_copy + 567               000000006ae64f43 4 bytes [45, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!av_picture_crop + 68                000000006ae65614 4 bytes [40, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!av_picture_pad + 617                000000006ae658e1 4 bytes [40, 31, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_ivi_create_huff_from_desc + 209  000000006ae7d195 4 bytes [C0, 2D, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_ivi_create_huff_from_desc + 342  000000006ae7d21a 4 bytes [C0, 2D, 60, 00]
.text  ...                                                                                                                                                * 5
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_estimate_p_frame_motion + 996    000000006aeb9754 4 bytes [C0, 2B, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_rle_encode + 734                 000000006af4aff6 4 bytes [C1, 2B, 60, 00]
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!ff_rle_encode + 931                 000000006af4b0bb 4 bytes [C0, 2B, 60, 00]
.text  ...                                                                                                                                                * 2
.text  C:\ProgramData\TVersity\Media Server\MediaServer.exe[3004] C:\ProgramData\TVersity\Media Server\avcodec-52.dll!avcodec_align_dimensions + 21       000000006afb4965 4 bytes [45, 31, 60, 00]
.text  C:\Windows\AsScrPro.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                              0000000077721465 2 bytes [72, 77]
.text  C:\Windows\AsScrPro.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                             00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                * 2
.text  C:\Users\Party\Downloads\OTL.exe[3540] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69                                                     0000000077721465 2 bytes [72, 77]
.text  C:\Users\Party\Downloads\OTL.exe[3540] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155                                                    00000000777214bb 2 bytes [72, 77]
.text  ...                                                                                                                                                * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                             0x7C 0x6E 0x7D 0x20 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                               
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                    0x00 0x00 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                    0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                 0x7C 0x6E 0x7D 0x20 ...

---- EOF - GMER 2.1 ----
         
--- --- ---

Alt 03.03.2013, 11:26   #2
t'john
/// Helfer-Team
 
GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit - Standard

GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

SRV - [2011/07/27 12:06:44 | 000,267,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar) 
O4 - HKLM..\Run: [Setwallpaper] c:\ProgramData\SetWallpaper.cmd File not found 
[2013/03/02 15:55:35 | 095,023,320 | ---- | M] () -- C:\ProgramData\6106796.pad 
[2013/03/01 20:04:32 | 000,002,782 | ---- | M] () -- C:\ProgramData\6106796.js 
[2013/03/01 20:04:32 | 000,000,153 | ---- | M] () -- C:\ProgramData\6106796.reg 
[2013/03/01 20:04:32 | 000,000,062 | ---- | M] () -- C:\ProgramData\6106796.bat 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Party\*.tmp
C:\Users\Party\AppData\*.dll
C:\Users\Party\AppData\*.exe
C:\Users\Party\AppData\Local\Temp\*.exe
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________

__________________

Alt 03.03.2013, 18:21   #3
Pupel
 
GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit - Standard

GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit



All processes killed
========== OTL ==========
Service Updater Service for StartNow Toolbar stopped successfully!
Service Updater Service for StartNow Toolbar deleted successfully!
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Setwallpaper deleted successfully.
C:\ProgramData\6106796.pad moved successfully.
C:\ProgramData\6106796.js moved successfully.
C:\ProgramData\6106796.reg moved successfully.
C:\ProgramData\6106796.bat moved successfully.
========== FILES ==========
C:\ProgramData\FullRemove.exe moved successfully.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\Party\*.tmp not found.
File\Folder C:\Users\Party\AppData\*.dll not found.
File\Folder C:\Users\Party\AppData\*.exe not found.
C:\Users\Party\AppData\Local\Temp\QuickStores_Unlocker.exe moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Party\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Party\Downloads\cmd.bat deleted successfully.
C:\Users\Party\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 68222 bytes

User: Mcx2-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 104750 bytes

User: Party
->Temp folder emptied: 69753977 bytes
->Temporary Internet Files folder emptied: 92484589 bytes
->FireFox cache emptied: 97183373 bytes
->Google Chrome cache emptied: 877831 bytes
->Opera cache emptied: 21379140 bytes
->Flash cache emptied: 4461 bytes

User: Public

User: Tinchen
->Temp folder emptied: 121732487 bytes
->Temporary Internet Files folder emptied: 261576806 bytes
->Java cache emptied: 784370 bytes
->Flash cache emptied: 23574 bytes

User: zaG
->Temp folder emptied: 2549695726 bytes
->Temporary Internet Files folder emptied: 83010407 bytes
->Java cache emptied: 1993517 bytes
->FireFox cache emptied: 56458311 bytes
->Google Chrome cache emptied: 5990572 bytes
->Opera cache emptied: 1158739 bytes
->Flash cache emptied: 3215505 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 72285908 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,281.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03032013_180755

Files\Folders moved on Reboot...
C:\Users\Party\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.03.03.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Party :: PC [Administrator]

Schutz: Aktiviert

03.03.2013 18:26:53
mbam-log-2013-03-03 (18-26-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 505681
Laufzeit: 1 Stunde(n), 28 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\Tinchen\6976016.dll (Spyware.Zbot.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\zaG\Downloads\Cryptload 1.1.8\Cryptload 1.1.8\Cryptload1.1.8\router\FRITZ!Box\nc.exe (PUP.Netcat) -> Erfolgreich gelöscht und in Quarantäne gestellt.
D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1000\$RZPXPWT\KEYGEN\keygen.exe (Malware.Packer.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Tinchen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk (Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 03/03/2013 um 20:06:21 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Party - PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Party\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Party\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\Party\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Datei Gelöscht : C:\Users\Party\Desktop\QuickStores.url
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\Party\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gelöscht : C:\Users\Party\AppData\Roaming\QuickStoresToolbar
Ordner Gelöscht : C:\Users\Tinchen\AppData\Local\Winamp Toolbar
Ordner Gelöscht : C:\Users\Tinchen\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Tinchen\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Tinchen\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\zaG\AppData\Roaming\Mozilla\Firefox\Profiles\mdj10ict.default\WinampToolbarData
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\StartNow Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0 (de)

Datei : C:\Users\zaG\AppData\Roaming\Mozilla\Firefox\Profiles\mdj10ict.default\prefs.js

C:\Users\zaG\AppData\Roaming\Mozilla\Firefox\Profiles\mdj10ict.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "Winamp Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir[...]
Gelöscht : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2685&invocati[...]
Gelöscht : user_pref("winamp_toolbar.buttons.layout", "skins_btn_wa;plugins_btn_wa;shout_btn_wa;video_btn_wa;ai[...]
Gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.12.1");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "21");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "3");
Gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2010");
Gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "21");
Gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "21");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "4");
Gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "4");
Gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "6");
Gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2010");
Gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", false);
Gelöscht : user_pref("winamp_toolbar.search.searchtype", "web");
Gelöscht : user_pref("winamp_toolbar.search.source", "tb50ffwinamp");
Gelöscht : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
Gelöscht : user_pref("winamp_toolbar.winamp.appversion", "1");
Gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
Gelöscht : user_pref("winamp_toolbar.winamp.title", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Gelöscht : user_pref("winamp_toolbar.winamp.tracktime", "-999999");

Datei : C:\Users\Party\AppData\Roaming\Mozilla\Firefox\Profiles\ug619v0q.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v25.0.1364.97

Datei : C:\Users\zaG\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Party\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v12.14.1738.0

Datei : C:\Users\zaG\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

Datei : C:\Users\Party\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [7826 octets] - [03/03/2013 20:06:21]

########## EOF - C:\AdwCleaner[S1].txt - [7886 octets] ##########
         
--- --- ---

Vielen Dank schon einmal für die schnelle Antwort!
__________________

Alt 04.03.2013, 14:04   #4
t'john
/// Helfer-Team
 
GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit - Standard

GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit



Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Mfg, t'john
Das TB unterstützen

Alt 04.03.2013, 20:45   #5
Pupel
 
GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit - Standard

GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit



Dankeschön!

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-04 20:21:56
-----------------------------
20:21:56.492 OS Version: Windows x64 6.1.7601 Service Pack 1
20:21:56.492 Number of processors: 2 586 0x602
20:21:56.492 ComputerName: PC UserName:
20:21:57.569 Initialize success
20:32:21.860 AVAST engine defs: 13030400
20:33:26.694 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000062
20:33:26.694 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 11
20:33:26.710 Disk 0 MBR read successfully
20:33:26.725 Disk 0 MBR scan
20:33:26.725 Disk 0 Windows VISTA default MBR code
20:33:26.725 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 14997 MB offset 2048
20:33:26.756 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 30716280
20:33:26.756 Disk 0 Partition - 00 0F Extended LBA 213935 MB offset 186996600
20:33:26.772 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 213935 MB offset 186996663
20:33:26.803 Disk 0 scanning C:\Windows\system32\drivers
20:33:38.909 Service scanning
20:34:12.137 Modules scanning
20:34:12.137 Disk 0 trace - called modules:
20:34:12.667 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
20:34:12.667 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80048f0060]
20:34:12.667 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> [0xfffffa80047968a0]
20:34:12.683 5 amdxata.sys[fffff880010bb917] -> nt!IofCallDriver -> \Device\00000062[0xfffffa8004792550]
20:34:13.900 AVAST engine scan C:\Windows
20:34:16.755 AVAST engine scan C:\Windows\system32
20:37:30.930 AVAST engine scan C:\Windows\system32\drivers
20:37:44.800 AVAST engine scan C:\Users\Party
20:38:34.985 AVAST engine scan C:\ProgramData
20:43:36.489 Scan finished successfully
20:43:59.952 Disk 0 MBR has been saved successfully to "C:\Users\Party\Desktop\MBR.dat"
20:43:59.952 The log file has been saved successfully to "C:\Users\Party\Desktop\aswMBR.txt"


Alt 05.03.2013, 13:03   #6
t'john
/// Helfer-Team
 
GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit - Standard

GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit



Und der Rest?
__________________
--> GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit

Alt 05.03.2013, 14:17   #7
Pupel
 
GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit - Standard

GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit



ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=94b3a743784d614db71b257d418b9e78
# engine=13297
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-04 09:49:57
# local_time=2013-03-04 10:49:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=513 16777086 100 97 40435860 198219687 0 0
# compatibility_mode=1799 16775165 100 96 13156 270449 5920 0
# compatibility_mode=5893 16776574 100 94 279010 114063647 0 0
# scanned=230069
# found=4
# cleaned=0
# scan_time=7264
sh=5A2AA93AE730A83E008D633C34D8D36AC277D0F8 ft=1 fh=b0d3bf736b11e1fb vn="a variant of Win32/Agent.TYU trojan" ac=I fn="C:\Windows\System32\netset.exe"
sh=5A2AA93AE730A83E008D633C34D8D36AC277D0F8 ft=1 fh=b0d3bf736b11e1fb vn="a variant of Win32/Agent.TYU trojan" ac=I fn="C:\Windows\SysWOW64\netset.exe"
sh=248FBE58501F0D11F47D96A70B8E130FF43339ED ft=0 fh=0000000000000000 vn="JS/Agent.NID trojan" ac=I fn="C:\_OTL\MovedFiles\03032013_180755\C_ProgramData\6106796.js"
sh=6276F390A7013814D21A2C86E2CDE726DE9DD673 ft=1 fh=4e01f83b5f9d4dcd vn="Win32/Packed.VMProtect.D trojan" ac=I fn="D:\Spiele\Anno 1404\keygen.exe"

Results of screen317's Security Check version 0.99.59
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Trend Micro Internet Security
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.70.0.1100
Java(TM) 6 Update 22
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (19.0)
Google Chrome 25.0.1364.152
Google Chrome 25.0.1364.97
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Alt 05.03.2013, 16:19   #8
t'john
/// Helfer-Team
 
GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit - Standard

GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL

O4 - HKLM..\Run: [netset] C:\Windows\SysWOW64\netset.exe () 

:Files 
C:\Windows\System32\netset.exe
D:\Spiele\Anno 1404\
D:\$RECYCLE.BIN\
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.03.2013, 20:43   #9
Pupel
 
GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit - Standard

GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit



All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\netset deleted successfully.
C:\Windows\SysWOW64\netset.exe moved successfully.
========== FILES ==========
File\Folder C:\Windows\System32\netset.exe not found.
D:\Spiele\Anno 1404\tools folder moved successfully.
D:\Spiele\Anno 1404\support\addon folder moved successfully.
D:\Spiele\Anno 1404\support folder moved successfully.
D:\Spiele\Anno 1404\Resources\us folder moved successfully.
D:\Spiele\Anno 1404\Resources\uk folder moved successfully.
D:\Spiele\Anno 1404\Resources\nl folder moved successfully.
D:\Spiele\Anno 1404\Resources\it folder moved successfully.
D:\Spiele\Anno 1404\Resources\fr folder moved successfully.
D:\Spiele\Anno 1404\Resources\es folder moved successfully.
D:\Spiele\Anno 1404\Resources\de folder moved successfully.
D:\Spiele\Anno 1404\Resources folder moved successfully.
D:\Spiele\Anno 1404\Original folder moved successfully.
Folder move failed. D:\Spiele\Anno 1404\maindata scheduled to be moved on reboot.
D:\Spiele\Anno 1404\data\system\shaders\fxo\Benchmark folder moved successfully.
D:\Spiele\Anno 1404\data\system\shaders\fxo folder moved successfully.
D:\Spiele\Anno 1404\data\system\shaders folder moved successfully.
D:\Spiele\Anno 1404\data\system folder moved successfully.
D:\Spiele\Anno 1404\data\graphics\ui\mousepointer folder moved successfully.
D:\Spiele\Anno 1404\data\graphics\ui folder moved successfully.
D:\Spiele\Anno 1404\data\graphics folder moved successfully.
D:\Spiele\Anno 1404\data\config\game folder moved successfully.
D:\Spiele\Anno 1404\data\config folder moved successfully.
D:\Spiele\Anno 1404\data folder moved successfully.
D:\Spiele\Anno 1404\crashdumps folder moved successfully.
D:\Spiele\Anno 1404\bin\miles folder moved successfully.
D:\Spiele\Anno 1404\bin folder moved successfully.
D:\Spiele\Anno 1404\addon folder moved successfully.
Folder move failed. D:\Spiele\Anno 1404 scheduled to be moved on reboot.
D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-500 folder moved successfully.
D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1004 folder moved successfully.
D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1003 folder moved successfully.
Folder move failed. D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1000\$RZPXPWT\RSE 2 (SoundBank) scheduled to be moved on reboot.
D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1000\$RZPXPWT\PROGRAM folder moved successfully.
D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1000\$RZPXPWT\KEYGEN folder moved successfully.
Folder move failed. D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1000\$RZPXPWT scheduled to be moved on reboot.
Folder move failed. D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1000 scheduled to be moved on reboot.
D:\$RECYCLE.BIN\S-1-5-20 folder moved successfully.
Folder move failed. D:\$RECYCLE.BIN scheduled to be moved on reboot.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Party\Downloads\cmd.bat deleted successfully.
C:\Users\Party\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx2-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Party
->Temp folder emptied: 77790077 bytes
->Temporary Internet Files folder emptied: 982708 bytes
->FireFox cache emptied: 33001898 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 617 bytes

User: Public

User: Tinchen
->Temp folder emptied: 149758 bytes
->Temporary Internet Files folder emptied: 174341 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: zaG
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28390 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 107.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03052013_202815

Files\Folders moved on Reboot...
D:\Spiele\Anno 1404\maindata folder moved successfully.
D:\Spiele\Anno 1404 folder moved successfully.
Folder move failed. D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1000\$RZPXPWT\RSE 2 (SoundBank) scheduled to be moved on reboot.
Folder move failed. D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1000\$RZPXPWT\RSE 2 (SoundBank) scheduled to be moved on reboot.
Folder move failed. D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1000\$RZPXPWT scheduled to be moved on reboot.
Folder move failed. D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1000\$RZPXPWT\RSE 2 (SoundBank) scheduled to be moved on reboot.
Folder move failed. D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1000\$RZPXPWT scheduled to be moved on reboot.
Folder move failed. D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1000 scheduled to be moved on reboot.
Folder move failed. D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1004 scheduled to be moved on reboot.
Folder move failed. D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1000\$RZPXPWT\RSE 2 (SoundBank) scheduled to be moved on reboot.
Folder move failed. D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1000\$RZPXPWT scheduled to be moved on reboot.
Folder move failed. D:\$RECYCLE.BIN\S-1-5-21-3829702116-1787333050-835832023-1000 scheduled to be moved on reboot.
Folder move failed. D:\$RECYCLE.BIN scheduled to be moved on reboot.
C:\Users\Party\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org

Database version: v2013.03.05.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Party :: PC [administrator]

05.03.2013 21:22:10
mbar-log-2013-03-05 (21-22-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31748
Time elapsed: 11 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Alt 05.03.2013, 23:23   #10
t'john
/// Helfer-Team
 
GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit - Standard

GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit



Mit zwei aktiven Virenscannern erreichst du genau das Gegenteil: sie blockieren sich gegenseitig.

Entscheide dich fuer eines und deinstalliere den anderen.


Alles Windows Updates einspielen, inkl. Internet Explorer!
http://windowsupdate.microsoft.com



Aktualisiere:

Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)


Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die .exe-Datei
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 15 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck
__________________
Mfg, t'john
Das TB unterstützen

Alt 06.03.2013, 22:18   #11
Pupel
 
GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit - Standard

GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit



PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 19.0 ist aktuell

Flash 10,3,183,7 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version!

Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader 11,0,2,0 ist aktuell.

PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 19.0 ist aktuell

Flash 10,3,183,7 ist veraltet!
Aktualisieren Sie bitte auf die neueste Version!

Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader 11,0,2,0 ist aktuell.

Alt 07.03.2013, 19:23   #12
t'john
/// Helfer-Team
 
GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit - Standard

GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit



Sehr gut!

damit bist Du sauber und entlassen!

adwCleaner entfernen

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Uninstall.
  • Bestätige mit Ja.




Tool-Bereinigung mit OTL


Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.


Zurücksetzen der Sicherheitszonen

Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen.
Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html


Systemwiederherstellungen leeren

Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein:
Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7
Danach wieder aktivieren.



Lektuere zum abarbeiten:
http://www.trojaner-board.de/90880-d...tallation.html
http://www.trojaner-board.de/105213-...tellungen.html
PluginCheck
http://www.trojaner-board.de/96344-a...-rechners.html
Secunia Online Software Inspector
http://www.trojaner-board.de/71715-k...iendungen.html
http://www.trojaner-board.de/83238-a...sschalten.html
http://www.trojaner-board.de/109844-...ren-seite.html
PC wird immer langsamer - was tun?
__________________
Mfg, t'john
Das TB unterstützen

Alt 07.03.2013, 21:12   #13
Pupel
 
GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit - Standard

GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit



Vielen vielen Dank!

Alt 08.03.2013, 17:49   #14
t'john
/// Helfer-Team
 
GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit - Standard

GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit



wuensche eine virnfreie Zeit
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit
100 € geldstrafe, 48 std. zeit, andere benutzer, bingbar, code, dealply, erhalte, fenster, folgendes, funktioniert, geleitet, gvu-trojaner, helfer, innerhalb, install.exe, laptop, malware.packer.gen, nachricht, office 2007, polizei, problem, pup.netcat, richtlinie, schließe, spyware.zbot.ed, stelle, trojan.ransom.sugen, vdeck.exe, verschiedene, verschiedenen, webcam



Ähnliche Themen: GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit


  1. Windows 8.1 / langsam + bricht von Zeit zu Zeit ab, wie wenn die Festplatte kaputt wäre (u. a.)
    Plagegeister aller Art und deren Bekämpfung - 14.09.2015 (19)
  2. Kryptogeld: Geldstrafe für Macher von Mining-Malware
    Nachrichten - 30.06.2015 (0)
  3. 100€ Geldstrafe und 48 Stunden Zeit/Virus
    Log-Analyse und Auswertung - 23.09.2014 (5)
  4. Internet geht von Zeit zu Zeit nicht mehr richtig
    Plagegeister aller Art und deren Bekämpfung - 13.02.2014 (17)
  5. Vista 64bit System lagt von Zeit zu Zeit ohne ersichtlichen Grund - Als wenn Systemzugriff von außen stattfindet
    Plagegeister aller Art und deren Bekämpfung - 24.10.2013 (9)
  6. GVU Trojaner hat Windows 7 gesperrt - Webcam - paysafecard oder ukash - Trojaner-Board
    Plagegeister aller Art und deren Bekämpfung - 26.06.2013 (3)
  7. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 19.05.2013 (10)
  8. GVU Trojaner mit webcam
    Log-Analyse und Auswertung - 20.12.2012 (24)
  9. GUV Trojaner mit Webcam
    Log-Analyse und Auswertung - 16.12.2012 (14)
  10. GVU Trojaner mit Webcam
    Log-Analyse und Auswertung - 12.12.2012 (2)
  11. GVU-Trojaner mit Webcam
    Log-Analyse und Auswertung - 11.09.2012 (9)
  12. GVU Webcam Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (7)
  13. GVU-BKA Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 17.07.2012 (14)
  14. GVU Aufforderung zur Zahlung einer Geldstrafe
    Log-Analyse und Auswertung - 14.07.2012 (1)
  15. GVU Trojaner Webcam
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  16. GVU Trojaner mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 22.06.2012 (2)
  17. PC gesperrt wegen Besuchen pornografischer Seiten - Androhung von Geldstrafe
    Log-Analyse und Auswertung - 13.05.2012 (1)

Zum Thema GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit - GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit! Liebe Helfer, ich habe folgendes Problem: Gestern Abend gegen 20.00 Uhr öffnete sich auf meinem Laptop ein Fenster, in welchem die "GVU" - GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit...
Archiv
Du betrachtest: GVU-Trojaner, 100 € Geldstrafe, WebCam, 48 Std. Zeit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.