Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: search.searchonme.com entfernen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.03.2013, 16:05   #1
Slava105
 
search.searchonme.com entfernen - Standard

search.searchonme.com entfernen



Liebes Trojanerboard,

seit einiger Zeit habe ich das Problem, dass wenn ich bei Firefox eine Adresse ohne die Endung ".de, .com" o.Ä. eingebe, ich nicht wie ich es normalerweise gewohnt bin zu google weitergeleitet werde, sondern auf die Seite hxxp://search.searchonme.com/

Wenn ich also z.B. auf Amazon gehen möchte und dabei in die Adressleiste nur "amazon" eintippe, komme ich auf die Seite "hxxp://search.searchonme.com/?l=1&q=amazon"

Ich habe schon etwas gegooglet und dabei herausgefunden, dass searchonme so eine Arte "Umleitungsvirus" zu Englisch "redirect virus" ist. Leider habe ich es bis jetzt nicht geschafft dieses zu entfernen und bin deshalb auf eure Hilfe angewiesen!

Alt 14.03.2013, 17:29   #2
M-K-D-B
/// TB-Ausbilder
 
search.searchonme.com entfernen - Standard

search.searchonme.com entfernen






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.





Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).
  • Starte bitte die OTL.exe.
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
  • Setze einen Haken bei Scanne alle Benutzer.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
msconfig
CREATERESTOREPOINT
         
  • Schließe bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Scan Button.
  • Am Ende des Suchlaufs werden 2 Logdateien erstellt.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread





Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 3
Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.






Bitte poste mit deiner nächsten Antwort
  • die beiden Logdateien von OTL,
  • die Logdatei von DeFogger,
  • die Logdatei von GMER.
__________________

__________________

Alt 14.03.2013, 22:10   #3
Slava105
 
search.searchonme.com entfernen - Standard

search.searchonme.com entfernen



Vielen Dank für die sehr schnelle Antwort! Hier die gewünschten Logs:

OTL:

Code:
ATTFilter
OTL logfile created on: 14.03.2013 20:54:32 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Slava\Desktop\Security
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,93 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,73% Memory free
15,85 Gb Paging File | 13,45 Gb Available in Paging File | 84,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 37,89 Gb Free Space | 31,80% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 71,61 Mb Free Space | 71,61% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 18,09 Gb Free Space | 3,88% Space Free | Partition Type: NTFS
 
Computer Name: SLAVA-LAPTOP | User Name: Slava | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.26 13:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013.01.06 02:30:29 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.25 17:33:34 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2012.10.19 14:13:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Slava\Desktop\Security\OTL.exe
PRC - [2012.04.17 16:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012.04.10 18:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe
PRC - [2012.01.12 14:52:57 | 000,296,232 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012.01.12 14:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012.01.12 14:52:55 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2011.12.22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
PRC - [2011.07.21 15:49:10 | 005,716,608 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2011.07.18 15:11:42 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.10.07 14:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.06.19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.12.22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007.11.30 10:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.10 18:18:26 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtGui4.dll
MOD - [2012.04.10 18:18:24 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtScript4.dll
MOD - [2012.04.10 18:18:22 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtSql4.dll
MOD - [2012.04.10 18:18:20 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtCore4.dll
MOD - [2012.04.10 18:18:20 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtNetwork4.dll
MOD - [2012.04.10 18:18:18 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtDeclarative4.dll
MOD - [2011.04.20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\imageformats\qgif4.dll
MOD - [2007.11.30 10:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.06.11 18:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.14 21:08:30 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeccoms.exe -- (lxec_device)
SRV:64bit: - [2010.04.14 21:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2013.03.13 18:22:54 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 12:59:13 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.05 16:24:44 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.02.26 13:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.06 02:30:29 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.25 17:33:34 | 000,384,888 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012.10.25 17:33:14 | 000,393,080 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012.04.10 18:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe -- (AVP)
SRV - [2012.01.12 14:52:57 | 000,296,232 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012.01.12 14:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012.01.12 14:52:55 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2011.12.22 19:11:20 | 000,818,952 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.11.0)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.12.28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Programme\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010.11.30 12:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV - [2010.04.14 21:08:23 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2010.04.14 21:08:12 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeccoms.exe -- (lxec_device)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.11.02 11:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2009.06.15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.15 02:38:20 | 000,040,712 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012.11.02 14:31:27 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.15 11:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2012.06.24 15:13:00 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.06.11 19:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.06.11 17:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.06.02 19:16:15 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 20:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.05.03 10:46:04 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010.04.21 14:47:50 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.03.05 11:19:46 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.03.02 15:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.01.25 06:09:36 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010.01.25 06:09:34 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010.01.25 06:09:24 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010.01.25 06:09:22 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2009.11.02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.11.02 11:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.09.17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.08.07 04:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.20 16:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.13 08:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012.10.25 17:33:26 | 000,071,032 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2012.01.11 21:57:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/06/02 20:49:37] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.10.27 07:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.searchonme.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.searchonme.com/?l=1&q={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 14 87 BF C0 8A CC 01  [binary data]
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\..\SearchScopes,DefaultScope = {9E6DB2CB-496F-4EB9-9EAB-3804730EEF11}
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\..\SearchScopes\{9E6DB2CB-496F-4EB9-9EAB-3804730EEF11}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = hxxp://search.searchonme.com/?l=1&q={searchTerms}
IE - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SearchOnMe"
FF - prefs.js..browser.search.defaultenginename,S: S", "SearchOnMe"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.searchonme.com/?l=1&q="
FF - prefs.js..browser.search.order.1: "SearchOnMe"
FF - prefs.js..browser.search.order.1,S: S", "SearchOnMe"
FF - prefs.js..browser.search.selectedEngine,S: S", "SearchOnMe"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/feed/subscriptions/u | facebook.com | forum.schwabensturm02.net | ebay.de | hxxp://www.gamestar.de/gewinnspiele/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "hxxp://search.searchonme.com/?l=1&q="
FF - prefs.js..network.proxy.ftp: "46.137.17.166"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "46.137.17.166"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "46.137.17.166"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "46.137.17.166"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Slava\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Slava\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru [2012.06.09 09:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru [2012.06.09 09:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.09 09:41:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 12:59:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 12:59:10 | 000,000,000 | ---D | M]
 
[2011.10.14 23:32:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\Extensions
[2013.03.14 15:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Slava\AppData\Roaming\mozilla\Firefox\Profiles\bz8joakp.default\extensions
[2013.03.08 12:59:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 12:59:09 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2013.03.08 12:59:09 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
[2013.03.08 12:59:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.09 05:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2012.06.23 08:38:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 13:11:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.23 08:38:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 08:38:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 08:38:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 08:38:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: SearchOnMe (Enabled)
CHR - default_search_provider: search_url = hxxp://search.searchonme.com/?l=1&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://search.searchonme.com/?l=1&q={searchTerms}
CHR - homepage: hxxp://search.searchonme.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Slava\AppData\Local\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Slava\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Slava\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.486_0\plugin/npVKPlugin.dll
CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.486_0\plugin/npUrlAdvisor.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Slava\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.486_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.486_0\
CHR - Extension: WOT = C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Extensions\nphjeokkkbngjpiofnfpnafjeofjomfb\2.11.7_0\
 
O1 HOSTS File: ([2012.11.08 14:34:45 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-526365458-2449696219-1328568343-1001\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\pcapui.exe File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-526365458-2449696219-1328568343-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-526365458-2449696219-1328568343-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Download all links using BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Download link using &BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Download all links using BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Download link using &BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ie_banner_deny.htm ()
O8 - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0530377B-4FF1-48E5-AF07-6FF7DC8F38D8}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0cb2f596-142d-11e1-88cf-74f06da847bd}\Shell - "" = AutoRun
O33 - MountPoints2\{0cb2f596-142d-11e1-88cf-74f06da847bd}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{e3f74625-f6bd-11e0-933f-74f06da847bd}\Shell - "" = AutoRun
O33 - MountPoints2\{e3f74625-f6bd-11e0-933f-74f06da847bd}\Shell\AutoRun\command - "" = G:\setup_alan_wake_american_nightmare_1.0.0.13.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.14 14:46:55 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{AA6ACA60-2BE4-44C9-97D5-9BC069D94990}
[2013.03.13 07:36:50 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{01CC7C1E-814E-4A4A-96BC-82C7CC641D6D}
[2013.03.12 13:12:38 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{C490EC28-E2B6-44CB-9390-621B8B2C1F03}
[2013.03.11 15:37:35 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{E5F9BD3A-A56D-4A76-9482-76AC267D0DDE}
[2013.03.10 11:59:07 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{A1587F1D-726C-49AB-BA6D-0E818049683A}
[2013.03.09 12:48:44 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{00E9EB86-4B2B-4C6E-A7FF-E47C1165D771}
[2013.03.08 12:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.08 12:48:19 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{6FCC91EB-270F-4305-BD05-40180209FD4E}
[2013.03.07 23:29:12 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{6B826AE7-A5F1-4A95-806A-68447C9DDDDB}
[2013.03.07 11:28:49 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{77BEA6B5-891E-433A-A791-D2C1A5D8D037}
[2013.03.07 00:38:16 | 000,000,000 | ---D | C] -- C:\Users\Slava\Desktop\Doping im Sport
[2013.03.06 13:50:10 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{368DC30C-D6D9-42EF-8856-A28F739DD384}
[2013.03.05 13:36:59 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{C78A9CD2-BB3B-40F3-80EC-38734E9BB191}
[2013.03.04 21:25:32 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{56A57542-A7D4-4A3E-98E3-D847FDE90D64}
[2013.03.04 08:02:02 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{970CB124-FC71-44C7-82C4-13B82DE6DF6F}
[2013.03.03 13:19:54 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{BA5B78A0-F4BC-452A-A185-75AB6DB81128}
[2013.03.02 12:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013.03.02 12:13:26 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{7560F835-1304-40A5-81B3-FE4214133E46}
[2013.03.01 13:23:32 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{064E463A-9E1F-4E3E-B63B-220810C7F0DB}
[2013.02.28 19:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\Proxy Labs
[2013.02.28 13:48:14 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{9E025639-E8E9-4A4D-8F9E-C3CD330C0EBE}
[2013.02.27 22:02:04 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013.02.27 22:02:03 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013.02.27 22:02:03 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013.02.27 22:02:03 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013.02.27 22:02:00 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013.02.27 22:02:00 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013.02.27 22:01:57 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013.02.27 22:01:57 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 22:01:57 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013.02.27 22:01:57 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 22:01:57 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013.02.27 22:01:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 22:01:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013.02.27 22:01:57 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 22:01:57 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013.02.27 22:01:56 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013.02.27 22:01:56 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013.02.27 22:01:56 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013.02.27 22:01:56 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013.02.27 22:01:56 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013.02.27 22:01:56 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013.02.27 22:01:56 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013.02.27 22:01:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 22:01:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013.02.27 22:01:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 22:01:56 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013.02.27 22:01:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 22:01:56 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013.02.27 22:01:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 22:01:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013.02.27 22:01:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 22:01:56 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013.02.27 22:01:55 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.02.27 22:01:55 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.02.27 22:01:55 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013.02.27 22:01:55 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013.02.27 22:01:54 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013.02.27 22:01:54 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013.02.27 22:01:54 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013.02.27 22:01:53 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013.02.27 22:01:53 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.02.27 19:14:36 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{1A9A0904-DA2F-439F-AF3B-0D7DA514B682}
[2013.02.27 07:06:39 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{9102BD6F-D7C1-40B7-82B5-390B86BDF8B8}
[2013.02.26 11:44:16 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{072B3740-9078-48C7-B547-711A0FF1E8C1}
[2013.02.25 13:37:33 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Raptr
[2013.02.25 13:36:39 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Roaming\Raptr
[2013.02.25 13:36:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Raptr
[2013.02.25 13:19:40 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{6727B974-EE81-403F-8210-B426FA7B8DFC}
[2013.02.24 12:57:54 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{5F8C2727-0712-432D-8C1F-3EE47C371BB0}
[2013.02.23 16:16:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.02.23 16:13:33 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{28F79B7C-4314-4021-BD1E-62AF4D673BF2}
[2013.02.22 14:02:41 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{13208DD7-048A-44A0-9F88-A82CEAD2C95D}
[2013.02.21 12:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet (64-bit)
[2013.02.21 12:11:16 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{A7B78326-DDFF-4EBD-9888-8CC620B18883}
[2013.02.21 08:58:21 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{710B0859-E691-4DE7-9F0C-E2E7837121C5}
[2013.02.21 01:47:04 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{4F02C8EF-2928-453B-A6AF-EB6C43770099}
[2013.02.20 13:39:19 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{C100BC30-8B0E-4F17-853B-BA39D906AC23}
[2013.02.20 13:36:47 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{F5D14930-A481-46D9-90FC-6AB97DFF8129}
[2013.02.19 11:57:35 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{25DED173-5A71-4039-A89F-81889909E51F}
[2013.02.18 20:26:59 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{F99DAED4-9DBD-488F-9119-24C7FA723B43}
[2013.02.18 08:26:36 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{8543FCEF-2EFC-4F91-86EB-1B79BA8648E1}
[2013.02.17 15:06:09 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{156A85EF-68D1-43AA-8BDD-5CD3427F4B23}
[2013.02.16 15:47:15 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{457BD5B4-D402-4889-A1A4-0CE96A498B0C}
[2013.02.15 22:44:11 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.15 22:44:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.15 22:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.15 13:46:36 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{3EC1D749-42DC-4988-A5AB-3F612E14787C}
[2013.02.14 22:39:46 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{94486ADB-7094-4A03-823A-FE2EDD7ED666}
[2013.02.14 15:20:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.02.14 15:20:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.02.14 15:20:27 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.02.14 15:20:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.02.14 15:20:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.02.14 15:20:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.02.14 15:20:27 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.02.14 15:20:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.02.14 15:20:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.02.14 15:20:27 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.02.14 15:20:27 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.02.14 15:20:26 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.02.14 15:20:25 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.02.14 15:20:25 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.02.14 15:20:25 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.02.14 09:22:23 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{FD300390-9F83-46C2-BCB0-560F2D21BF47}
[2013.02.14 09:19:07 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.02.14 09:19:07 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.02.14 09:19:06 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.02.14 09:19:02 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.02.14 09:19:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.02.14 09:19:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.02.14 09:19:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.02.14 09:19:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.02.14 09:19:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.02.14 09:19:00 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013.02.13 23:49:29 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{31BA761C-C2D9-407A-BFA7-80B631AE0B07}
[2013.02.13 09:52:21 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{F34FE84F-57F4-4D66-89AC-529361FE4DFB}
[2013.02.13 07:07:46 | 000,000,000 | ---D | C] -- C:\Users\Slava\AppData\Local\{ED79B00F-8916-4B18-B35E-CB210AF70428}
[1 C:\Users\Slava\Desktop\*.tmp files -> C:\Users\Slava\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.14 20:48:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-526365458-2449696219-1328568343-1001UA.job
[2013.03.14 20:28:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.14 20:28:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.14 20:28:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.14 17:39:24 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.14 15:48:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-526365458-2449696219-1328568343-1001Core.job
[2013.03.14 14:48:15 | 000,023,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.14 14:48:15 | 000,023,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.14 14:43:15 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013.03.14 14:42:24 | 2088,144,895 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.13 18:22:53 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 18:22:53 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.12 22:52:17 | 001,613,412 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.12 22:52:17 | 000,697,098 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.12 22:52:17 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.12 22:52:17 | 000,148,362 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.12 22:52:17 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.12 13:52:38 | 842,220,137 | ---- | M] () -- C:\Users\Slava\Desktop\Californication.s06e09.720p.hdtv.x264-2hd.mkv
[2013.03.12 12:26:37 | 000,049,345 | ---- | M] () -- C:\Users\Slava\Desktop\Californication.S06E09.720p.HDTV.x264-2HD.VO.srt
[2013.03.11 19:26:07 | 000,029,323 | ---- | M] () -- C:\Users\Slava\Desktop\The.Walking.Dead.S03E13.720p.HDTV.x264-EVOLVE.VO-TV4U&SC.srt
[2013.03.11 03:36:49 | 1413,292,242 | ---- | M] () -- C:\Users\Slava\Desktop\The.Walking.Dead.S03E13.720p.HDTV.x264-EVOLVE.mkv
[2013.03.10 18:23:55 | 001,717,014 | ---- | M] () -- C:\Users\Slava\Desktop\Erdkunde Harlem Shake.mp4
[2013.03.10 13:35:54 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.03.04 07:00:50 | 005,111,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.27 14:22:10 | 037,508,105 | ---- | M] () -- C:\Users\Slava\Desktop\Im Radio ist ein Küken.mp4
[2013.02.24 20:17:49 | 106,068,373 | ---- | M] () -- C:\Users\Slava\Desktop\JuliensBlog - ANALyse.mp4
[1 C:\Users\Slava\Desktop\*.tmp files -> C:\Users\Slava\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.03.12 22:47:36 | 1413,292,242 | ---- | C] () -- C:\Users\Slava\Desktop\The.Walking.Dead.S03E13.720p.HDTV.x264-EVOLVE.mkv
[2013.03.12 13:34:30 | 842,220,137 | ---- | C] () -- C:\Users\Slava\Desktop\Californication.s06e09.720p.hdtv.x264-2hd.mkv
[2013.03.12 13:33:36 | 000,029,323 | ---- | C] () -- C:\Users\Slava\Desktop\The.Walking.Dead.S03E13.720p.HDTV.x264-EVOLVE.VO-TV4U&SC.srt
[2013.03.12 13:33:18 | 000,049,345 | ---- | C] () -- C:\Users\Slava\Desktop\Californication.S06E09.720p.HDTV.x264-2HD.VO.srt
[2013.03.10 18:23:54 | 001,717,014 | ---- | C] () -- C:\Users\Slava\Desktop\Erdkunde Harlem Shake.mp4
[2013.03.03 19:41:29 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.02.27 19:53:29 | 106,068,373 | ---- | C] () -- C:\Users\Slava\Desktop\JuliensBlog - ANALyse.mp4
[2013.02.27 14:22:07 | 037,508,105 | ---- | C] () -- C:\Users\Slava\Desktop\Im Radio ist ein Küken.mp4
[2013.02.23 16:16:13 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.23 16:16:13 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.07 23:46:58 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll
[2012.12.30 00:47:43 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.30 00:47:42 | 002,337,865 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.12.30 00:47:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.11 19:43:47 | 000,000,546 | ---- | C] () -- C:\Users\Slava\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012.11.02 14:27:32 | 000,000,001 | ---- | C] () -- C:\Users\Slava\AppData\Local\llftool.4.25.agreement
[2012.10.09 17:29:48 | 001,591,306 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.21 20:07:33 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.07.21 20:07:33 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.06.02 19:18:55 | 000,017,408 | ---- | C] () -- C:\Users\Slava\AppData\Local\WebpageIcons.db
[2012.05.09 13:15:50 | 000,001,536 | ---- | C] () -- C:\Users\Slava\Spiele.lnk
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.16 16:03:31 | 000,000,663 | ---- | C] () -- C:\Users\Slava\Downloads.lnk
[2012.03.09 13:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.01.12 22:49:26 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.01.12 22:49:23 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012.01.12 22:49:22 | 004,078,592 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2012.01.12 22:49:22 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.01.12 22:49:22 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.01.12 22:49:22 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.01.12 04:39:22 | 002,392,064 | ---- | C] () -- C:\Windows\SysWow64\videotrans.dll
[2012.01.12 04:39:22 | 000,215,040 | ---- | C] () -- C:\Windows\SysWow64\videoformat.dll
[2012.01.12 04:39:22 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\imgscaler.dll
[2012.01.12 04:39:22 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\img_utils.dll
[2012.01.12 04:39:22 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\videocore.dll
[2012.01.12 04:39:20 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2011.12.21 00:01:09 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.10.15 20:17:17 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeccomx.dll
[2011.10.15 20:17:17 | 000,331,776 | ---- | C] () -- C:\Windows\SysWow64\LXECinst.dll
[2011.10.15 20:17:16 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecpmui.dll
[2011.10.15 20:17:16 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecinpa.dll
[2011.10.15 20:17:16 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeciesc.dll
[2011.10.15 20:17:16 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxecinsr.dll
[2011.10.15 20:17:16 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxecjswr.dll
[2011.10.15 20:17:16 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeccur.dll
[2011.10.15 20:17:15 | 001,048,576 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecserv.dll
[2011.10.15 20:17:15 | 000,847,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecusb1.dll
[2011.10.15 20:17:15 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxecins.dll
[2011.10.15 20:17:15 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxecinsb.dll
[2011.10.15 20:17:15 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeccu.dll
[2011.10.15 20:17:15 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeccub.dll
[2011.10.15 20:17:14 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxechbn3.dll
[2011.10.15 20:17:14 | 000,598,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccoms.exe
[2011.10.15 20:17:14 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeclmpm.dll
[2011.10.15 20:17:14 | 000,372,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomm.dll
[2011.10.15 20:17:14 | 000,324,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxecih.exe
[2011.10.15 20:17:13 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccomc.dll
[2011.10.15 20:17:13 | 000,373,416 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeccfg.exe
[2011.10.15 20:16:22 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXECsm.dll
[2011.10.15 20:16:22 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXECsmr.dll
[2011.10.15 19:35:00 | 000,000,271 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.10.15 13:32:38 | 000,001,517 | ---- | C] () -- C:\Users\Slava\Progs.lnk
[2011.10.15 13:32:38 | 000,001,517 | ---- | C] () -- C:\Users\Slava\Dokumente.lnk
[2011.10.15 13:32:38 | 000,001,494 | ---- | C] () -- C:\Users\Slava\Serien.lnk
[2011.10.15 13:32:38 | 000,001,494 | ---- | C] () -- C:\Users\Slava\Bilder.lnk
[2011.10.15 13:32:38 | 000,001,485 | ---- | C] () -- C:\Users\Slava\Musik.lnk
[2011.10.15 13:32:38 | 000,001,485 | ---- | C] () -- C:\Users\Slava\Filme.lnk
[2011.10.15 13:32:38 | 000,000,733 | ---- | C] () -- C:\Users\Slava\Installierte Spiele.lnk
[2011.10.15 13:18:48 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011.10.15 00:40:33 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.14 23:38:26 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.09.12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
__________________

Geändert von Slava105 (14.03.2013 um 22:14 Uhr) Grund: [/CODE] vergessen

Alt 14.03.2013, 22:15   #4
Slava105
 
search.searchonme.com entfernen - Standard

search.searchonme.com entfernen



[/CODE]

Extras:


Code:
ATTFilter
OTL Extras logfile created on: 14.03.2013 20:54:32 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Slava\Desktop\Security
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,93 Gb Total Physical Memory | 5,69 Gb Available Physical Memory | 71,73% Memory free
15,85 Gb Paging File | 13,45 Gb Available in Paging File | 84,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 37,89 Gb Free Space | 31,80% Space Free | Partition Type: NTFS
Drive D: | 100,00 Mb Total Space | 71,61 Mb Free Space | 71,61% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 18,09 Gb Free Space | 3,88% Space Free | Partition Type: NTFS
 
Computer Name: SLAVA-LAPTOP | User Name: Slava | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-526365458-2449696219-1328568343-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E0D1621-0872-424B-A0B6-1F79865DBF5C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1F01DB23-29BA-499C-AD14-CE46481C42D7}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{29897A44-0047-4EF8-B534-FAA34BBBF793}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2AEE4C41-CF1C-404B-8D17-0ADF92370EB8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2C0BF9E6-DE1E-4BAC-98AE-7911EF2AA0EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{330AC187-F55D-446A-AF1B-F6A30BD64ABB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{346ABB31-7179-457C-B914-E3176CCCE71E}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{38BD6F69-BCA8-47E4-A26A-13C7FFDCB63A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4F172E83-7D4F-4ECA-8E07-F0D371144A1B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{699FBD15-6BB5-49C8-ACBE-7BA58FC13183}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{865583BE-2FC4-4C81-974B-BBDBFA497BDE}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8742ABDC-F810-421E-9512-FA5AD6EFF735}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9A1B3F59-2E33-4824-9DC3-8EC0362E968A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A7E34A3E-5D12-406C-8DA2-850E8C56CE63}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{A9310477-8601-49CF-8FFF-5BC0E7810399}" = lport=137 | protocol=17 | dir=in | app=system | 
"{B1A1F7E6-11B9-4895-9A69-DA0A53EDB715}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C7AF1D85-5C9A-48DB-9946-7B824F54C2DA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D7AA2F5A-0A57-4E1B-907A-C748C5631585}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D973952A-9540-4939-9494-EF06DDE00DAE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E46C3EB8-D172-46D4-AD32-59628F91A5A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E559BDEB-3286-4FCE-87D0-9C25754677E5}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{EFC1A4B2-7D36-4833-B8EC-C08B90489C4B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{F1A0EEB3-7736-4B9E-964D-AA645896E5B7}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B78F29-1D0A-4149-B9A8-7153103B5705}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{033D097A-293E-40AB-A154-979532191DC9}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{0519CB0F-8DAB-43F7-A2E9-6C414BBB21D3}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{0DA39149-AF6B-434F-BFB3-07A28D359091}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\dead island\deadislandgame.exe | 
"{0F1795D4-11C2-414B-A752-E3A4F41A942F}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{10582EF6-6EAC-4B50-82FF-306EC3FF5C25}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{1063360D-CAFD-43A4-B743-4CAEB96D5B8F}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steam.exe | 
"{13AD0628-EAF7-4BF0-B022-EB1FE0C945E5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12.exe | 
"{1688E52A-E8CB-4FCB-8F28-340CF9A77937}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{17E70F38-BC16-4E46-800D-D95C8B38C8D9}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{19150F2B-FA7B-48CB-98D5-4BF305DC5428}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{195562A7-8E68-4760-986A-9265EEE1C0D2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1A26B498-9E93-45F8-A515-C09B4613141B}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{2030D3F1-3BAA-4418-9D20-A138A0000554}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\dead island\deadislandgame.exe | 
"{208EE4C9-57E2-4F4B-A767-7B6C150516F4}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{2184F5DF-B493-4524-841A-A2E27054C027}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\emmerichj\counter-strike source\hl2.exe | 
"{24144C46-89EF-426E-80AE-C21FE2A1889B}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{2716B2FB-B312-42F1-A368-6BFA4453950C}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{285551DF-B289-4F0F-88E4-E3C61345E471}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{293789BD-ACA4-4718-A226-F09D3A44E4A4}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{2C696243-E531-4056-9468-B7F7EC7F659B}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{2EABB7D6-9B59-417A-8163-7486F8E49CC7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{30F87122-873E-4077-A34B-F4DB58940EF9}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{326F11A8-54F5-4EC3-B8C1-F272C8E2DD4C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{35AF5AD1-9803-4671-BF0E-932D58F1772F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{38A95E7E-5C9D-465B-A3BB-34945574EEF4}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{3ADF4923-5D1F-46CD-9875-E76231155077}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{3AE7A916-E5FB-4035-93DE-D5CB7B51D3D7}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{44354928-A70A-4A3F-ACC9-792F64080EB0}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\bit.trip runner\runner.exe | 
"{4862E025-BD03-4E0D-8D8E-32111055EA54}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{4E56BD2A-2E5D-41C3-ABB1-821D28D6232A}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{56E8B79A-C312-4699-B490-5D252775D63F}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{5A6B0A9C-47A2-4B60-9EC9-8E8DC3DFEEB0}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{5ABBA52C-365D-4DAC-84F1-FD5B4F1FD5B9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dms\clmsserverpdvd12.exe | 
"{5C9FA0FF-2CCE-4278-A46A-AE147EB26DD3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5D8C0488-C3B2-4072-A295-DAE1B8579044}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{5E3D2B1D-7A2A-4230-9B83-BA4B1C867B1A}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{608DBD28-8172-42C4-B4C1-0AB7B74EA3F7}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | 
"{68C7BCB6-97A7-4E99-AC78-A7D5F696DA52}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{692C8CA2-580E-477C-9590-30822477BECB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{6BB81BD0-7933-4381-B148-531DD2B507BD}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steam.exe | 
"{6BCDE12D-266F-4B84-BBC9-7638F0120D76}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{6D293376-E892-4FC6-B0BC-3AC5855524F8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6D3F703C-0530-40A1-945E-12F3798DA985}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{6D83B6C3-5CC5-4A3A-AA7B-8709EBDC37FC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{6E2996F3-90C9-472F-9ACC-52198726542C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{714E2844-99E4-4CFF-8152-C3002B372ADD}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\trine\trine_launcher.exe | 
"{719025D1-A217-4A99-BE5A-795531387B4E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{72875258-29B4-4EAA-BC9B-40C8513E3FF2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{75562D04-63BC-4C7C-B918-50D08F93809D}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{79499C5E-9A6B-4C81-B552-720E8DA2913F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12agent.exe | 
"{7E6FC3E1-AE16-496B-9117-DE47D89D499E}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\bit.trip runner\runner.exe | 
"{7F14AE24-92FF-4400-8213-864B6986F038}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{806F3B62-0A35-4372-A553-95FC53E408C7}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\blacklightretribution\blacklight retribution.exe | 
"{810609C2-3C03-4D98-A845-AE0772FB0503}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{837E517A-CEBC-4C58-84C5-F5FD465CFF42}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{85F6C4D7-79D0-42F2-910C-1D85D5DD23A6}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{8A027BCF-19C4-4A1C-B3E3-B9D9EBD6D8F3}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{8BB3A8B8-4DE6-4FB4-B981-91199251E32A}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{9137F65F-43C8-4EC5-B567-CE6F916E1310}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{91454857-3030-449E-95C8-F566B1FBB83D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\powerdvd12ml.exe | 
"{922EF165-1DB2-48A3-AFCD-8287154A4C9B}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{9446EA4A-03C2-49E0-8E1F-5010933BA291}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{9499A058-E01B-4F57-A5C2-40D210DB01A0}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{954B8C97-C3B7-496E-8A96-0C2843A48B6F}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{97D2F41C-45CA-4A67-8529-6E9FBC511B2E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{993FB316-1ED4-444C-B2D4-7F0A229A01EC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9A628DC4-9EA9-47DC-A0AA-A7820330B8AE}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{9BD61100-E337-41D4-880B-5C50C67AAF10}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{A237AFB6-C791-4018-B416-4C371C03CA56}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{A3C92CFC-A39C-4126-AC17-7AA2E48DC49F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{AE1A2D1F-9C7D-440B-A78D-5C7803546E1D}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | 
"{AFF4CAEE-235E-4AAE-8B2C-BCE923D9628B}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\just cause 2\justcause2.exe | 
"{B1A64E65-D26C-4E03-9774-03EA8C4EAD09}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\just cause 2\justcause2.exe | 
"{B2F53B32-4874-4CF5-9E8C-939199CA538E}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\trine 2\trine2_launcher.exe | 
"{B3AD244B-961C-4854-BED4-CD090FF2CADF}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{B6EF9322-ED94-4A13-ADDF-B1C07B78604A}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{B7C5FA91-A4A6-4EB2-BEDD-A9A7D1FEFB89}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{BA2255FF-DD49-4E81-ADED-BCEDDEF5EF7E}" = dir=in | app=c:\windows\system32\lxeccoms.exe | 
"{BC63B9EC-C50E-4214-BA88-1515C864BE2B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{BD175B1E-0AFF-44FF-92D9-D68BD2EF2EB8}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\emmerichj\the ship\ship.exe | 
"{C1E30509-D65D-48BF-B793-47D62770EE14}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\kernel\dmr\powerdvd12dmrengine.exe | 
"{C35F9718-ECEE-444C-A422-16DDECEB6A3C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C493F476-3A7F-4F1B-8183-0B5C8018E842}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\emmerichj\counter-strike source\hl2.exe | 
"{C5CE89B2-6E7E-46AC-9A1D-E9DB73EB68D2}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\vvvvvv\vvvvvv.exe | 
"{C62DBD14-6067-4268-8EDA-0A15FA114E86}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C75A6815-BCBD-46FA-ACFC-9F973CAFB360}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\emmerichj\the ship\ship.exe | 
"{C9ACEBE1-7C7C-457D-B71A-A64854C49D76}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C9F8E0BE-E42D-4E2E-9E5D-1B7F81237028}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"{CA052723-6105-4AC9-B2B6-C942083E441B}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\rainbow six vegas 2\binaries\r6vegas2_game.exe | 
"{D3D2E828-521B-4B18-B976-FC2F4750A6E4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D4817812-5E16-4993-8A91-5FD0E1AA9936}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\payday the heist\payday_win32_release.exe | 
"{D558ADC4-E1B6-4973-9C30-A9BB12E3B8E8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D67CA529-9EB4-49CF-BB11-8A5618414E53}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{D7263E55-B44B-4C87-955A-65C6DB849F6B}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\trine\trine_launcher.exe | 
"{D96068BF-8977-4CC5-AF85-09813D5A2124}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{E3F1E7B2-ADD0-4258-8EA9-5035AD9694F7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{E9E91FAB-8AA9-4970-8DB5-CA0361B34669}" = protocol=6 | dir=in | app=f:\installierte spiele\steam\steamapps\common\amnesia the dark descent\launcher.exe | 
"{EAD17143-E4C3-4BAD-A8C7-33F2EB9A578D}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{EDE96DC9-D1F7-4598-9CDD-C2D289E6ED2A}" = protocol=17 | dir=in | app=f:\installierte spiele\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{EF2FE695-C7D4-446F-8388-B87232CAF940}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F0576261-7FAF-4F55-B949-CA2B5C59C601}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd12\movie\powerdvd cinema\powerdvdcinema12.exe | 
"TCP Query User{0761B8D5-FCD2-4E21-BAF4-99FAACA335C1}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
"TCP Query User{29EC51A4-EFE8-433A-AB88-F48314A22250}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{AF2A78F7-3C95-449B-81DD-5C61624E6E32}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{44CB89A5-6444-459C-8E60-B3F88632BA9E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{9D05C5B4-1377-4BE6-ABF8-C6E00E84E6C7}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{9E4DE583-5F74-460D-8432-BAAEBCB4054C}C:\program files (x86)\jdownloader 2\jdownloader 2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jdownloader 2\jdownloader 2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 (64-Bit)
"_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{10762393-1B90-4AC2-AF1A-4C0C04AE303F}" = CorelDRAW Graphics Suite X6 - VBA (x64)
"{1967EF95-E00B-4669-8B1C-A589BE8BF24F}" = CorelDRAW Graphics Suite X6 - Capture (x64)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E3A578C-0A7D-4820-990F-B7545C0B2303}" = CorelDRAW Graphics Suite X6 - VSTA (x64)
"{27AE72A4-B217-4CDC-B82B-3311E9D7460E}" = CorelDRAW Graphics Suite X6 - Draw (x64)
"{2C72B5E4-AA34-4F1A-8C7E-468530F9F6A3}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}" = CorelDRAW Graphics Suite X6 - Common (x64)
"{389D85F6-D005-095E-3C49-3675754B41F8}" = AMD Drag and Drop Transcoding
"{3933C06C-8239-432B-87FC-F2BDC5B49A10}" = CorelDRAW Graphics Suite X6 - FontNav (x64)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Überwachungstool für die Intel® Turbo-Boost-Technik
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}" = CorelDRAW Graphics Suite X6 - Redist (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7386B5FA-8715-481D-821F-7785110506DF}" = CorelDRAW Graphics Suite X6 - Custom Data (x64)
"{79899C6B-E315-4A3F-8904-02DEAB8D660D}" = Corel Graphics - Windows Shell Extension 32 Bit
"{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}" = CorelDRAW Graphics Suite X6 - VideoBrowser (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64)
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90F60407-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) German
"{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}" = CorelDRAW Graphics Suite X6 - Connect (x64)
"{AC2AAFF8-6719-A420-AB9F-7E5F5E6CA46A}" = AMD Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6DF7031-2843-44FD-9CAB-DECAB4257456}" = CorelDRAW Graphics Suite X6 - IPM
"{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 - Setup Files (x64)
"{CCE7423E-1D84-4CD3-9E32-220EC9358D97}" = CorelDRAW Graphics Suite X6 (x64)
"{CDFFDDCC-B74E-4AEE-A97F-12E31BAFF3FF}" = CorelDRAW Graphics Suite X6 - DE (x64)
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D7C2687D-924E-4485-B367-C7D95CBF8DDD}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}" = CorelDRAW Graphics Suite X6 - Writing Tools (x64)
"{E699230D-4B5E-411E-9F45-FF50789B18DD}" = CorelDRAW Graphics Suite X6 - Filters (x64)
"{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension
"{F4F0546E-E0F2-5D87-A502-B0B2FBFDD7CD}" = AMD Accelerated Video Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF0E1F56-A1FE-56EC-C33D-578F3E5C5C15}" = ccc-utility64
"{FFA1864E-ADC4-66F6-CC60-877E06EE47E3}" = AMD Media Foundation Decoders
"CCleaner" = CCleaner
"ffdshow64_is1" = ffdshow x64 v1.1.4257 [2012-01-15]
"GIMP-2_is1" = GIMP 2.6.12
"Lexmark Pro800-Pro900 Series" = Lexmark Pro800-Pro900 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UDK-741219a0-ed3f-4a6a-9d57-d0486f6dee1a" = My Game Long Name
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{12F4B10F-2B95-0D9B-ED71-296DA3C20F09}" = CCC Help Czech
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A0582C-03C1-BB0A-EC77-22BC17A4A601}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{29157928-F504-238C-47C7-5389C0F3D6BF}" = CCC Help Swedish
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2B512D86-0BEE-1F51-FDB7-D414C0D6A40E}" = CCC Help Portuguese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{384FA0C0-BB19-4CA0-8DB4-5FD4E938277F}" = Notification Center
"{3A5D79AA-13D7-74FD-1850-E356528DE1A0}" = CCC Help Japanese
"{4082C4D2-9299-AECE-0116-B894D3898F2F}" = Catalyst Control Center
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{63738E95-2626-0C13-B682-DCA526B3B3B8}" = CCC Help French
"{648B59AA-B9BF-CBB9-3123-DCEDF669534B}" = CCC Help Turkish
"{663E92C0-0141-0307-6F04-4465EE0002B2}" = CCC Help Italian
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6879F7F5-E63B-3DCC-DF23-30C4703547D6}" = CCC Help Finnish
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6EB88C92-7828-A799-7A87-AEAA798055FA}" = CCC Help Dutch
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CFC3EF7-41DB-10A6-C7FC-92AD2778043F}" = CCC Help Chinese Traditional
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCD7AE7-F713-4D50-BAB9-7839B9386870}" = ImageShack Uploader 2.2.0
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90287FB1-220B-C54D-9374-070F6BCEFF7C}" = CCC Help Norwegian
"{907F9C22-CD5B-2864-2FBB-6B1DFCEE0787}" = CCC Help Russian
"{92858613-6C37-1DBB-1DF6-2D2832FD5F2D}" = Catalyst Control Center Localization All
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{942641F2-705E-3E66-5D39-BC3AFB476B3A}" = CCC Help Chinese Standard
"{95B90127-0B66-CE91-BFB7-CBA49AC39C0E}" = CCC Help Korean
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FF01926-E64F-EBCB-CAB8-F8C005BE0A8B}" = CCC Help Polish
"{A1974D99-9FF0-9075-CBF4-F579D0717E84}" = CCC Help Thai
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AE683B25-6D74-AE98-F9A9-E07FB9EF5B62}" = CCC Help English
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"{B51C71F3-FA38-627E-1BDD-57831EB4F259}" = CCC Help German
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CB606F47-7D0E-40DF-95BB-0E5413A1295F}" = MP3 Skype Recorder
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF45E5AA-4F5D-1188-CAA6-C2DE5ABBB389}" = Catalyst Control Center InstallProxy
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D56B4299-B2B4-4822-ED77-945B0CCF2192}" = CCC Help Greek
"{D6930099-BDDA-A5BA-16E0-291C0A6899C9}" = CCC Help Danish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E09D83E8-40D2-5E4E-2138-77B6022F6049}" = CCC Help Spanish
"{E2F7EB9D-B814-1474-86AB-69BA1872CE1A}" = CCC Help Hungarian
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E72F1051-B87E-4EF4-AE9F-8FDD229CC438}" = Catalyst Control Center - Branding
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1100000-0011-0000-0001-074957833700}" = ABBYY FineReader 11
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0630-0716-3135-7887" = JDownloader 2
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BitComet_x64" = BitComet 1.29 64-bit
"Call of Duty Black Ops II_is1" = Call of Duty Black Ops II
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"CSS Config .NET 0.6" = CSS Config .NET 0.6
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"FastStone Capture" = FastStone Capture 5.3
"GeoGebra" = GeoGebra
"Hitman Absolution_is1" = Hitman Absolution
"InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}" = CyberLink PowerDVD 12
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 8.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.SingleImage" = Microsoft Office Professional 2010
"OpenAL" = OpenAL
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"Raptr" = Raptr
"Steam App 15120" = Tom Clancy's Rainbow Six: Vegas 2
"Steam App 21100" = F.E.A.R. 3
"Steam App 218" = Source SDK Base 2007
"Steam App 55230" = Saints Row: The Third
"TeamViewer 8" = TeamViewer 8
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite" = Windows Live Essentials
"xp-AntiSpy" = xp-AntiSpy 3.98-2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-526365458-2449696219-1328568343-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.03.2013 06:57:31 | Computer Name = Slava-Laptop | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.SystemException: Cannot
 create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich
 beendet     --- Ende der internen Ausnahmestapelüberwachung ---     bei BlueStacks.hyperDroid.Service.Service.OnStart(String[]
 args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object 
state)
 
Error - 10.03.2013 07:22:54 | Computer Name = Slava-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 10.03.2013 07:22:54 | Computer Name = Slava-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9985
 
Error - 10.03.2013 07:22:54 | Computer Name = Slava-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9985
 
Error - 11.03.2013 10:37:05 | Computer Name = Slava-Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11.03.2013 11:07:27 | Computer Name = Slava-Laptop | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.SystemException: Cannot
 create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich
 beendet     --- Ende der internen Ausnahmestapelüberwachung ---     bei BlueStacks.hyperDroid.Service.Service.OnStart(String[]
 args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object 
state)
 
Error - 12.03.2013 08:11:36 | Computer Name = Slava-Laptop | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.SystemException: Cannot
 create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich
 beendet     --- Ende der internen Ausnahmestapelüberwachung ---     bei BlueStacks.hyperDroid.Service.Service.OnStart(String[]
 args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object 
state)
 
Error - 12.03.2013 22:43:50 | Computer Name = Slava-Laptop | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 13.03.2013 12:21:00 | Computer Name = Slava-Laptop | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.SystemException: Cannot
 create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich
 beendet     --- Ende der internen Ausnahmestapelüberwachung ---     bei BlueStacks.hyperDroid.Service.Service.OnStart(String[]
 args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object 
state)
 
Error - 13.03.2013 14:55:57 | Computer Name = Slava-Laptop | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.SystemException: Cannot
 create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich
 beendet     --- Ende der internen Ausnahmestapelüberwachung ---     bei BlueStacks.hyperDroid.Service.Service.OnStart(String[]
 args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object 
state)
 
Error - 14.03.2013 09:42:32 | Computer Name = Slava-Laptop | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.SystemException: Cannot
 create VM ---> System.ComponentModel.Win32Exception: Der Vorgang wurde erfolgreich
 beendet     --- Ende der internen Ausnahmestapelüberwachung ---     bei BlueStacks.hyperDroid.Service.Service.OnStart(String[]
 args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object 
state)
 
[ System Events ]
Error - 14.03.2013 12:51:22 | Computer Name = Slava-Laptop | Source = Service Control Manager | ID = 7034
Description = Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet
 beendet. Dies ist bereits 4 Mal passiert.
 
Error - 14.03.2013 13:40:30 | Computer Name = Slava-Laptop | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
 (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 14.03.2013 13:40:30 | Computer Name = Slava-Laptop | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
 (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 14.03.2013 13:41:51 | Computer Name = Slava-Laptop | Source = Service Control Manager | ID = 7034
Description = Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet
 beendet. Dies ist bereits 5 Mal passiert.
 
Error - 14.03.2013 14:04:09 | Computer Name = Slava-Laptop | Source = Service Control Manager | ID = 7034
Description = Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet
 beendet. Dies ist bereits 6 Mal passiert.
 
Error - 14.03.2013 14:49:19 | Computer Name = Slava-Laptop | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
 (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 14.03.2013 14:49:19 | Computer Name = Slava-Laptop | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
 (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 14.03.2013 14:52:46 | Computer Name = Slava-Laptop | Source = Service Control Manager | ID = 7034
Description = Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet
 beendet. Dies ist bereits 7 Mal passiert.
 
Error - 14.03.2013 15:28:03 | Computer Name = Slava-Laptop | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
 (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 14.03.2013 15:28:03 | Computer Name = Slava-Laptop | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
 (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
 
< End of report >
         

DeFogger:


Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:50 on 14/03/2013 (Slava)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...


-=E.O.F=-
         

GMER:


Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-14 21:59:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 WDC_SSC- rev.5.12 119,24GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Slava\AppData\Local\Temp\uwtyrpog.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe[2052] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                   0000000077af0018 5 bytes JMP 000000016b731765
.text   C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                          0000000076041465 2 bytes [04, 76]
.text   C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe[2180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                         00000000760414bb 2 bytes [04, 76]
.text   ...                                                                                                                                         * 2
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2832] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                     0000000070bd1a22 2 bytes [BD, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2832] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                     0000000070bd1ad0 2 bytes [BD, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2832] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                     0000000070bd1b08 2 bytes [BD, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2832] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                     0000000070bd1bba 2 bytes [BD, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2832] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                     0000000070bd1bda 2 bytes [BD, 70]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000076041465 2 bytes [04, 76]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                             00000000760414bb 2 bytes [04, 76]
.text   ...                                                                                                                                         * 2
.text   C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[3360] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                 0000000076041465 2 bytes [04, 76]
.text   C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[3360] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                00000000760414bb 2 bytes [04, 76]
.text   ...                                                                                                                                         * 2
.text   C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[5324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000076041465 2 bytes [04, 76]
.text   C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[5324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000760414bb 2 bytes [04, 76]
.text   ...                                                                                                                                         * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [1680:2752]                                                                                                 000007fef17f9688
Thread  C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [1264:6880]                                                                         0000000077b22e25
Thread  C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [1264:6592]                                                                         0000000077b23e45
Thread  C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [1264:4916]                                                                         0000000077b23e45
Thread  C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [1264:3620]                                                                         0000000062188f48
Thread  C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [1264:6244]                                                                         0000000077b23e45
Thread  C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe [1264:1476]                                                                         0000000077b23e45

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\74f06da847bd (not active ControlSet)                                             
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06da847bd                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpDomain                                                                          fritz.box
Reg     HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters@DhcpNameServer                                                                      192.168.178.1
Reg     HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\74f06da847bd (not active ControlSet)                                             

---- EOF - GMER 2.1 ----
         
Mir ist außerdem noch aufgefallen, dass searchonme bei meinen anderen Browsern, doe ich eig nie benutze (Chrome und IE), als Startseite gesetzt ist!

Edit: Circa eine halbe Stunde nachdem ich alle Scans ausgeführt habe, habe ich einen Bluescreen mit folgendem Inhalt bekommen: hxxp://img850.imageshack.us/img850/4787/img3370u.jpg

Geändert von Slava105 (14.03.2013 um 22:37 Uhr) Grund: siehe Edit

Alt 15.03.2013, 17:23   #5
M-K-D-B
/// TB-Ausbilder
 
search.searchonme.com entfernen - Standard

search.searchonme.com entfernen



Servus,




Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 3
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von ComboFix.

__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Alt 15.03.2013, 20:14   #6
Slava105
 
search.searchonme.com entfernen - Standard

search.searchonme.com entfernen



AdwCleaner[S3]

Code:
ATTFilter
# AdwCleaner v2.114 - Datei am 15/03/2013 um 19:03:02 erstellt
# Aktualisiert am 05/03/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Slava - SLAVA-LAPTOP
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Slava\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Slava\AppData\Roaming\Mozilla\Firefox\Profiles\bz8joakp.default\foxydeal.sqlite
Ordner Gelöscht : C:\ProgramData\InstallMate

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Slava\AppData\Roaming\Mozilla\Firefox\Profiles\bz8joakp.default\prefs.js

Gelöscht : user_pref("extensions.507fdc0921be3.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gelöscht : user_pref("extensions.5082c6626cc30.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]

-\\ Google Chrome v25.0.1364.172

Datei : C:\Users\Slava\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S3].txt - [2116 octets] - [15/03/2013 19:03:02]

########## EOF - C:\AdwCleaner[S3].txt - [2176 octets] ##########
         

JRT


Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by Slava on 15.03.2013 at 19:07:08,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-526365458-2449696219-1328568343-1001\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\systweak



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Slava\AppData\Roaming\software4u"



~~~ FireFox

Successfully deleted: [File] C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\invalidprefs.js
Successfully deleted the following from C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\prefs.js

user_pref("browser.search.defaultenginename", "SearchOnMe");
user_pref("browser.search.defaultenginename,S", "SearchOnMe");
user_pref("browser.search.defaulturl", "hxxp://search.searchonme.com/?l=1&q=");
user_pref("browser.search.order.1", "SearchOnMe");
user_pref("browser.search.order.1,S", "SearchOnMe");
user_pref("browser.search.selectedEngine,S", "SearchOnMe");
user_pref("extensions.wot.cqd8dV9VUQ", "6a217a16-1b0f-4e3d-80ec-a092ea4b0d87");
user_pref("keyword.URL", "hxxp://search.searchonme.com/?l=1&q=");
Emptied folder: C:\Users\Slava\AppData\Roaming\mozilla\firefox\profiles\bz8joakp.default\minidumps [213 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.03.2013 at 19:16:00,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

ComboFix


Code:
ATTFilter
ComboFix 13-03-15.01 - Slava 15.03.2013  19:35:43.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8117.6273 [GMT 1:00]
ausgeführt von:: c:\users\Slava\Desktop\ComboFix.exe
AV: Kaspersky Security Suite CBE *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Security Suite CBE *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Security Suite CBE *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-15 bis 2013-03-15  ))))))))))))))))))))))))))))))
.
.
2013-03-15 18:45 . 2013-03-15 18:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-15 18:16 . 2013-03-15 18:16	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5BC5233-AD79-41C7-A23E-FB00BA68CC30}\offreg.dll
2013-03-15 18:07 . 2013-03-15 18:07	--------	d-----w-	c:\windows\ERUNT
2013-03-15 18:07 . 2013-03-15 18:07	--------	d-----w-	C:\JRT
2013-03-15 13:16 . 2013-02-08 00:28	9162192	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5BC5233-AD79-41C7-A23E-FB00BA68CC30}\mpengine.dll
2013-03-15 00:47 . 2013-03-15 00:47	--------	d-----w-	c:\program files\Microsoft Silverlight
2013-03-15 00:47 . 2013-03-15 00:47	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2013-02-28 18:50 . 2013-02-28 18:50	--------	d-----w-	c:\program files\Proxy Labs
2013-02-27 21:02 . 2013-01-04 06:11	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-02-27 21:02 . 2013-01-13 19:53	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-02-27 21:02 . 2013-01-13 19:24	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-02-27 21:02 . 2013-01-04 06:11	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-02-27 21:02 . 2013-01-13 19:02	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-02-27 21:02 . 2013-01-13 18:32	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-02-25 12:36 . 2013-02-26 11:36	--------	d-----w-	c:\users\Slava\AppData\Roaming\Raptr
2013-02-25 12:36 . 2013-02-25 12:37	--------	d-----w-	c:\program files (x86)\Raptr
2013-02-23 15:16 . 2013-03-02 11:23	--------	d-----w-	c:\program files (x86)\Google
2013-02-15 21:44 . 2013-02-15 21:44	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2013-02-15 21:44 . 2013-02-15 21:44	--------	d-----r-	c:\program files (x86)\Skype
2013-02-14 14:22 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 14:22 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 08:19 . 2013-01-05 05:53	5553512	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-14 08:19 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 08:19 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 08:19 . 2013-01-04 03:26	3153408	----a-w-	c:\windows\system32\win32k.sys
2013-02-14 08:19 . 2013-01-04 05:46	215040	----a-w-	c:\windows\system32\winsrv.dll
2013-02-14 08:19 . 2013-01-04 04:51	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2013-02-14 08:19 . 2013-01-04 02:47	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2013-02-14 08:19 . 2013-01-04 02:47	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2013-02-14 08:19 . 2013-01-04 02:47	2048	----a-w-	c:\windows\SysWow64\user.exe
2013-02-14 08:19 . 2013-01-04 02:47	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2013-02-14 08:19 . 2013-01-03 06:00	1913192	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-14 08:19 . 2013-01-03 06:00	288088	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 00:50 . 2011-10-14 22:55	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-03-13 17:22 . 2012-03-29 06:39	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 17:22 . 2011-10-14 23:37	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-10 12:35 . 2012-11-07 06:03	45056	----a-w-	c:\windows\system32\acovcnt.exe
2013-02-12 05:45 . 2013-03-14 13:47	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 13:47	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 13:47	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 13:47	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 13:47	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 13:47	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-07 22:47 . 2013-02-07 22:47	358912	----a-w-	c:\windows\system32\sbcrreag.dll
2013-02-07 22:46 . 2013-02-07 22:46	315392	----a-w-	c:\windows\SysWow64\sbcrreag.dll
2013-01-17 00:28 . 2011-10-14 22:50	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-08 22:49 . 2013-01-06 01:31	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-01-08 22:49 . 2012-12-29 23:47	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-01-08 17:25 . 2012-12-29 23:47	281688	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-01-06 01:30 . 2012-12-29 23:47	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-01-04 04:43 . 2013-02-14 08:19	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-12-29 23:47 . 2012-12-29 23:47	2337865	----a-w-	c:\windows\SysWow64\pbsvc.exe
2012-12-16 17:11 . 2012-12-22 01:57	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 01:57	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 01:57	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 01:57	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avp"="c:\program files (x86)\Kaspersky Security Suite CBE 12\avp.exe" [2012-04-10 202296]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-05-03 44032]
R3 Andbus;LGE Android Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [2010-01-25 19456]
R3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [2010-01-25 27648]
R3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [2010-01-25 27136]
R3 ANDModem;LGE Android USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [2010-01-25 33792]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [2012-11-15 40712]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2012-07-15 30720]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 X6va005;X6va005;c:\users\Slava\AppData\Local\Temp\0052675.tmp [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [2012-11-02 141920]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-24 283200]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/06/02 20:49];c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-01-11 20:57 146928]
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-12-22 818952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-10-25 71032]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-10-25 384888]
S2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-01-12 87336]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-01-12 75048]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-01-12 296232]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 ntk_PowerDVD12;ntk_PowerDVD12;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2011-10-27 82928]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-02-26 3560800]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-04-21 76912]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 17:22]
.
2013-03-15 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-10-15 12:42]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23 15:16]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-23 15:16]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-526365458-2449696219-1328568343-1001Core.job
- c:\users\Slava\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 00:27]
.
2013-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-526365458-2449696219-1328568343-1001UA.job
- c:\users\Slava\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-24 00:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-17 10134560]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.google.com
IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Download all links using BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download link using &BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Slava\AppData\Roaming\Mozilla\Firefox\Profiles\bz8joakp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/feed/subscriptions/u | facebook.com | forum.schwabensturm02.net | ebay.de | hxxp://www.gamestar.de/gewinnspiele/
FF - prefs.js: network.proxy.ftp - 46.137.17.166
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 46.137.17.166
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 46.137.17.166
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 46.137.17.166
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: 2013-03-14 22:58; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Slava\AppData\Roaming\Mozilla\Firefox\Profiles\bz8joakp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-03-14 23:00; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Slava\AppData\Roaming\Mozilla\Firefox\Profiles\bz8joakp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - ExtSQL: 2013-03-14 23:00; {987311C6-B504-4aa2-90BF-60CC49808D42}; c:\users\Slava\AppData\Roaming\Mozilla\Firefox\Profiles\bz8joakp.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi
FF - ExtSQL: 2013-03-15 00:18; youtubeunblocker@unblocker.yt; c:\users\Slava\AppData\Roaming\Mozilla\Firefox\Profiles\bz8joakp.default\extensions\youtubeunblocker@unblocker.yt.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-ProxyCap - c:\progra~1\PROXYL~1\ProxyCap\pcapui.exe
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va005]
"ImagePath"="\??\c:\users\Slava\AppData\Local\Temp\0052675.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-526365458-2449696219-1328568343-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-526365458-2449696219-1328568343-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-526365458-2449696219-1328568343-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:9a,3e,7b,d6,34,5e,c2,24,53,9c,f3,6e,60,1e,6c,58,45,da,43,35,66,31,90,
   08,5e,f6,78,60,5f,da,f4,af,05,c8,00,4d,46,34,5c,30,07,6f,44,83,d5,bc,1a,0c,\
"??"=hex:3e,23,0a,bf,d5,a0,06,af,99,df,ef,47,1c,b3,99,17
.
[HKEY_USERS\S-1-5-21-526365458-2449696219-1328568343-1001\Software\SecuROM\License information*]
"datasecu"=hex:5d,14,10,39,61,0b,97,cc,74,70,bf,26,1c,c2,74,0c,50,d7,99,15,98,
   90,d2,00,26,c9,c6,3f,0f,6b,41,1b,77,52,90,f4,69,93,ac,81,ec,f7,0d,b8,a4,59,\
"rkeysecu"=hex:99,6f,df,ac,1d,af,f8,0f,27,36,b5,29,2b,7a,3d,d0
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-15  20:04:40
ComboFix-quarantined-files.txt  2013-03-15 19:04
.
Vor Suchlauf: 11 Verzeichnis(se), 41.385.676.800 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 41.590.636.544 Bytes frei
.
- - End Of File - - 3C8976F23135060E7A6F8626F3BC75FA
         

Ich habe es gerade nochmal probiert, dieses "Virus" scheint weg zu sein. Auch mit anderen Browsern taucht das Problem nicht mehr auf.
Vielen Dank also für Deine Hilfe

PS: eine Frage hätte ich aber noch: was genau hat denn dieses searchonme eigentlich gemacht? Hat es wirklich einen nur auf die Seite umgeleitet oder vielleicht noch irgendwelche Daten ausspioniert?

Alt 16.03.2013, 11:04   #7
M-K-D-B
/// TB-Ausbilder
 
search.searchonme.com entfernen - Standard

search.searchonme.com entfernen



Servus,


Zitat:
Zitat von Slava105 Beitrag anzeigen
Ich habe es gerade nochmal probiert, dieses "Virus" scheint weg zu sein. Auch mit anderen Browsern taucht das Problem nicht mehr auf.
Vielen Dank also für Deine Hilfe
Betonung liegt auf scheint, denn es ist noch nicht alles entfernt... was aber keine Rolle mehr spielt:



Aus deiner Logdatei:
Zitat:
2013-03-15 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-10-15 12:42]
Die von mir gelisteten Einträge deuten stark darauf hin, dass auf diesem Rechner Software benutzt wird, die nicht legal erworben wurde... ich tippe auf illegales Office.

Supportstopp
Lesestoff:
Cracks und Keygens
Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen.

Unsere Hilfe beschränkt sich daher nur auf das Neuaufsetzen und Absichern deines Systems.
Fragen dazu beantworten wir dir aber weiterhin gerne und zwar in unserem Forum.
Damit ist das Thema beendet.
__________________
Gruß
M-K-D-B



Das Trojaner-Board unterstützen

Antwort

Themen zu search.searchonme.com entfernen
.com, adresse, adressleiste, amazon, eingebe, einiger, endung, englisch, entferne, entfernen, firefox, google, problem, redirect, seite, troja, trojanerboard, weitergeleitet



Ähnliche Themen: search.searchonme.com entfernen


  1. Ads By Search Know entfernen
    Anleitungen, FAQs & Links - 03.11.2015 (2)
  2. Search.mytelevisionxp.com entfernen
    Anleitungen, FAQs & Links - 14.09.2015 (2)
  3. Search.mygamesxp.com entfernen
    Anleitungen, FAQs & Links - 14.09.2015 (2)
  4. Search.NewsCrawler.com entfernen
    Anleitungen, FAQs & Links - 10.09.2015 (2)
  5. Search.sidecubes.com entfernen
    Anleitungen, FAQs & Links - 10.09.2015 (2)
  6. Ads by Search Armor entfernen
    Anleitungen, FAQs & Links - 09.09.2015 (2)
  7. Dp-search.com entfernen
    Anleitungen, FAQs & Links - 15.02.2015 (2)
  8. Only-Search entfernen
    Anleitungen, FAQs & Links - 10.02.2015 (2)
  9. PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1 DLL entfernen
    Plagegeister aller Art und deren Bekämpfung - 04.02.2015 (1)
  10. www.bit-search.com entfernen
    Anleitungen, FAQs & Links - 28.09.2014 (2)
  11. Search Better App entfernen
    Log-Analyse und Auswertung - 09.09.2014 (20)
  12. search.tb.ask.com entfernen
    Anleitungen, FAQs & Links - 10.07.2014 (2)
  13. Better-Search.net entfernen
    Anleitungen, FAQs & Links - 31.01.2014 (2)
  14. AVG secure search entfernen
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (27)
  15. Search.yac.mx entfernen
    Anleitungen, FAQs & Links - 12.11.2013 (2)
  16. Delta search entfernen!
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (11)
  17. Delta-Search entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (11)

Zum Thema search.searchonme.com entfernen - Liebes Trojanerboard, seit einiger Zeit habe ich das Problem, dass wenn ich bei Firefox eine Adresse ohne die Endung ".de, .com" o.Ä. eingebe, ich nicht wie ich es normalerweise gewohnt - search.searchonme.com entfernen...
Archiv
Du betrachtest: search.searchonme.com entfernen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.