Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.04.2013, 16:51   #1
2ndSkin
 
Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Standard

Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)



Mein Bitdefender hat o.g. Schädlinge entdeckt.

Nun habe ich einen Scan mit Malwarebytes gemacht und würde mich über Hilfe bei der Säuberung freuen.

Danke.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.07.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
* :: *-PC [Administrator]

07.04.2013 15:06:52
MBAM-log-2013-04-07 (16-52-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|K:\|L:\|M:\|Z:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 853141
Laufzeit: 1 Stunde(n), 12 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\*\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDTF7H8L\flashplayer11_6r253926_527_win[1].exe (Trojan.Malware.Packer.EGX1) -> Keine Aktion durchgeführt.

(Ende)
         
Komischerweise gibt es bei mir keinen Ordner "Temporary Internet Files".

Alt 08.04.2013, 12:14   #2
t'john
/// Helfer-Team
 
Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Standard

Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)





Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



dann:

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 08.04.2013, 12:25   #3
2ndSkin
 
Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Standard

Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)



Hallo t´john.

Danke, dass Du Dich dem Problem annimmst. Soll ich noch einen akuellen Scan mit Mwbytes machen? Mein Bitdefender hat nämlich beim erneuten Suchen noch weitere Bedrohungen entdeckt. Ob diese allerdings auf das System gelangt sind, weiß ich nicht.

Ansonsten würde ich wie von Dir beschrieben vorgehen, wenn ich aus dem Büro nach Hause komme.

1. Scan

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.08.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Lib :: LIB-PC [administrator]

08.04.2013 14:56:50
mbar-log-2013-04-08 (14-56-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31413
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
c:\$RECYCLE.BIN\S-1-5-21-3269441660-1231751284-1862436623-1000\$d276e8b27e39d50422fb820f01387b31\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$RECYCLE.BIN\S-1-5-21-3269441660-1231751284-1862436623-1000\$d276e8b27e39d50422fb820f01387b31\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$RECYCLE.BIN\S-1-5-21-3269441660-1231751284-1862436623-1000\$d276e8b27e39d50422fb820f01387b31 (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 0
(No malicious items detected)

(end)
         
2. Scan

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.08.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Lib :: LIB-PC [administrator]

08.04.2013 15:00:28
mbar-log-2013-04-08 (15-00-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31423
Time elapsed: 2 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
OTL:

Code:
ATTFilter
OTL logfile created on: 08.04.2013 15:05:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lib\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,97 Gb Total Physical Memory | 4,75 Gb Available Physical Memory | 59,65% Memory free
15,93 Gb Paging File | 12,91 Gb Available in Paging File | 80,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 56,05 Gb Free Space | 50,18% Space Free | Partition Type: NTFS
Drive D: | 770,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 68,36 Gb Total Space | 11,63 Gb Free Space | 17,02% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 45,88 Gb Free Space | 23,49% Space Free | Partition Type: NTFS
Drive G: | 108,94 Gb Total Space | 26,67 Gb Free Space | 24,48% Space Free | Partition Type: NTFS
Drive K: | 195,31 Gb Total Space | 176,97 Gb Free Space | 90,61% Space Free | Partition Type: NTFS
Drive L: | 345,57 Gb Total Space | 249,29 Gb Free Space | 72,14% Space Free | Partition Type: NTFS
Drive M: | 390,62 Gb Total Space | 298,23 Gb Free Space | 76,35% Space Free | Partition Type: NTFS
Drive Z: | 68,36 Gb Total Space | 11,63 Gb Free Space | 17,02% Space Free | Partition Type: FAT32
 
Computer Name: LIB-PC | User Name: Lib | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lib\Desktop\OTL(1).exe (OldTimer Tools)
PRC - F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - L:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Users\Lib\Desktop\mbar\mbar.exe (Malwarebytes Corporation)
PRC - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - E:\Tobit Radio.fx\Server\rfx-server.exe ()
PRC - E:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - L:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe (IObit)
PRC - L:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
PRC - L:\Program Files (x86)\BoxCryptor\BoxCryptor.exe (Secomba GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - f:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - E:\Tom\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Programme\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe (CMedia)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - F:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE (ROCCAT)
PRC - C:\Windows\SysWOW64\HsMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\wx._core_.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\_ssl.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\wx._controls_.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\wx._windows_.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\wx._gdi_.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\wx._misc_.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\_hashlib.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\unicodedata.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\pythoncom27.dll ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32com.shell.shell.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\_elementtree.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\pyexpat.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\wx._wizard.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32file.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\pywintypes27.dll ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32security.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32api.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\_ctypes.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\wx._html2.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\_socket.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32inet.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32process.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32pdh.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32ts.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32event.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32profile.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\win32crypt.pyd ()
MOD - C:\Users\Lib\AppData\Local\Temp\_MEI19762\select.pyd ()
MOD - F:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - L:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll ()
MOD - L:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll ()
MOD - L:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\libid3tag.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\libaacdec.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\QtGui4.dll ()
MOD - C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\QtCore4.dll ()
MOD - E:\Tobit Radio.fx\Client\rfx-client$.ger ()
MOD - E:\Tobit Radio.fx\Client\tobitclt.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4cae4b1b6c8423f80d1f86eae7fd8203\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6fd278018f0cf369362fc810f8aefcb5\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\581e9ba9c81e2840a917fbd3d9661f85\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Programme\ASUS Xonar DG Audio\Customapp\VmixP8.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\SysWOW64\HsMgr.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BdDesktopParental) -- L:\Bitdefender\Bitdefender 2013\bdparentalservice.exe (Bitdefender)
SRV - (VSSERV) -- L:\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Radio.fx) -- E:\Tobit Radio.fx\Server\rfx-server.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdvancedSystemCareService6) -- L:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe (IObit)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- f:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- f:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (UPDATESRV) -- L:\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (TomTomHOMEService) -- E:\Tom\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (HiPatchService) -- g:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe (Hi-Rez Studios)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (IMFservice) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe ()
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe ()
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SandraAgentSrv) -- l:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe (SiSoftware)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (mbamswissarmy) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV:64bit: - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys ()
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)
DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)
DRV:64bit: - (cbfs4) -- C:\Windows\SysNative\drivers\cbfs4.sys (EldoS Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)
DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender)
DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (SmartDefragDriver) -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ArvoFltr) -- C:\Windows\SysNative\drivers\ArvoFltr.sys (ROCCAT Development, Inc.)
DRV - (BdfNdisf) -- c:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys (BitDefender LLC)
DRV - (UrlFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys (IObit.com)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (FileMonitor) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys (IObit)
DRV - (bdfwfpf) -- C:\Programme\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SANDRA) -- l:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B AB 7C DA 87 B0 CD 01  [binary data]
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\..\SearchScopes,DefaultScope = {EB6F5919-AB5F-4ABA-BD75-C28FDFF93C5D}
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\..\SearchScopes\{E85F8337-7F72-4761-B858-28A0A44CF3BC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=9C58C87C-19C8-41F9-B5FA-4ECF2A5544D9&apn_sauid=DCE02B90-7BB8-47E3-A0B3-3F845AA684B4
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\..\SearchScopes\{EB6F5919-AB5F-4ABA-BD75-C28FDFF93C5D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com?type=800236&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B AB 7C DA 87 B0 CD 01  [binary data]
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\..\URLSearchHook: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\..\SearchScopes,DefaultScope = {EB6F5919-AB5F-4ABA-BD75-C28FDFF93C5D}
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\..\SearchScopes\{E85F8337-7F72-4761-B858-28A0A44CF3BC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=9C58C87C-19C8-41F9-B5FA-4ECF2A5544D9&apn_sauid=DCE02B90-7BB8-47E3-A0B3-3F845AA684B4
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\..\SearchScopes\{EB6F5919-AB5F-4ABA-BD75-C28FDFF93C5D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "google"
FF - prefs.js..browser.search.defaultenginename: "google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "google.de"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=800236"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: ""
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: mozrepl%40hyperstruct.net:1.1
FF - prefs.js..extensions.enabledAddons: passifox%40hanhuy.com:1.1.5
FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7Bb8cbd8e0-e642-11dd-ba2f-0800200c9a66%7D:2.1
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7BD9808C4D-1CF5-4f67-8DB2-12CF78BBA23F%7D:2.5.8
FF - prefs.js..extensions.enabledAddons: %7BEF522540-89F5-46b9-B6FE-1829E2B572C6%7D:6.1
FF - prefs.js..extensions.enabledAddons: keefox%40chris.tomlinson:1.1.4
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.5
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.7
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.3
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:17.8
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - prefs.js..network.proxy.ftp: "178.33.34.48"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.http: "178.33.34.48"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "178.33.34.48"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "178.33.34.48"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: l:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: g:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: E:\Media\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: F:\Program Files (x86)\OpenOffice.org 3\program [2012.12.07 03:33:01 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: L:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Lib\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Lib\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Lib\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lib\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lib\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: f:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 20.0a1\extensions\\Components: L:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012.12.20 12:34:55 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 20.0a1\extensions\\Plugins: L:\PROGRAM FILES\NIGHTLY\PLUGINS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: L:\BITDEFENDER\BITDEFENDER 2013\BDTBEXT [2013.02.07 03:08:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.04.01 21:24:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: F:\Program Files (x86)\Mozilla Firefox\components [2013.04.05 01:37:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: F:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.18 12:38:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: L:\Program Files (x86)\Mozilla Thunderbird\components [2013.04.03 18:58:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: L:\Bitdefender\Bitdefender 2013\bdtbext [2013.02.07 03:08:09 | 000,000,000 | ---D | M]
 
[2012.07.05 01:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\Extensions
[2012.07.05 01:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2013.04.06 11:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions
[2013.03.26 22:34:15 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2012.02.18 00:34:19 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(183)
[2013.03.14 11:50:43 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2012.02.18 00:34:19 | 000,000,000 | ---D | M] (IE View) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}(184)
[2013.04.05 20:14:20 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2013.04.04 02:41:37 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.02.18 00:34:21 | 000,000,000 | ---D | M] ("DHL Packstation Bestellhelfer") -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{b8cbd8e0-e642-11dd-ba2f-0800200c9a66}
[2013.02.23 17:27:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.02.18 00:34:22 | 000,000,000 | ---D | M] (Download Sort) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\{D9808C4D-1CF5-4f67-8DB2-12CF78BBA23F}
[2012.02.18 00:34:10 | 000,000,000 | ---D | M] ("Better Gmail 2") -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\bettergmail2@ginatrapani.org
[2012.10.14 15:33:49 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.03.21 11:39:30 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\firefox@ghostery.com
[2012.10.02 21:25:37 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\foxmarks@kei.com
[2013.04.06 11:47:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\ich@maltegoetz.de
[2013.01.26 12:26:27 | 000,000,000 | ---D | M] (KeeFox) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\keefox@chris.tomlinson
[2012.03.22 01:52:46 | 000,000,000 | ---D | M] (Download Youtube Videos +) -- C:\Users\Lib\AppData\Roaming\mozilla\Firefox\Profiles\fg4op894.default\extensions\video.downloader.plugin@ffpimp.com
[2012.09.20 10:09:56 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\amznUWL2@amazon.com.xpi
[2013.01.05 20:06:41 | 000,347,340 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\autopager@mozilla.org.xpi
[2012.12.19 20:30:03 | 000,221,503 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\kosa@kallout.com.xpi
[2012.01.07 21:22:08 | 000,027,841 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\mozrepl@hyperstruct.net.xpi
[2012.05.31 03:57:06 | 000,016,791 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\passifox@hanhuy.com.xpi
[2013.04.06 11:47:13 | 000,334,383 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\personas@christopher.beard.xpi
[2013.02.10 11:50:48 | 000,185,839 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\stealthyextension@gmail.com.xpi
[2011.11.08 04:26:08 | 000,014,949 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\twitter.address.bar.search@firefox.twitter.xpi
[2011.08.18 02:49:26 | 000,022,819 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}.xpi
[2012.11.24 21:32:53 | 000,317,623 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460}.xpi
[2011.07.17 20:49:00 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012.09.15 03:00:39 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2013.03.04 12:26:13 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.12.12 19:23:49 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.03.22 22:39:48 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2013.02.15 03:40:25 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.08.18 18:00:19 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011.10.30 14:58:04 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.04.04 20:14:21 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.03.01 12:27:14 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.11.06 11:37:00 | 000,045,219 | ---- | M] () (No name found) -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
[2013.01.07 03:52:31 | 000,002,973 | ---- | M] () -- C:\Users\Lib\AppData\Roaming\mozilla\firefox\profiles\fg4op894.default\searchplugins\twitter-.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Ask (Enabled)
CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=9C58C87C-19C8-41F9-B5FA-4ECF2A5544D9&apn_ptnrs=U3&apn_sauid=DCE02B90-7BB8-47E3-A0B3-3F845AA684B4&apn_dtid=OSJ000YYDE&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}
CHR - homepage: hxxp://de.search.yahoo.com?type=800236&fr=spigot-yhp-ch
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lib\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = f:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = f:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = f:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Winamp Application Detector (Enabled) = f:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Media Go Detector (Enabled) = E:\Media\npmediago.dll
CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Picasa (Enabled) = g:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - Extension: Ebay Shopping Assistant by Spigot = C:\Users\Lib\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbcennhacfaagdopikcegfcobcadeocj\1.0_0\
CHR - Extension: Domain Error Assistant = C:\Users\Lib\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.1_0\
CHR - Extension: Savings-Slider = C:\Users\Lib\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk\2.3_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Lib\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Lib\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Amazon Shopping Assistant by Spigot = C:\Users\Lib\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfndaklgolladniicklehhancnlgocpp\1.0_0\
 
O1 HOSTS File: ([2012.09.12 01:41:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (IObit Apps Toolbar) - {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [Bdagent] L:\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Arvo] f:\Program Files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE (ROCCAT)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] L:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] L:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000..\Run: [BoxCryptor] l:\Program Files (x86)\BoxCryptor\BoxCryptor.exe (Secomba GmbH)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000..\Run: [MusicManager] C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000..\Run: [RfxSrvTray] E:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005..\Run: [MusicManager] C:\Users\Lib\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3269441660-1231751284-1862436623-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - F:\icq\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - F:\icq\ICQ7M\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A76E21B-2FA4-4F66-A99C-A15C11ADA6BF}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79531C24-1D82-4258-92F8-339D52C3B9BF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D39C8E1B-2B2F-4170-B9C0-BD0829FEB5FB}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1DD1B67-326C-4D99-BA94-40F641486EBA}: DhcpNameServer = 192.168.42.129
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: EldosMountNotificator-cbfs4 - {694DED0F-89D5-4464-89B7-76CC5AE9D7D8} - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)
O21 - SSODL: EldosMountNotificator-cbfs4 - {694DED0F-89D5-4464-89B7-76CC5AE9D7D8} - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
O22:64bit: - SharedTaskScheduler: {694DED0F-89D5-4464-89B7-76CC5AE9D7D8} - Virtual Storage Mount Notification - C:\Windows\SysNative\cbfsMntNtf4.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {694DED0F-89D5-4464-89B7-76CC5AE9D7D8} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.02.15 07:51:42 | 000,000,024 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.08 15:04:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lib\Desktop\OTL(1).exe
[2013.04.08 14:58:02 | 000,157,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2013.04.01 21:24:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2013.04.01 21:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013.04.01 21:24:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2013.04.01 21:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2013.04.01 21:23:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2013.03.29 17:30:08 | 000,147,232 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys.upd
[2013.03.25 22:39:46 | 004,546,560 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013.03.25 22:20:59 | 026,956,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.03.25 22:20:59 | 020,542,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.03.25 22:20:59 | 007,573,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.03.25 22:20:59 | 006,271,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.03.25 22:20:59 | 000,968,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.03.25 22:20:58 | 025,256,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.03.25 22:20:58 | 017,990,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.03.25 22:20:58 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.03.25 22:20:58 | 015,042,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.03.25 22:20:58 | 009,414,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.03.25 22:20:58 | 007,959,000 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.03.25 22:20:58 | 002,913,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.03.25 22:20:58 | 002,728,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.03.25 22:20:58 | 002,355,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.03.25 22:20:58 | 001,995,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.03.25 22:20:58 | 001,807,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.03.25 22:20:58 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.03.25 22:20:58 | 000,250,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.03.25 22:20:58 | 000,205,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.03.23 03:09:28 | 000,354,656 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2013.03.22 00:17:42 | 000,000,000 | ---D | C] -- C:\Users\Lib\Desktop\mbar
[2013.03.14 23:07:52 | 000,559,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013.03.13 02:15:36 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 02:15:36 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 02:15:36 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 02:15:36 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.13 02:15:36 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.13 02:15:36 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.13 02:15:36 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.13 02:15:36 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.13 02:15:36 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.13 02:15:36 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.13 02:15:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 02:15:36 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.13 02:15:36 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 02:15:36 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.13 02:15:36 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 02:15:36 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.13 02:15:36 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.13 02:15:36 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 02:15:36 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.13 02:15:36 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.13 02:15:36 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 02:15:36 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 02:15:36 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.13 02:15:36 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.13 02:15:36 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.13 02:15:36 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.13 02:15:36 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 02:15:36 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.13 02:15:36 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.13 02:15:36 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.13 02:15:36 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.13 02:15:36 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.13 02:15:36 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.13 02:15:36 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 02:15:36 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.13 02:15:36 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.13 02:15:36 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.13 02:15:36 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.13 02:15:36 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.13 02:15:36 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.13 02:15:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.13 02:15:36 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.13 02:15:36 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 02:15:36 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.13 02:15:36 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.03.13 02:15:36 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.13 02:15:36 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.13 02:15:36 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 02:15:36 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.13 02:15:36 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.13 02:15:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.03.13 02:15:36 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.13 02:15:36 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.03.13 02:15:36 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.13 02:15:36 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.13 02:15:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.13 02:15:36 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.13 02:15:36 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.13 02:15:36 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.13 02:15:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.13 02:15:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.13 02:15:36 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.03.13 02:15:36 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.13 02:15:36 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.13 02:15:36 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.13 02:15:36 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.13 02:15:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.13 02:15:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.13 02:13:32 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys
[2013.03.13 02:13:32 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.12 19:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit Apps Toolbar
[2013.03.12 19:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2013.03.12 18:43:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013.03.09 17:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
[75 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.08 14:58:02 | 000,157,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2013.04.08 14:58:02 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.04.08 14:55:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lib\Desktop\OTL(1).exe
[2013.04.08 14:52:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.08 14:50:36 | 000,014,546 | ---- | M] () -- C:\Users\Lib\Desktop\Malwarebytes Anti-Rootkit.htm
[2013.04.08 14:45:56 | 000,069,932 | ---- | M] () -- C:\Users\Lib\Desktop\1365411788_1_03.xml
[2013.04.08 14:39:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3269441660-1231751284-1862436623-1000UA.job
[2013.04.08 14:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.08 11:04:44 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 11:04:44 | 000,015,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.08 11:03:34 | 001,492,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.08 11:03:34 | 000,651,996 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.08 11:03:34 | 000,614,184 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.08 11:03:34 | 000,129,036 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.08 11:03:34 | 000,105,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.08 10:57:42 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.08 10:57:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.07 23:39:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3269441660-1231751284-1862436623-1000Core.job
[2013.04.07 15:03:43 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.07 14:21:56 | 000,160,490 | ---- | M] () -- C:\Users\Public\Desktop\bdsyslog.zip
[2013.04.02 10:35:20 | 000,311,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.01 21:24:57 | 000,001,613 | ---- | M] () -- C:\Users\Lib\Desktop\DivX Movies.lnk
[2013.04.01 21:24:46 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013.04.01 21:24:37 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.03.30 18:22:28 | 000,000,220 | ---- | M] () -- C:\Users\Lib\Desktop\BioShock Infinite.url
[2013.03.29 17:30:08 | 000,147,232 | ---- | M] (BitDefender LLC) -- C:\Windows\SysNative\drivers\gzflt.sys.upd
[2013.03.27 03:51:35 | 000,000,721 | ---- | M] () -- C:\Users\Lib\Desktop\SpeedFan.lnk
[2013.03.27 03:51:34 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[2013.03.25 22:39:46 | 004,546,560 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2013.03.23 03:09:28 | 000,354,656 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
[2013.03.15 07:53:06 | 026,956,576 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013.03.15 07:53:06 | 025,256,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013.03.15 07:53:06 | 020,542,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013.03.15 07:53:06 | 017,990,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013.03.15 07:53:06 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013.03.15 07:53:06 | 015,508,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.03.15 07:53:06 | 015,042,928 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013.03.15 07:53:06 | 013,088,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013.03.15 07:53:06 | 009,414,456 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013.03.15 07:53:06 | 007,959,000 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013.03.15 07:53:06 | 007,573,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013.03.15 07:53:06 | 006,271,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013.03.15 07:53:06 | 002,913,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013.03.15 07:53:06 | 002,864,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013.03.15 07:53:06 | 002,728,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013.03.15 07:53:06 | 002,539,128 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013.03.15 07:53:06 | 002,355,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013.03.15 07:53:06 | 001,995,552 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013.03.15 07:53:06 | 001,807,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6431422.dll
[2013.03.15 07:53:06 | 001,510,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6431422.dll
[2013.03.15 07:53:06 | 001,118,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.03.15 07:53:06 | 000,968,408 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2013.03.15 07:53:06 | 000,250,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2013.03.15 07:53:06 | 000,205,184 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2013.03.15 07:53:06 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.03.15 06:16:18 | 003,477,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.03.15 06:16:17 | 006,398,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.03.15 06:16:10 | 002,555,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.03.15 06:16:10 | 000,237,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.03.15 06:16:10 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.03.14 23:07:52 | 000,559,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvStreaming.exe
[2013.03.14 11:50:54 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.14 11:50:54 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.13 18:24:01 | 003,065,455 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.03.13 02:15:36 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.03.13 02:15:36 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.03.13 02:15:36 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.03.13 02:15:36 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.03.13 02:15:36 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.03.13 02:15:36 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.03.13 02:15:36 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.03.13 02:15:36 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.03.13 02:15:36 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.03.13 02:15:36 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.03.13 02:15:36 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.03.13 02:15:36 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.03.13 02:15:36 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.03.13 02:15:36 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.03.13 02:15:36 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.03.13 02:15:36 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.03.13 02:15:36 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.03.13 02:15:36 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.03.13 02:15:36 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.03.13 02:15:36 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.03.13 02:15:36 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.03.13 02:15:36 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.03.13 02:15:36 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.03.13 02:15:36 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.03.13 02:15:36 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.03.13 02:15:36 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.03.13 02:15:36 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.03.13 02:15:36 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.03.13 02:15:36 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.03.13 02:15:36 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.03.13 02:15:36 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.03.13 02:15:36 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.03.13 02:15:36 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.03.13 02:15:36 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.03.13 02:15:36 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.03.13 02:15:36 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.03.13 02:15:36 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.03.13 02:15:36 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.03.13 02:15:36 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.03.13 02:15:36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.03.13 02:15:36 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.03.13 02:15:36 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.03.13 02:15:36 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.03.13 02:15:36 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.03.13 02:15:36 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.03.13 02:15:36 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.03.13 02:15:36 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.03.13 02:15:36 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.03.13 02:15:36 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.03.13 02:15:36 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.03.13 02:15:36 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.03.13 02:15:36 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.03.13 02:15:36 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.03.13 02:15:36 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.03.13 02:15:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.03.13 02:15:36 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.03.13 02:15:36 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.03.13 02:15:36 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.03.13 02:15:36 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.03.13 02:15:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.03.13 02:15:36 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.03.13 02:15:36 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.03.13 02:15:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.03.13 02:15:36 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.03.13 02:15:36 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.13 02:15:36 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.13 02:15:36 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.03.13 02:15:36 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.03.13 02:15:36 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.03.13 02:15:36 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.03.09 17:28:29 | 000,000,679 | ---- | M] () -- C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
[75 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.08 14:58:02 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.04.08 14:50:35 | 000,014,546 | ---- | C] () -- C:\Users\Lib\Desktop\Malwarebytes Anti-Rootkit.htm
[2013.04.08 14:46:49 | 000,069,932 | ---- | C] () -- C:\Users\Lib\Desktop\1365411788_1_03.xml
[2013.04.07 14:21:56 | 000,160,490 | ---- | C] () -- C:\Users\Public\Desktop\bdsyslog.zip
[2013.04.01 21:24:57 | 000,001,613 | ---- | C] () -- C:\Users\Lib\Desktop\DivX Movies.lnk
[2013.04.01 21:24:46 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2013.04.01 21:24:37 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2013.03.30 18:22:28 | 000,000,220 | ---- | C] () -- C:\Users\Lib\Desktop\BioShock Infinite.url
[2013.03.27 03:51:35 | 000,000,721 | ---- | C] () -- C:\Users\Lib\Desktop\SpeedFan.lnk
[2013.03.13 02:15:36 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.13 02:15:36 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.02.13 23:53:40 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2013.02.13 23:53:26 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2013.02.13 23:53:11 | 000,042,457 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2013.02.13 23:52:59 | 000,000,861 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2013.02.13 23:52:57 | 000,005,060 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2013.02.13 18:43:25 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2013.02.07 03:46:06 | 000,493,003 | ---- | C] () -- C:\ProgramData\1360199155.bdinstall.bin
[2013.01.26 16:33:57 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.26 16:33:56 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.01.26 16:33:55 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.10.09 23:20:14 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.09.21 01:30:04 | 011,624,448 | ---- | C] () -- C:\Users\Lib\AppData\Roaming\Sandra.mdb
[2012.09.01 00:10:17 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012.09.01 00:10:17 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012.09.01 00:10:17 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012.09.01 00:10:17 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012.09.01 00:10:17 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012.07.11 01:24:24 | 001,012,976 | ---- | C] () -- C:\Windows\PE_File.dll
[2012.07.11 01:18:44 | 000,947,440 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012.04.06 14:38:16 | 000,103,316 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.02.21 23:18:47 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.02.21 23:18:46 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.02.19 23:54:01 | 002,681,344 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2012.02.18 01:07:09 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2012.02.17 19:39:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.02.17 19:38:55 | 000,026,929 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.01.31 02:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 02:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 02:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 02:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 02:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.01 00:14:50 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2012.10.06 19:26:48 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\2K Sports
[2012.08.31 00:10:02 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Acronis
[2012.02.18 23:19:34 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Amazon
[2012.03.27 01:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\AnvSoft
[2013.02.13 23:51:14 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\ASUS
[2013.02.07 03:07:54 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Bitdefender
[2012.03.01 02:37:18 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Canneverbe Limited
[2012.09.18 17:27:21 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\com.amazon.music.uploader
[2012.02.21 23:17:24 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\DAEMON Tools Pro
[2012.12.22 03:05:32 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\DVDVideoSoft
[2012.12.18 01:59:13 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.05.17 17:18:01 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\elsterformular
[2012.10.05 02:37:43 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\FileZilla
[2012.10.03 01:12:43 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\IcoFX
[2013.01.10 01:12:53 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\ICQ
[2013.01.10 01:21:28 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\ICQ-Profile
[2013.01.10 01:20:58 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\ICQM
[2013.01.25 16:50:03 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\IObit
[2013.04.08 11:27:39 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\KeePass
[2013.03.22 03:20:56 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Mp3tag
[2012.10.30 02:38:36 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\MyPhoneExplorer
[2012.07.11 00:23:16 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Nuance
[2012.02.23 00:01:53 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\OpenOffice.org
[2012.06.23 12:01:06 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Opera
[2012.10.24 00:03:43 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Origin
[2012.02.17 20:20:28 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Panda Security
[2013.02.07 03:07:01 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\QuickScan
[2012.03.16 00:06:38 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Samsung
[2012.03.14 02:53:33 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Sony
[2013.04.03 18:00:36 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Spotify
[2012.04.30 16:52:01 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Temp
[2012.02.23 00:23:01 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Thunderbird
[2012.02.18 03:49:55 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Tobit
[2012.07.05 01:11:30 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\TomTom
[2012.04.09 00:41:16 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\Trillian
[2012.06.03 22:48:59 | 000,000,000 | ---D | M] -- C:\Users\Lib\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >
         
__________________

Alt 08.04.2013, 15:16   #4
2ndSkin
 
Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Standard

Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)



OTL Extras:

Code:
ATTFilter
OTL Extras logfile created on: 08.04.2013 15:05:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lib\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,97 Gb Total Physical Memory | 4,75 Gb Available Physical Memory | 59,65% Memory free
15,93 Gb Paging File | 12,91 Gb Available in Paging File | 80,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,69 Gb Total Space | 56,05 Gb Free Space | 50,18% Space Free | Partition Type: NTFS
Drive D: | 770,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 68,36 Gb Total Space | 11,63 Gb Free Space | 17,02% Space Free | Partition Type: NTFS
Drive F: | 195,31 Gb Total Space | 45,88 Gb Free Space | 23,49% Space Free | Partition Type: NTFS
Drive G: | 108,94 Gb Total Space | 26,67 Gb Free Space | 24,48% Space Free | Partition Type: NTFS
Drive K: | 195,31 Gb Total Space | 176,97 Gb Free Space | 90,61% Space Free | Partition Type: NTFS
Drive L: | 345,57 Gb Total Space | 249,29 Gb Free Space | 72,14% Space Free | Partition Type: NTFS
Drive M: | 390,62 Gb Total Space | 298,23 Gb Free Space | 76,35% Space Free | Partition Type: NTFS
Drive Z: | 68,36 Gb Total Space | 11,63 Gb Free Space | 17,02% Space Free | Partition Type: FAT32
 
Computer Name: LIB-PC | User Name: Lib | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "L:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "e:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "e:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "L:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "L:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "L:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "e:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "e:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "L:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "L:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "F:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "F:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15157E81-E7D0-4197-BB97-06357D89A33A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1CB39562-4BDE-44BF-8639-1513C0BA668A}" = lport=rpc | protocol=6 | dir=in | app=l:\program files\sisoftware\sisoftware sandra lite 2012.sp5c\rpcagentsrv.exe | 
"{1FED60BE-CAC8-4579-848D-8B449E098AB8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2398359E-0E03-4344-B978-719C5A1ACC5A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2FEFD76F-F9C5-423D-8FC7-9EE999D3DCD5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3274597D-46C9-4437-AB85-B6440432BD11}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4FAFD01A-DFDD-4975-8F4A-B075B205C3C2}" = lport=5985 | protocol=6 | dir=in | app=system | 
"{6025F831-4C5B-4566-BDED-E3C3247EFD2B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6271E962-11C8-4D8D-92FD-B03ED60ED440}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\smsvchost.exe | 
"{62D29AF3-D5F0-4A90-829E-19BEBBF96600}" = lport=138 | protocol=17 | dir=in | app=system | 
"{69483F85-2DA0-4A88-B9D9-B46099B5E51E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{71A728C6-3E2B-4177-ACDB-F9EF90014CC7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7A283C41-FC51-48BD-B37E-37F73EC072EA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{83ECAA65-3B3B-4FAC-8F7E-3FEA585B994D}" = lport=80 | protocol=6 | dir=in | app=system | 
"{89AFE715-02B6-42BB-BDFB-626824B9C782}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{918A84E2-368A-4A4E-9B2E-FBFAB6FF88F5}" = lport=rpc | protocol=6 | dir=in | app=l:\program files\sisoftware\sisoftware sandra lite 2012.sp5c\wnt500x64\rpcsandrasrv.exe | 
"{94165154-5EFE-47FA-9D89-53DF349F65E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A0ADE086-4BB5-4415-919B-7BF8693BBF07}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A58FA0E5-3694-4A8F-B95D-C8A97318D3F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C40C431F-85A0-4017-A6E2-2EDAD1E2ECA0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C8A5D849-F0EB-4EC2-9CA0-C239112ABEE7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E30025F0-C4CF-4C71-AE00-6B096837862E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E63B1A7D-DBA5-4B22-B535-7BFDD8040B4F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EEAFC53C-4485-4A90-9881-EE5C5D9325B1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F9B0D24D-2F71-4852-8F19-EBBE58D1D8CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FC33C1AC-0F8E-4E8D-9EEF-C9D94B5347DE}" = rport=445 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048FEFFE-3553-4F71-931D-50B374EE2955}" = protocol=6 | dir=in | app=c:\users\lib\appdata\roaming\spotify\spotify.exe | 
"{05EBAB14-2283-42ED-B5F5-4C569A900398}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{08A6E52A-E635-4D3D-BD78-C49CF30A7AF8}" = protocol=17 | dir=in | app=g:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{08E4B78F-6996-41F2-BEBA-D56939363EBE}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{09B381F5-7C0B-48DE-A882-1FBC43D27BF4}" = protocol=17 | dir=in | app=c:\users\lib\appdata\roaming\icqm\icq.exe | 
"{0D7F434D-181B-4839-851F-BBAA564D7AD4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0DEFE961-B370-44C9-8BB7-4ACED12CE13D}" = protocol=17 | dir=in | app=e:\program files (x86)\opera\opera.exe | 
"{0EB76A08-57BB-4D1E-AD97-88A0C17B6BBD}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{10F8CE8B-8DCD-4964-863E-B1DD2E4C9D01}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{148A762E-C177-470F-BC1C-5C9073035547}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{168F8EC7-B242-4709-9266-AC22BDE96118}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1840E9A1-401B-4D00-B3C5-86165B471B1C}" = protocol=17 | dir=in | app=g:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{1A0923A7-461F-4B00-A1EF-C4437C2B8397}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{207F05F4-CB38-4330-8A45-9092B093FA67}" = protocol=6 | dir=in | app=f:\program files (x86)\orb networks\orb\..\orb mini controller\bin\orbminicontroller.exe | 
"{23EB3731-D3EB-438C-859F-C9A4C602E061}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{256FECFA-B6D3-4A21-B065-F2B48F780948}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{296DC51B-FB3F-4EC2-A253-4856D3DAEBEE}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{29B3B37E-CE3B-4E34-8B4B-1E544BE4AFAA}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{2DD57C4C-5966-4BC0-9D65-FC1A0A0974B2}" = dir=in | app=f:\program files (x86)\itunes\itunes.exe | 
"{2EE7EA5F-A26F-4489-AD67-1A32CE2C5341}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3075EE68-1FA5-4AF4-B66E-E4BEDC6AA282}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{34C2E555-B830-4A8B-8D1A-ACCC66714D5F}" = protocol=17 | dir=in | app=f:\program files (x86)\orb networks\orb\..\orb mini controller\bin\orbminicontroller.exe | 
"{368EA02A-6FC5-4A8E-8729-F080B7CB649F}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{3815287D-A78B-4B62-AC0E-BA337F9CFBC8}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{3D3AFF4A-D8F6-4DBC-B419-C09B5A583930}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{419BAF5D-387B-4FB3-9B84-135170C9DC89}" = protocol=6 | dir=in | app=c:\users\lib\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{42D9AA80-EAC4-4A7F-A0F3-E1F96D9F5D78}" = protocol=6 | dir=in | app=e:\program files (x86)\sony mobile\update service\update service.exe | 
"{47FF1819-FF83-47E4-9F1C-997F50B8EA81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4CAD84CC-5DAD-448D-83FA-C334E9ADAF6E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4CF4E7B6-574B-436F-BCD0-11011F186F77}" = protocol=1 | dir=in | name=sisoftware deployment agent service (icmp-in) | 
"{50A7F1B6-6EDF-4966-987F-8BE914F23A09}" = protocol=17 | dir=in | app=e:\program files (x86)\sony mobile\update service\update service.exe | 
"{529778DD-2158-472A-BE83-B82A5E76A0F6}" = protocol=6 | dir=in | app=g:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{54758B6A-7D79-4F8D-944C-AE3383AF5FD6}" = protocol=6 | dir=out | app=system | 
"{56839D7E-D3E9-48A7-9A74-AB27036BB958}" = protocol=17 | dir=in | app=l:\steam2\rage\rage64.exe | 
"{58BD4CB5-8B52-4B28-8EE1-2FC0BD73B669}" = protocol=6 | dir=in | app=g:\demo\mass effect 3\binaries\win32\masseffect3.exe | 
"{59F090B9-6E1D-4EF7-8591-A13FCB6BC9F4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5BBA27BF-BD46-400A-8F3F-0D582783F746}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{5D2215EE-6335-4990-8C57-2E364D80C7C4}" = protocol=6 | dir=in | app=e:\tobit radio.fx\server\rfx-server.exe | 
"{5DE39559-B52C-4FF9-A8D1-16569C9B06F6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{5F585F28-6BF8-4EDF-81B0-1FCB77A36FCE}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{5FE2856B-D714-4BB2-8EB7-15B14C79F974}" = protocol=17 | dir=in | app=c:\users\lib\appdata\roaming\spotify\spotify.exe | 
"{6053F3A0-E61F-4FB2-822A-BCF73E30E38B}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{60AEB5C2-29BE-4CD8-AE5B-85BD61A98338}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 
"{629861C9-9240-444D-988B-D2E92CE3014A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{63513610-E81B-4CC4-B19C-7BF920B76BE9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{67418A81-CC89-4572-96B0-7885779AAEC8}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{67DB10AF-149D-4F02-85D7-F265282185C4}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) | 
"{6B7F169E-9CE8-45EF-BEF4-8781BA41251B}" = protocol=6 | dir=in | app=e:\program files (x86)\opera\opera.exe | 
"{6C73167E-7132-471D-B7D3-5A341DA88837}" = protocol=17 | dir=in | app=f:\icq\icq7m\icq.exe | 
"{717676ED-91D9-4A3B-8495-AA2DC8BF1814}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{775AE31E-8D1C-4285-8E20-C1E4D3A809E4}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{7B6C5215-1565-4B83-A913-B1A2F432448E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{84D8782B-7354-4736-AD7C-D042D1D1EE51}" = protocol=6 | dir=in | app=l:\steam2\sid meier's civilization v\launcher.exe | 
"{8572C578-CEBF-4FBB-8654-F39EC68B07FA}" = protocol=17 | dir=in | app=l:\steam2\sid meier's civilization v\launcher.exe | 
"{8923E26E-D7CA-40CD-83B5-6FC841F177A3}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{8C21B024-4AA1-4790-891C-01EEC799C109}" = protocol=17 | dir=in | app=f:\icq\icq7m\icq.exe | 
"{8E5A27AC-1380-430F-A6CD-289843A8B514}" = protocol=17 | dir=in | app=g:\sport\nba13\nba2k13.exe | 
"{8EE5C7C3-DD9E-4A33-8F2C-76AC79E82C61}" = protocol=17 | dir=in | app=l:\steam2\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{9024FDCE-3194-4EBD-B959-9D0D7E197E6F}" = protocol=6 | dir=in | app=l:\steam2\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{9042FBA6-5935-40E2-92BD-81A9E7CC6CD6}" = protocol=6 | dir=in | app=l:\steam2\rage\rage.exe | 
"{9127F079-27A7-49EC-88B0-645FF1D6149A}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{958A718A-6134-4E3D-8204-510DDE9E8206}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steam.exe | 
"{975A4249-A1E1-49C3-BD58-E86C3FE09E2F}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | 
"{9E344995-451C-4790-B56C-89EFD3785394}" = protocol=17 | dir=in | app=e:\tobit radio.fx\client\rfx-client.exe | 
"{9ED46E05-6CB5-40D4-BF98-C480EF92989E}" = protocol=6 | dir=in | app=f:\icq\icq7m\icq.exe | 
"{9F1065C2-8693-4153-842D-1A14EE1AFBE1}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{9FF0B5D3-0FCC-469E-ADBF-D558A374F8AC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A0DE1115-EA00-4DDA-B395-E923809F7E28}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A33140FE-E047-4220-B2BA-E090FEEBA69D}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe | 
"{A6A87761-33FE-4928-ACD9-EF9FA1C08FA7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A7469918-9146-481D-B699-8A01904D5820}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{AB0C2D80-1108-4335-846B-F3C54DEBBC4E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AB0F0DF8-1406-4570-B39F-ADAEFECF9EEF}" = protocol=6 | dir=in | app=f:\icq\icq7m\icq.exe | 
"{AB1023BD-1647-46DA-B8A0-FEE7F2014C07}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{B2AE61C2-723A-474B-9504-77E0DF211107}" = protocol=6 | dir=in | app=l:\steam2\rage\rage64.exe | 
"{B5FEE475-8965-40D7-BA42-C21E156990FE}" = protocol=6 | dir=in | app=g:\sport\nba13\nba2k13.exe | 
"{B8E81640-B60F-4CD4-8143-3045F3245A8F}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{BA47344F-6E06-4AC9-880B-BD4A672FA323}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{BCB4BD96-B790-4501-84AA-CA3E3C3E7CBF}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe | 
"{CA05DA78-4A7C-423F-BCD2-6F895DB47F69}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{CCA73062-57ED-4166-BCCD-EAB42EC6185B}" = protocol=6 | dir=in | app=g:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{CD1DB97E-6C79-43E0-B9B1-7E87968BB8DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CD28A4DD-B38D-4116-BBFB-BE38E2F311BC}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\alan wake\alanwake.exe | 
"{CE0CB1C8-99B6-4105-B469-66F1B023336C}" = protocol=6 | dir=in | app=c:\users\lib\appdata\roaming\icqm\icq.exe | 
"{D305BF8C-140B-44DF-ADA4-0CD9C6AE0EC5}" = protocol=17 | dir=in | app=l:\steam2\rage\rage.exe | 
"{D39B43AE-5D43-4FE5-9E4E-2B09F245E974}" = protocol=17 | dir=in | app=e:\tobit radio.fx\server\rfx-server.exe | 
"{D3B7041B-5FC5-476A-8F7D-B60C8AE0DFA8}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\planetside 2\launchpad.exe | 
"{D3ECD2B4-2C1C-4160-BCFC-34944A381ECC}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{D40414EF-508E-4351-BE72-F8C177D19174}" = protocol=17 | dir=in | app=g:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{D66E43D0-BF4D-4604-9E49-F9643F62CB31}" = protocol=17 | dir=in | app=g:\demo\mass effect 3\binaries\win32\masseffect3.exe | 
"{D8CBBEDB-40F9-4746-9B31-9A739C1200A7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{D8FB690E-42EC-495E-A99F-F65C6314DF0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D9D5EE02-7916-48C1-98D7-F2C47A0B470D}" = protocol=17 | dir=in | app=c:\users\lib\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{DA39AAC5-1BA0-4099-AFB9-4901D97E5314}" = protocol=6 | dir=in | app=e:\tobit radio.fx\client\rfx-client.exe | 
"{DBA5E5CC-201C-4DDE-8F35-9412CAB50A6F}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{DE677DDB-CE34-4BF0-A7EB-0FFA2043D2D9}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{E1E45BFA-E302-499C-9622-B676D162B6DD}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 
"{E263868A-A6D7-42C3-8763-341067F79CB7}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{E31393D7-6F76-4939-8BBE-00C8D0037BE8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E43B1ECB-0695-4A77-9D44-EAB63A9F437B}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{ED3C79F8-D022-45A9-882C-3F1761A0A40A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F24EF0C8-F63A-4A09-9D7E-9077A0FDD4BE}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe | 
"{F6CE3A0F-6F46-403B-83BE-90FF99C87AAC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FBD178E0-CDA2-4E93-A625-0279FC23563A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FCEB4F1A-6B0E-46F2-BC4B-0598633BEA6E}" = protocol=6 | dir=in | app=g:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{FCF55C39-D5B0-42DC-86CB-F0B9BED0A6F0}" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe | 
"{FD98F2DA-A1AC-4428-958C-BC373C776405}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steam.exe | 
"{FDCF5201-9C1A-4805-91BE-923B37010BD5}" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\alan wakes american nightmare\alan_wakes_american_nightmare.exe | 
"TCP Query User{3D9CF926-D92C-42F9-8138-30978C1D09C9}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | 
"TCP Query User{3FCB8C48-CC61-4134-8C3D-9F9AD59D6883}F:\tools\musik u. video\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\tools\musik u. video\winamp\winamp.exe | 
"TCP Query User{496E7DD7-4084-4B39-ACC1-9566444E9624}G:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=g:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe | 
"TCP Query User{662FDE5D-3EF7-41A6-8835-DE37F756C6F4}F:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=f:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{94FDD81A-B819-49F6-998A-506D7101FAA6}G:\program files (x86)\slitherine\panzer corps\panzer corps\update.exe" = protocol=6 | dir=in | app=g:\program files (x86)\slitherine\panzer corps\panzer corps\update.exe | 
"TCP Query User{AE55C3FE-A4E7-4F58-8C28-D00B9238367E}E:\program files (x86)\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=e:\program files (x86)\winamp remote\bin\orbtray.exe | 
"TCP Query User{C8F438B5-9C88-4806-A61B-028A11C6D928}E:\program files (x86)\winamp remote\bin\orb.exe" = protocol=6 | dir=in | app=e:\program files (x86)\winamp remote\bin\orb.exe | 
"TCP Query User{CB958BD8-0EBF-4749-A575-937926E01BCA}L:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=6 | dir=in | app=l:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe | 
"TCP Query User{FF1D86B1-B713-4178-B9F7-F35D7EEBDE3D}F:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{07AC39A3-E02B-42E7-9057-03ACD96CD59B}F:\tools\musik u. video\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\tools\musik u. video\winamp\winamp.exe | 
"UDP Query User{12FB6E1F-C390-4C26-8D2F-C88C9C6742CB}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | 
"UDP Query User{1D192852-130C-4C5D-AD5F-C8C677B1A63D}L:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe" = protocol=17 | dir=in | app=l:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe | 
"UDP Query User{1EA7996F-C522-4D56-B1FD-CEBCD0040823}G:\program files (x86)\slitherine\panzer corps\panzer corps\update.exe" = protocol=17 | dir=in | app=g:\program files (x86)\slitherine\panzer corps\panzer corps\update.exe | 
"UDP Query User{5671D6D4-5FA1-4D6C-A25A-D29A9C1DEA3D}E:\program files (x86)\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=e:\program files (x86)\winamp remote\bin\orbtray.exe | 
"UDP Query User{5C8385E3-34E9-45EB-8DFB-C25D214A39E7}F:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=f:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{79871D0A-D955-4F69-BC37-75B45EAEA467}F:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=f:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{8F93D1A5-F8E3-4F4E-8AF3-046CCEDE6C73}E:\program files (x86)\winamp remote\bin\orb.exe" = protocol=17 | dir=in | app=e:\program files (x86)\winamp remote\bin\orb.exe | 
"UDP Query User{99A70C5C-047D-488F-B2BA-BD55338DE589}G:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=g:\program files (x86)\hi-rez studios\hirezgames\tribes\binaries\win32\tribesascend.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.22
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2013a
"{CD349D32-0976-4AB5-9616-82717033D2C8}_is1" = PC-WELT-ProblemlöserPaket 1.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Bitdefender" = Bitdefender Internet Security 2013
"CCleaner" = CCleaner
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DG Audio Driver
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Nightly 20.0a1 (x64 en-US)" = Nightly 20.0a1 (x64 en-US)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B7F436A-E4A6-DAB1-5AC3-1BACE19391CC}" = Amazon Music Importer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{26CE484D-2E8E-40D5-B251-158133114C69}" = TomTom HOME
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ED7341F-1942-4623-A27C-9C4F3838172F}" = IObit Apps Toolbar v7.0
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61DF2893-0069-4E50-A02E-3A41A97CB1B4}" = ROCCAT Arvo Keyboard Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FA1DAFD-AF55-E915-FD92-F269443A2ADF}" = Media Go Video Playback Engine 1.88.104.12040
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.7.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FA601A-241A-4956-8A21-F7D525C4422F}_is1" = SSD Tweaker version 2.0.1
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A766E33-BB01-480F-ABFC-424B8AC11212}" = Amazon Cloud Drive
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed(R) III v1.03
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9CE0266-6801-3B33-94AD-00520085CF4B}" = Google Talk Plugin
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B1C1C959-8B1E-421B-8C90-46AAFBC3D7DD}" = Support Tools Web Package : DCDIAG.EXE
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D96B6543-A0C0-4351-AF96-73DEF1DD6820}" = NBA 2K13
"{DBF1AE39-DA30-4B89-A7EB-3BDA675C5D9E}" = Media Go
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"Afterburner" = MSI Afterburner 2.1.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Android SDK Tools" = Android SDK Tools
"Any Video Converter_is1" = Any Video Converter 3.4.0
"BoxCryptor" = BoxCryptor 1.5
"com.amazon.music.uploader" = Amazon Music Importer
"DivX Setup" = DivX-Setup
"Downloader" = Downloader
"ElsterFormular 13.2.0.8623p" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.5.3
"Flashtool" = Flashtool
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.1.5.1212
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.21.1212
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"IcoFX_is1" = IcoFX 1.6.4
"IObit Malware Fighter_is1" = IObit Malware Fighter
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.21
"LastFM_is1" = Last.fm Scrobbler 2.1.35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3Cover" = MP3Cover
"Mp3tag" = Mp3tag v2.53
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Opera 12.15.1748" = Opera 12.15
"Origin" = Origin
"Panzer Corps1.00" = Panzer Corps
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Rockstar Games Social Club" = Rockstar Games Social Club
"Secunia PSI" = Secunia PSI (3.0.0.3001)
"Security Task Manager" = Security Task Manager 1.8d
"Smart Defrag 2_is1" = Smart Defrag 2
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 108710" = Alan Wake
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 202750" = Alan Wake's American Nightmare
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 207610" = The Walking Dead
"Steam App 218230" = PlanetSide 2
"Steam App 49520" = Borderlands 2
"Steam App 8870" = BioShock Infinite
"Steam App 8930" = Sid Meier's Civilization V
"SystemRequirementsLab" = System Requirements Lab
"Tobit Radio.fx Server" = Radio.fx
"Trillian" = Trillian
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Update Engine" = Sony Ericsson Update Engine
"Update Service" = Sony Mobile Update Service
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3269441660-1231751284-1862436623-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTrader 5.2.0_b10" = ActiveTrader 5.2.0_b10
"ICQ" = ICQ 8.0 (build 5981, für aktuellen Benutzer)
"MusicManager" = Music Manager
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3269441660-1231751284-1862436623-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTrader 5.2.0_b10" = ActiveTrader 5.2.0_b10
"ICQ" = ICQ 8.0 (build 5981, für aktuellen Benutzer)
"MusicManager" = Music Manager
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.04.2013 15:49:18 | Computer Name = Lib-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\program files
 (x86)\Last.fm\ext_skypenotify.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.04.2013 11:34:33 | Computer Name = Lib-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 07.04.2013 11:34:39 | Computer Name = Lib-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\program files
 (x86)\Last.fm\ext_messengernotify.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.04.2013 11:34:39 | Computer Name = Lib-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\program files
 (x86)\Last.fm\ext_skypenotify.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.04.2013 13:00:02 | Computer Name = Lib-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 07.04.2013 21:00:37 | Computer Name = Lib-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "F:\Ablage\Down
 Mozilla\esetsmartinstaller_enu(2).exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 08.04.2013 07:08:11 | Computer Name = Lib-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 08.04.2013 07:08:19 | Computer Name = Lib-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\program files
 (x86)\Last.fm\ext_messengernotify.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.04.2013 07:08:19 | Computer Name = Lib-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "f:\program files
 (x86)\Last.fm\ext_skypenotify.dll".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",type="win32",version="8.0.50727.762""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.04.2013 08:51:20 | Computer Name = Lib-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "F:\Ablage\Down
 Mozilla\esetsmartinstaller_enu(2).exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 18.03.2013 14:15:12 | Computer Name = Lib-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?18.?03.?2013 um 19:13:36 unerwartet heruntergefahren.
 
Error - 30.03.2013 08:34:35 | Computer Name = Lib-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 30.03.2013 20:03:55 | Computer Name = Lib-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 30.03.2013 20:03:55 | Computer Name = Lib-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 02.04.2013 14:28:36 | Computer Name = Lib-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 02.04.2013 14:28:36 | Computer Name = Lib-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 03.04.2013 11:51:03 | Computer Name = Lib-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 03.04.2013 11:56:18 | Computer Name = Lib-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?04.?2013 um 17:54:50 unerwartet heruntergefahren.
 
Error - 03.04.2013 19:36:04 | Computer Name = Lib-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 06.04.2013 19:16:50 | Computer Name = Lib-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?07.?04.?2013 um 01:15:24 unerwartet heruntergefahren.
 
 
< End of report >
         

Alt 08.04.2013, 18:46   #5
t'john
/// Helfer-Team
 
Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Standard

Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



dann:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
Mfg, t'john
Das TB unterstützen

Alt 08.04.2013, 19:13   #6
2ndSkin
 
Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Standard

Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)



Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 08/04/2013 um 19:10:52 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Lib - LIB-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Lib\Desktop\adwcleaner(1).exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Application Updater

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Lib\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\foxydeal.sqlite
Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Lib\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Lib\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Lib\AppData\Roaming\dvdvideosoftiehelpers

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16521

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0 (de)

Datei : C:\Users\Lib\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\prefs.js

C:\Users\Lib\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.43

Datei : C:\Users\Lib\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.31] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.34] : keyword = "ask.com",
Gelöscht [l.37] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=9C[...]
Gelöscht [l.38] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]

-\\ Chromium v    _signature: Lq+GIOttuPL1Nhj9vfTaSdi+0SwTRL2s/jdIZJpAO5Q=

Datei : C:\Users\Lib\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

-\\ Opera v [Version kann nicht ermittelt werden]

Datei : C:\Users\Lib\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [12071 octets] - [16/07/2012 22:13:03]
AdwCleaner[R2].txt - [1447 octets] - [10/09/2012 18:08:02]
AdwCleaner[R3].txt - [1507 octets] - [10/09/2012 18:49:33]
AdwCleaner[R4].txt - [2308 octets] - [05/10/2012 00:17:14]
AdwCleaner[S1].txt - [12243 octets] - [16/07/2012 22:36:44]
AdwCleaner[S2].txt - [2129 octets] - [10/09/2012 21:31:58]
AdwCleaner[S3].txt - [3295 octets] - [08/04/2013 19:10:52]

########## EOF - C:\AdwCleaner[S3].txt - [3355 octets] ##########
         
Bitdefender lässt sich nicht so leicht ausschalten. Ich habe alle Module deaktiviert und hoffe das reicht!?

Geändert von 2ndSkin (08.04.2013 um 19:17 Uhr) Grund: Zusatzinfo Virenscanner

Alt 08.04.2013, 20:37   #7
t'john
/// Helfer-Team
 
Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Standard

Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)



Werden wir sehen, lass laufen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 08.04.2013, 21:24   #8
2ndSkin
 
Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Standard

Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)



So. Combofix hat natürlich gemeckert wegen des Echtzeitschutzes. Und nun erstellt er seit einer Stunde das logfile... was soll ich machen?

Und es starten bei Neustart die Autostartprogramme. Verursacht das Probleme?

Es hängt immer noch bei der LogFileerstellung. Noch mal starten? Ich kann den Rechner leider nicht über Nacht anlassen....

Geändert von 2ndSkin (08.04.2013 um 21:30 Uhr)

Alt 09.04.2013, 14:57   #9
t'john
/// Helfer-Team
 
Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Standard

Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)



Dann deinstalliere Bitdefender.
__________________
Mfg, t'john
Das TB unterstützen

Alt 09.04.2013, 15:01   #10
2ndSkin
 
Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Standard

Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)



Zitat:
Zitat von t'john Beitrag anzeigen
Dann deinstalliere Bitdefender.
....und dann noch mal combofix laufen lassen!?

Alt 09.04.2013, 15:24   #11
t'john
/// Helfer-Team
 
Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Standard

Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)



richtig.
__________________
Mfg, t'john
Das TB unterstützen

Alt 09.04.2013, 17:49   #12
2ndSkin
 
Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Standard

Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)



Code:
ATTFilter
ComboFix 13-04-09.01 - Lib 09.04.2013  17:34:20.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8159.6698 [GMT 2:00]
ausgeführt von:: c:\users\Lib\Desktop\ComboFix.exe
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1365514271.4812.bin
c:\programdata\1365514271.4820.bin
c:\programdata\1365514271.6472.bin
c:\programdata\1365514271.7152.bin
c:\programdata\1365521285.bdinstall.bin
.
---- Vorheriger Suchlauf -------
.
c:\programdata\1360199155.bdinstall.bin
C:\STF5C75.tmp
c:\users\Lib\AppData\Local\Temp\_MEI20682\_ctypes.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\_elementtree.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\_hashlib.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\_socket.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\_ssl.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\pyexpat.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\pysqlite2._sqlite.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\python27.dll
c:\users\Lib\AppData\Local\Temp\_MEI20682\pythoncom27.dll
c:\users\Lib\AppData\Local\Temp\_MEI20682\PyWinTypes27.dll
c:\users\Lib\AppData\Local\Temp\_MEI20682\select.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\unicodedata.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\win32api.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\win32com.shell.shell.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\win32crypt.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\win32event.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\win32file.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\win32inet.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\win32pdh.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\win32process.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\win32profile.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\win32security.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\win32ts.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\windows._cacheinvalidation.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\wx._controls_.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\wx._core_.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\wx._gdi_.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\wx._html2.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\wx._misc_.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\wx._windows_.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\wx._wizard.pyd
c:\users\Lib\AppData\Local\Temp\_MEI20682\wxbase294u_net_vc90.dll
c:\users\Lib\AppData\Local\Temp\_MEI20682\wxbase294u_vc90.dll
c:\users\Lib\AppData\Local\Temp\_MEI20682\wxmsw294u_adv_vc90.dll
c:\users\Lib\AppData\Local\Temp\_MEI20682\wxmsw294u_core_vc90.dll
c:\users\Lib\AppData\Local\Temp\_MEI20682\wxmsw294u_html_vc90.dll
c:\users\Lib\AppData\Local\Temp\_MEI20682\wxmsw294u_webview_vc90.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-09 bis 2013-04-09  ))))))))))))))))))))))))))))))
.
.
2013-04-09 15:37 . 2013-04-09 15:37	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-09 15:37 . 2013-04-09 15:37	--------	d-----w-	c:\users\Public\AppData\Local\temp
2013-04-09 15:37 . 2013-04-09 15:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-09 15:37 . 2013-04-09 15:37	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2013-04-01 19:24 . 2013-04-01 19:24	--------	d-----w-	c:\program files\DivX
2013-04-01 19:24 . 2013-04-01 19:24	--------	d-----w-	c:\program files (x86)\Common Files\DivX Shared
2013-04-01 19:23 . 2013-04-01 19:24	--------	d-----w-	c:\program files (x86)\DivX
2013-04-01 19:23 . 2013-04-01 19:24	--------	d-----w-	c:\programdata\DivX
2013-03-28 19:34 . 2013-03-28 19:34	893552	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-03-28 19:33 . 2013-03-28 19:33	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-03-28 19:33 . 2013-03-28 19:33	1236816	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-25 20:39 . 2013-03-25 20:39	4546560	----a-w-	c:\windows\SysWow64\GPhotos.scr
2013-03-23 01:09 . 2013-03-23 01:09	354656	----a-w-	c:\windows\SysWow64\DivXControlPanelApplet.cpl
2013-03-19 02:08 . 2013-03-19 02:08	0	----a-w-	c:\windows\SysWow64\FAP4123.tmp
2013-03-19 01:17 . 2013-03-19 01:17	0	----a-w-	c:\windows\SysWow64\FAPBDDE.tmp
2013-03-19 01:17 . 2013-03-19 01:17	0	----a-w-	c:\windows\SysWow64\FAP8281.tmp
2013-03-19 01:17 . 2013-03-19 01:17	0	----a-w-	c:\windows\SysWow64\FAP71DD.tmp
2013-03-19 01:17 . 2013-03-19 01:17	0	----a-w-	c:\windows\SysWow64\FAP634A.tmp
2013-03-19 01:16 . 2013-03-19 01:16	0	----a-w-	c:\windows\SysWow64\FAPEB8A.tmp
2013-03-19 01:16 . 2013-03-19 01:16	0	----a-w-	c:\windows\SysWow64\FAPEA60.tmp
2013-03-19 01:16 . 2013-03-19 01:16	0	----a-w-	c:\windows\SysWow64\FAPEA3E.tmp
2013-03-19 01:15 . 2013-03-19 01:15	0	----a-w-	c:\windows\SysWow64\FAP9663.tmp
2013-03-19 01:15 . 2013-03-19 01:15	0	----a-w-	c:\windows\SysWow64\FAP945E.tmp
2013-03-19 01:09 . 2013-03-19 01:09	0	----a-w-	c:\windows\SysWow64\FAP9ED7.tmp
2013-03-19 01:09 . 2013-03-19 01:09	0	----a-w-	c:\windows\SysWow64\FAP9DCC.tmp
2013-03-19 01:07 . 2013-03-19 01:07	0	----a-w-	c:\windows\SysWow64\FAPA1A1.tmp
2013-03-19 01:07 . 2013-03-19 01:07	0	----a-w-	c:\windows\SysWow64\FAPA009.tmp
2013-03-19 01:07 . 2013-03-19 01:07	0	----a-w-	c:\windows\SysWow64\FAP5513.tmp
2013-03-19 01:07 . 2013-03-19 01:07	0	----a-w-	c:\windows\SysWow64\FAP5446.tmp
2013-03-19 01:07 . 2013-03-19 01:07	0	----a-w-	c:\windows\SysWow64\FAP52CE.tmp
2013-03-19 01:07 . 2013-03-19 01:07	0	----a-w-	c:\windows\SysWow64\FAP51A3.tmp
2013-03-19 01:07 . 2013-03-19 01:07	0	----a-w-	c:\windows\SysWow64\FAP4EB4.tmp
2013-03-19 01:04 . 2013-03-19 01:04	0	----a-w-	c:\windows\SysWow64\FAP1951.tmp
2013-03-19 01:04 . 2013-03-19 01:04	0	----a-w-	c:\windows\SysWow64\FAP174C.tmp
2013-03-19 01:04 . 2013-03-19 01:04	0	----a-w-	c:\windows\SysWow64\FAP172B.tmp
2013-03-19 01:01 . 2013-03-19 01:01	0	----a-w-	c:\windows\SysWow64\FAP5CDF.tmp
2013-03-19 01:01 . 2013-03-19 01:01	0	----a-w-	c:\windows\SysWow64\FAP4C3A.tmp
2013-03-19 00:50 . 2013-03-19 00:50	0	----a-w-	c:\windows\SysWow64\FAPA68.tmp
2013-03-19 00:50 . 2013-03-19 00:50	0	----a-w-	c:\windows\SysWow64\FAP509.tmp
2013-03-19 00:50 . 2013-03-19 00:50	0	----a-w-	c:\windows\SysWow64\FAPE538.tmp
2013-03-19 00:50 . 2013-03-19 00:50	0	----a-w-	c:\windows\SysWow64\FAPE0A4.tmp
2013-03-19 00:50 . 2013-03-19 00:50	0	----a-w-	c:\windows\SysWow64\FAPCF92.tmp
2013-03-19 00:50 . 2013-03-19 00:50	0	----a-w-	c:\windows\SysWow64\FAPCF32.tmp
2013-03-19 00:50 . 2013-03-19 00:50	0	----a-w-	c:\windows\SysWow64\FAPC429.tmp
2013-03-19 00:50 . 2013-03-19 00:50	0	----a-w-	c:\windows\SysWow64\FAPC39A.tmp
2013-03-19 00:50 . 2013-03-19 00:50	0	----a-w-	c:\windows\SysWow64\FAPAB77.tmp
2013-03-19 00:50 . 2013-03-19 00:50	0	----a-w-	c:\windows\SysWow64\FAPA80B.tmp
2013-03-19 00:49 . 2013-03-19 00:49	0	----a-w-	c:\windows\SysWow64\FAP8119.tmp
2013-03-19 00:49 . 2013-03-19 00:49	0	----a-w-	c:\windows\SysWow64\FAP809A.tmp
2013-03-19 00:49 . 2013-03-19 00:49	0	----a-w-	c:\windows\SysWow64\FAP7F60.tmp
2013-03-19 00:19 . 2013-03-19 00:19	0	----a-w-	c:\windows\SysWow64\FAPFC3A.tmp
2013-03-19 00:19 . 2013-03-19 00:19	0	----a-w-	c:\windows\SysWow64\FAPEB95.tmp
2013-03-19 00:19 . 2013-03-19 00:19	0	----a-w-	c:\windows\SysWow64\FAPDAD1.tmp
2013-03-19 00:19 . 2013-03-19 00:19	0	----a-w-	c:\windows\SysWow64\FAPD8AD.tmp
2013-03-19 00:16 . 2013-03-19 00:16	0	----a-w-	c:\windows\SysWow64\FAP2C85.tmp
2013-03-19 00:16 . 2013-03-19 00:16	0	----a-w-	c:\windows\SysWow64\FAP2C35.tmp
2013-03-19 00:16 . 2013-03-19 00:16	0	----a-w-	c:\windows\SysWow64\FAP2C13.tmp
2013-03-19 00:16 . 2013-03-19 00:16	0	----a-w-	c:\windows\SysWow64\FAP21D5.tmp
2013-03-19 00:16 . 2013-03-19 00:16	0	----a-w-	c:\windows\SysWow64\FAP2175.tmp
2013-03-19 00:16 . 2013-03-19 00:16	0	----a-w-	c:\windows\SysWow64\FAP2154.tmp
2013-03-19 00:10 . 2013-03-19 00:10	0	----a-w-	c:\windows\SysWow64\FAPE490.tmp
2013-03-19 00:10 . 2013-03-19 00:10	0	----a-w-	c:\windows\SysWow64\FAPE395.tmp
2013-03-19 00:10 . 2013-03-19 00:10	0	----a-w-	c:\windows\SysWow64\FAPD4B4.tmp
2013-03-19 00:10 . 2013-03-19 00:10	0	----a-w-	c:\windows\SysWow64\FAPD455.tmp
2013-03-19 00:10 . 2013-03-19 00:10	0	----a-w-	c:\windows\SysWow64\FAPD443.tmp
2013-03-19 00:08 . 2013-03-19 00:08	0	----a-w-	c:\windows\SysWow64\FAPF3A3.tmp
2013-03-19 00:08 . 2013-03-19 00:08	0	----a-w-	c:\windows\SysWow64\FAPF2C7.tmp
2013-03-19 00:08 . 2013-03-19 00:08	0	----a-w-	c:\windows\SysWow64\FAPE0CB.tmp
2013-03-19 00:08 . 2013-03-19 00:08	0	----a-w-	c:\windows\SysWow64\FAPE05C.tmp
2013-03-19 00:08 . 2013-03-19 00:08	0	----a-w-	c:\windows\SysWow64\FAPE04A.tmp
2013-03-19 00:05 . 2013-03-19 00:05	0	----a-w-	c:\windows\SysWow64\FAPE40F.tmp
2013-03-19 00:05 . 2013-03-19 00:05	0	----a-w-	c:\windows\SysWow64\FAPE313.tmp
2013-03-19 00:04 . 2013-03-19 00:04	0	----a-w-	c:\windows\SysWow64\FAP3DED.tmp
2013-03-19 00:04 . 2013-03-19 00:04	0	----a-w-	c:\windows\SysWow64\FAP3D8E.tmp
2013-03-19 00:04 . 2013-03-19 00:04	0	----a-w-	c:\windows\SysWow64\FAP3D7C.tmp
2013-03-18 23:56 . 2013-03-18 23:56	0	----a-w-	c:\windows\SysWow64\FAP1236.tmp
2013-03-18 23:56 . 2013-03-18 23:56	0	----a-w-	c:\windows\SysWow64\FAP112B.tmp
2013-03-18 23:51 . 2013-03-18 23:51	0	----a-w-	c:\windows\SysWow64\FAP2287.tmp
2013-03-18 23:51 . 2013-03-18 23:51	0	----a-w-	c:\windows\SysWow64\FAP218B.tmp
2013-03-18 23:51 . 2013-03-18 23:51	0	----a-w-	c:\windows\SysWow64\FAPD32B.tmp
2013-03-18 23:51 . 2013-03-18 23:51	0	----a-w-	c:\windows\SysWow64\FAPC499.tmp
2013-03-18 23:50 . 2013-03-18 23:50	0	----a-w-	c:\windows\SysWow64\FAPED0.tmp
2013-03-18 23:50 . 2013-03-18 23:50	0	----a-w-	c:\windows\SysWow64\FAPE80.tmp
2013-03-18 23:50 . 2013-03-18 23:50	0	----a-w-	c:\windows\SysWow64\FAPE6E.tmp
2013-03-18 23:50 . 2013-03-18 23:50	0	----a-w-	c:\windows\SysWow64\FAPE5C.tmp
2013-03-18 23:50 . 2013-03-18 23:50	0	----a-w-	c:\windows\SysWow64\FAPF168.tmp
2013-03-18 23:49 . 2013-03-18 23:49	0	----a-w-	c:\windows\SysWow64\FAP151C.tmp
2013-03-18 23:49 . 2013-03-18 23:49	0	----a-w-	c:\windows\SysWow64\FAP81F.tmp
2013-03-14 21:07 . 2013-03-14 21:07	559904	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2013-03-13 00:13 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023x.sys
2013-03-13 00:13 . 2013-02-12 04:12	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
2013-03-12 17:30 . 2013-03-12 17:30	--------	d-----w-	c:\program files (x86)\IObit Apps Toolbar
2013-03-12 16:43 . 2013-03-12 16:44	--------	d-----w-	c:\programdata\Battle.net
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 05:53 . 2012-02-23 20:03	1118776	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-03-15 05:53 . 2012-02-17 17:16	2864144	----a-w-	c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2011-05-21 05:01	2539128	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2011-05-21 05:01	15508512	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-03-15 05:53 . 2011-05-21 05:01	13088000	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-03-15 04:16 . 2011-01-20 18:25	3477280	----a-w-	c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2011-01-20 18:26	6398240	----a-w-	c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2011-01-20 18:26	877856	----a-w-	c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2011-01-20 18:26	63776	----a-w-	c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2011-01-20 18:26	237856	----a-w-	c:\windows\system32\nvmctray.dll
2013-03-15 04:16 . 2011-01-20 18:26	2555680	----a-w-	c:\windows\system32\nvsvcr.dll
2013-03-14 09:50 . 2012-03-31 23:34	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-14 09:50 . 2012-02-18 01:04	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 16:24 . 2012-02-23 20:04	3065455	----a-w-	c:\windows\system32\nvcoproc.bin
2013-03-13 00:18 . 2012-02-17 17:50	72013344	----a-w-	c:\windows\system32\MRT.exe
2013-02-19 16:45 . 2012-02-19 21:54	3325720	----a-w-	c:\windows\RXSUnins.exe
2013-02-19 16:45 . 2012-02-19 21:54	3325720	----a-w-	c:\windows\RXCUnins.exe
2013-02-13 21:53 . 2013-02-13 16:45	419840	----a-w-	c:\windows\system32\wrap_oal.dll
2013-02-13 21:53 . 2013-02-13 16:45	413696	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2013-02-13 21:53 . 2013-02-13 16:45	111616	----a-w-	c:\windows\system32\OpenAL32.dll
2013-02-13 21:53 . 2013-02-13 16:45	102400	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2013-02-13 21:40 . 2012-07-10 23:18	947440	----a-w-	c:\windows\PE_Rom.dll
2013-02-12 05:45 . 2013-03-13 00:13	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 00:13	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 00:13	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 00:13	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 00:13	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 00:13	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-10 03:25 . 2013-02-19 22:38	1807136	----a-w-	c:\windows\system32\nvdispco6420294.dll
2013-02-10 03:25 . 2013-02-19 22:38	1510176	----a-w-	c:\windows\system32\nvdispgenco6420162.dll
2013-02-06 22:27 . 2013-02-06 22:27	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-02-06 22:27 . 2012-07-17 00:07	861088	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-02-06 22:27 . 2012-02-18 01:33	782240	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-01-31 23:00 . 2013-01-31 23:00	664448	----a-r-	c:\users\Lib\AppData\Roaming\Microsoft\Installer\{9A766E33-BB01-480F-ABFC-424B8AC11212}\Icon.exe
2013-01-30 22:35 . 2013-01-26 14:33	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-01-30 22:35 . 2013-01-30 22:35	281392	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-01-30 22:35 . 2013-01-26 14:33	281392	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-01-26 14:33 . 2013-01-26 14:33	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-01-26 12:07 . 2013-01-26 14:33	3123272	----a-w-	c:\windows\SysWow64\pbsvc.exe
2013-01-15 17:49 . 2012-12-05 01:51	26432	----a-w-	c:\windows\system32\RegistryDefragBootTime.exe
2013-01-13 21:17 . 2013-02-27 11:03	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 11:03	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 11:03	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 11:03	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 11:03	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 11:03	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 11:03	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 11:03	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 11:03	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 11:03	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 11:03	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 11:03	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 11:03	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 11:03	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 11:03	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 11:03	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 11:03	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 11:03	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 11:03	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 11:03	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 11:03	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 11:03	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 11:03	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 11:03	1504768	----a-w-	c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 11:03	1643520	----a-w-	c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 11:03	1175552	----a-w-	c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 11:03	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 11:03	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 11:03	187392	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 11:03	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 11:03	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 11:03	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 11:03	1080832	----a-w-	c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 11:03	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 11:03	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 11:03	1887232	----a-w-	c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 11:03	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 11:02	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 11:03	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 11:03	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 11:03	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 11:03	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 11:03	1238528	----a-w-	c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 11:03	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 11:03	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 11:03	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 11:03	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 11:03	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 11:03	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 11:03	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 11:03	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-01-13 00:57 . 2012-09-02 23:09	959976	----a-w-	c:\windows\system32\deployJava1.dll
2013-01-13 00:57 . 2012-09-02 23:09	1081320	----a-w-	c:\windows\system32\npDeployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll" [2013-02-23 1352512]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
2013-02-23 18:17	1352512	----a-w-	c:\program files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll" [2013-02-23 1352512]
.
[HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay-cbfs4]
@="{B5A9DE27-7D62-4EA7-9B31-3D92B7A45A39}"
[HKEY_CLASSES_ROOT\CLSID\{B5A9DE27-7D62-4EA7-9B31-3D92B7A45A39}]
2012-12-24 18:38	170344	----a-w-	c:\windows\SysWOW64\cbfsMntNtf4.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"Arvo"="f:\program files (x86)\ROCCAT\Arvo Keyboard\ArvoHID.EXE" [2009-09-01 172032]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 6"="l:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{694DED0F-89D5-4464-89B7-76CC5AE9D7D8}"= "c:\windows\SysWOW64\cbfsMntNtf4.dll" [2012-12-24 170344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator-cbfs4"= {694DED0F-89D5-4464-89B7-76CC5AE9D7D8} - c:\windows\SysWOW64\cbfsMntNtf4.dll [2012-12-24 170344]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="f:\program files (x86)\iTunes\iTunesHelper.exe"
"DNS7reminder"="e:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "c:\programdata\Nuance\NaturallySpeaking11\Ereg.ini"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"PDFPrint"=c:\program files (x86)\PDF24\pdf24.exe
"Malwarebytes' Anti-Malware"="f:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;f:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-07-05 14448]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;l:\program files\SiSoftware\SiSoftware Sandra Lite 2012.SP5c\RpcAgentSrv.exe [2008-12-07 68760]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-07-25 1326176]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904]
R4 HiPatchService;Hi-Rez Studios Authenticate and Update Service;g:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-06-19 8704]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 cbfs4;cbfs4;c:\windows\system32\drivers\cbfs4.sys [2012-12-24 375640]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;l:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-06-13 922240]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2010-12-02 915584]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2010-10-21 586880]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-05 296808]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]
S2 MBAMScheduler;MBAMScheduler;f:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 Radio.fx;Radio.fx Server;e:\tobit radio.fx\Server\rfx-server.exe [2013-02-22 3818776]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-07-25 681056]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
S2 TomTomHOMEService;TomTomHOMEService;e:\tom\TomTom HOME 2\TomTomHOMEService.exe [2012-06-21 92632]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 ArvoFltr;ROCCAT Arvo;c:\windows\system32\drivers\ArvoFltr.sys [2009-05-06 15872]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 401896]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [2011-03-10 2725376]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-03-29 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-01 22:54	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 09:50]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 17:40]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 17:40]
.
2013-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3269441660-1231751284-1862436623-1000Core.job
- c:\users\Lib\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-14 20:28]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3269441660-1231751284-1862436623-1000UA.job
- c:\users\Lib\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-14 20:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay-cbfs4]
@="{B5A9DE27-7D62-4EA7-9B31-3D92B7A45A39}"
[HKEY_CLASSES_ROOT\CLSID\{B5A9DE27-7D62-4EA7-9B31-3D92B7A45A39}]
2012-12-24 18:39	197992	----a-w-	c:\windows\System32\cbfsMntNtf4.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-03-07 15:31	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-03-07 15:31	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-03-07 15:31	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-03-07 15:31	776144	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{694DED0F-89D5-4464-89B7-76CC5AE9D7D8}"= "c:\windows\system32\cbfsMntNtf4.dll" [2012-12-24 197992]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - f:\icq\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lib\AppData\Roaming\Mozilla\Firefox\Profiles\fg4op894.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.ftp - 178.33.34.48
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 178.33.34.48
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 178.33.34.48
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 178.33.34.48
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-04-01 21:24; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; c:\program files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
SSODL-EldosMountNotificator-cbfs4    REG_SZ    {694DED0F-89D5-4464-89B7-76CC5AE9D7D8}- - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
   8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:68,fe,6f,fd,03,ac,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,20,5b,81,dc,2c,f8,4b,a5,df,9d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,18,20,5b,81,dc,2c,f8,4b,a5,df,9d,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-09  17:38:46
ComboFix-quarantined-files.txt  2013-04-09 15:38
.
Vor Suchlauf: 11 Verzeichnis(se), 60.221.464.576 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 60.130.873.344 Bytes frei
.
- - End Of File - - 37902CDF419E40124D0F151D43871E40
         
(Momentan gibt es Fehler beim Ansprechen von Geräten...)

Alt 09.04.2013, 18:03   #13
t'john
/// Helfer-Team
 
Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Standard

Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)



Sehr gut!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Mfg, t'john
Das TB unterstützen

Alt 09.04.2013, 18:16   #14
2ndSkin
 
Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Standard

Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)



asw:

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-09 18:08:59
-----------------------------
18:08:59.278    OS Version: Windows x64 6.1.7601 Service Pack 1
18:08:59.278    Number of processors: 4 586 0x2A07
18:08:59.279    ComputerName: LIB-PC  UserName: Lib
18:08:59.452    Initialize success
18:12:45.982    AVAST engine defs: 13040900
18:13:08.166    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:13:08.168    Disk 0 Vendor: OCZ-VERT 2.15 Size: 114473MB BusType: 3
18:13:08.169    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
18:13:08.169    Disk 1 Vendor: ST310005 JC4B Size: 953869MB BusType: 3
18:13:08.170    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IAAStorageDevice-3
18:13:08.171    Disk 2 Vendor: SAMSUNG_ CT10 Size: 381554MB BusType: 3
18:13:08.181    Disk 0 MBR read successfully
18:13:08.183    Disk 0 MBR scan
18:13:08.185    Disk 0 Windows 7 default MBR code
18:13:08.186    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
18:13:08.189    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       114371 MB offset 206848
18:13:08.200    Disk 0 scanning C:\Windows\system32\drivers
18:13:10.236    Service scanning
18:13:15.293    Modules scanning
18:13:15.298    Disk 0 trace - called modules:
18:13:15.302    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
18:13:15.305    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009972060]
18:13:15.307    3 CLASSPNP.SYS[fffff88001d4843f] -> nt!IofCallDriver -> [0xfffffa80071ccd10]
18:13:15.310    5 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008776050]
18:13:15.498    AVAST engine scan C:\Windows
18:13:16.300    AVAST engine scan C:\Windows\system32
18:14:01.348    AVAST engine scan C:\Windows\system32\drivers
18:14:03.862    AVAST engine scan C:\Users\Lib
18:14:41.781    AVAST engine scan C:\ProgramData
18:14:50.015    Scan finished successfully
18:15:28.534    Disk 0 MBR has been saved successfully to "C:\Users\Lib\Desktop\MBR.dat"
18:15:28.537    The log file has been saved successfully to "C:\Users\Lib\Desktop\aswMBR.txt"
         
ESET

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=af8cc3d51d08134ba8a9cea519fe7f1f
# engine=13569
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-08 01:35:14
# local_time=2013-04-08 03:35:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 35531694 117014764 0 0
# scanned=7264
# found=0
# cleaned=0
# scan_time=2022
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=af8cc3d51d08134ba8a9cea519fe7f1f
# engine=13583
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-09 08:06:07
# local_time=2013-04-09 10:06:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1023 16777215 0 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 15913 117167817 0 0
# scanned=579581
# found=6
# cleaned=0
# scan_time=13573
sh=42C54DE5A77E24A6810DC5443D9907FA6DB54117 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Lib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\324c9e18-22406366"
sh=DB05BB119BE0111DE3B0DADE8A64FBF9F10F37D6 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Lib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\6da2093c-6ccfef37"
sh=1BDFAC7CB7A8023E660B12665FB6C0E8F0A2EF03 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Lib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\7f2080fc-68f6adee"
sh=7B3A958E7CC1F493DF6C7271E02AFF1C6F0075EC ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\Lib\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\46e8733f-45bd9950"
sh=57D1DF254B8B9E9AA923382ADBE77E5B047D4C8A ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\LIB-PC\Backup Set 2013-02-13 193602\Backup Files 2013-02-13 193602\Backup files 30.zip"
sh=F3B621B96C3BEB3D033F09A4DFC707C424FC7D00 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="H:\LIB-PC\Backup Set 2013-02-13 193602\Backup Files 2013-02-13 193602\Backup files 31.zip"
         
6 Bedrohungen (wohl in alten Backups)

Security

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 Secunia PSI (3.0.0.3001)   
 Malwarebytes Anti-Malware Version 1.70.0.1100  
 HijackThis 2.0.2    
 TuneUp Utilities 2012   
 TuneUp Utilities Language Pack (de-DE) 
 Java 7 Update 13  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (20.0) 
 Mozilla Thunderbird (17.0.5) 
 Google Chrome 25.0.1364.172  
 Google Chrome 26.0.1410.43  
````````Process Check: objlist.exe by Laurent````````  
 IObit IObit Malware Fighter IMFsrv.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 10.04.2013, 01:00   #15
t'john
/// Helfer-Team
 
Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Standard

Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)



Aktualisiere:

Adobe Reader: Adobe Reader - Download - Filepony (Alternativen: PDF Tools)
Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die .exe-Datei
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 17 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html

Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck


Hinweis: Registry Cleaner

Ich sehe, dass du sogenannte Registry Cleaner installiert hast.
In deinem Fall TuneUp Utilities 2012.

Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab.

Der Grund ist ganz einfach:
Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler.
Zerstörst du die Registry, zerstörst du Windows.

Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich.

Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über
Start --> Systemsteuerung --> Software (bei Windows XP)
Start --> Systemsteuerung --> Programme und Funktionen (bei Vista / Win 7)
zu deinstallieren.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)
bitdefender, defender, entdeck, freue, fund, malwarebytes, scan, schädlinge, säuberung, troja, trojan.malware.packer.egx1, trojan.sirefef.of, würde



Ähnliche Themen: Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)


  1. Trojan:Win32/Sirefef.AB und Trojan:Win64/Sirefef.P entfernen!
    Log-Analyse und Auswertung - 10.12.2013 (22)
  2. Trojan:Win32/Sirefef.AB und Trojan:Win64/Sirefef.P entfernen!
    Log-Analyse und Auswertung - 02.08.2013 (14)
  3. AVIRA-Fund: ADWARE/YONTOO.GEN2 und ESET-Fund: Win32/StartPage.OPH trojan
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (12)
  4. Bitdefender deaktiviert sich nach Trojaner-Fund VERSUCH Nr. 2!
    Plagegeister aller Art und deren Bekämpfung - 28.02.2013 (2)
  5. Trojan.Phex.THAGen9 + Trojan.0Access + Sirefef.AH + Sirefef.AL
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (3)
  6. Virusbefall (Trojan.Generic, Trojan.Sirefef, Win64.Sirefef, Win32.Atraps) bei windows installer & Co
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (19)
  7. Spam mails vom computer? Trojan.sirefef, Trojan.dropper, trojan.small, etc.etc.
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (13)
  8. Hilfe! Trojan.Small; Trojan.Sirefef; Rootkit.0Access; Trojan.Atraps.Gen2 auf meinem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (11)
  9. Trojan.Sirefef.FR (Bitdefender Internet Sec. 2012 sagt "Datei beim Computerstart entfernt)
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (24)
  10. Trojan:Win32/Win64/Sirefef; Trojan:Win32/Conedex und Trojandropper:Win32/Sirefef
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (11)
  11. Minütiger Fund von Antivir: TR/Sirefef.BP.1 wurde gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.03.2012 (32)
  12. Antivira Fund TR/Sirefef.BP.1
    Plagegeister aller Art und deren Bekämpfung - 08.03.2012 (2)
  13. AntiVir meldet immer wieder den Fund von TR/Sirefef.BP.1
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (9)
  14. Trojan:Win64/Sirefef.K + .../Sirefef.D + .../Sirefef.E
    Log-Analyse und Auswertung - 13.01.2012 (15)
  15. Trojan:Win64/Sirefef.K, Sirefef.E und Sirefef.D kommen immer wieder
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (1)
  16. Trojan:Win64/Sirefef.K & Sirefef.D & Sirefef.E
    Log-Analyse und Auswertung - 02.01.2012 (6)
  17. Gen: Trojan.Heur.GM.01E0000002 und Trojan.Generic.4033639 von BitDefender Internet Security 2011 gef
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (1)

Zum Thema Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) - Mein Bitdefender hat o.g. Schädlinge entdeckt. Nun habe ich einen Scan mit Malwarebytes gemacht und würde mich über Hilfe bei der Säuberung freuen. Danke. Code: Alles auswählen Aufklappen ATTFilter Malwarebytes - Fund MIDAS 3 und trojan.sirefef.of (Bitdefender)...
Archiv
Du betrachtest: Fund MIDAS 3 und trojan.sirefef.of (Bitdefender) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.